WUAUCLT.EXE
WOWEXEL.EXE
POI O FATTO UNA SCANSIONE PER PRECAUZIONE CON UN TOOLS PER RIMUOVERE COOLWEBSARCH,E,MI SONO RITROVATO UN FILE CHE NON RICORDO IL NOME IN MSCONFIG CHE SI E RIMOSSO AUTOMATICAMENTE SENZA CHE ABBIA IL TEMPO DI VEDERE CHE COSE E.
COMUNQUE HO FATTO UN RAPPORTO,QUALCUNO POTREBBE DIRMI DI COSA SI TRATTA.GRAZIE ANTICIPATAMENTE.
*** Run Keys ****
RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
RUN: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
RUN: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
**** Browser Helper Objects ****
BHO: [Yahoo! Toolbar Helper] C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: [Adobe PDF Reader Link Helper] C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [SSVHelper Class] C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
**** IE Toolbars ****
TOOLBAR: [Yahoo! Toolbar] C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
**** IE Extensions ****
IEExt: [Web Browser Applet Control] C:\WINDOWS\system32\msjava.dll
IEExt: [Ricerche] C:\WINDOWS\system32\msjava.dll
IEExt: [Organizzatore ricerche] C:\WINDOWS\system32\msjava.dll
IEExt: [Organizzatore ricerche] C:\WINDOWS\system32\msjava.dll
IEExt: [Messenger] C:\Programmi\Messenger\msmsgs.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page: http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Local Page: C:\WINDOWS\system32\blank.htm
**** IE Context Menu (Right click) ****
IEContext: [E&sporta in Microsoft Excel] res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1056BF21-EE1A-4D61-A618-A08CCB604210}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1056BF21-EE1A-4D61-A618-A08CCB604210}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F61121A9-2F21-44AC-8630-B01F4513542A}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F61121A9-2F21-44AC-8630-B01F4513542A}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D64E43EC-1140-4EF0-937B-6C3EADBA2FEE}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D64E43EC-1140-4EF0-937B-6C3EADBA2FEE}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE2B2A82-FD36-4802-91DF-CB24232B7E72}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE2B2A82-FD36-4802-91DF-CB24232B7E72}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70603879-B9B9-4984-A3ED-82EFEA15E83F}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70603879-B9B9-4984-A3ED-82EFEA15E83F}] DATAGRAM 4
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[Ati HotKey Poller] %SystemRoot%\System32\Ati2evxx.exe
[ATI Smart] C:\WINDOWS\system32\ati2sgag.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[Crypkey License] crypserv.exe
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[kavsvc] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[MDM] "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[ose] "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SoundMAX Agent Service (default)] C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{DCF2B123-7FB9-4526-AFE1-364A00F55295}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemRoot%\System32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
**** Custom IE Search Items ****
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.google.it/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] no
IEOPT: [AutoSearch]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [FormSuggest Passwords] no
IEOPT: [FormSuggest PW Ask] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Show image placeholders]
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NoWebJITSetup]
IEOPT: [UseThemes]
IEOPT: [Page_Transitions]
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Force Offscreen Composition]
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [AllowWindowReuse]
IEOPT: [SmoothScroll]
IEOPT: [Print_Background] no
IEOPT: [LastCheckedHi]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [First Home Page] http://www.microsoft.com/isapi/redir.dl ... date&O1=b1
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Check_Associations] no