Accedi per seguire   
Seguaci 0
melyssa

Winyou.Exe

40 messaggi in questa discussione

Anche io ho il problema con winyou.exe.

Mi si avvia da solo ogni volta che uso il pc anche se ho cancellato la cartella dentro c:\program files (x86)\WinYou

Vi allego il mio combofix log spero possiate aiutarmi

ComboFix 12-10-16.02 - melissa 16/10/2012  14:24:54.1.3 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3071.2128 [GMT 2:00]
Eseguito da: c:\users\melissa\AppData\Local\Opera\Opera	emporary_downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\melissa\AppData\Roaming\inst.exe
c:\users\melissa\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\msstdfmt.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-09-16 al 2012-10-16  )))))))))))))))))))))))))))))))))))
.
.
2012-10-16 12:31 . 2012-10-16 12:33 -------- d-----w- c:\users\melissa\AppData\Local	emp
2012-10-16 12:31 . 2012-10-16 12:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local	emp
2012-10-12 12:01 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-12 12:00 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-12 12:00 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-12 12:00 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32	zres.dll
2012-10-12 12:00 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-12 12:00 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-12 11:59 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-12 11:59 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 15:29 . 2012-10-10 15:30 -------- d-----w- c:\program files\WinYou
2012-09-22 23:10 . 2012-09-25 23:28 -------- d-----w- C:\WingaPoker
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 18:44 . 2012-04-02 15:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 18:44 . 2011-06-18 20:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 19:48 . 2012-09-03 19:48 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-28 18:24 . 2012-06-14 07:20 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-08-07 07:31 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 17:16 . 2012-09-12 14:09 1292144 ----a-w- c:\windows\system32\drivers	cpip.sys
2012-08-22 17:16 . 2012-09-12 14:09 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 14:09 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 14:09 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-05 06:34 . 2012-08-05 06:34 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2012-08-02 16:57 . 2012-09-12 14:08 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-01 12:39 . 2012-08-01 12:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-08-01 12:39 . 2012-08-01 12:40 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-07-18 17:47 . 2012-08-18 11:34 2345984 ----a-w- c:\windows\system32\win32k.sys
2011-07-08 07:44 . 2011-07-16 22:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-22 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GuaTast"="c:\program files\GuaTast\GuaTast.exe" [2012-08-05 354816]
"WinServerControl"="c:\program files\WinServerControl\WinServerControl.exe" [2012-08-05 406016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-19 14:42 136176 ----atw- c:\users\melissa\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuaTast]
2012-08-05 06:34 354816 ----a-w- c:\program files\GuaTast\GuaTast.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 10:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 09:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinServerControl]
2012-08-05 06:34 406016 ----a-w- c:\program files\WinServerControl\WinServerControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinYou]
2012-03-22 16:18 823808 ----a-w- c:\program files\WinYou\WinYou.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers	susbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 WinServiceMY;WinServiceMY;c:\program files\WinServiceMY\WinServiceMY.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:44]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134582593-855539462-1939750873-1001Core.job
- c:\users\melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 14:42]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134582593-855539462-1939750873-1001UA.job
- c:\users\melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 14:42]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ddo.com
Trusted Zone: playspan.com
Trusted Zone: turbine.com
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-HW_OPENEYE_OUC_Chiavetta Internet - c:\program files\Chiavetta Internet\UpdateDog\ouc.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.7\ICQ.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(3720)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe
c:\windows\system32	askhost.exe
c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-10-16  14:37:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-10-16 12:37
.
Pre-Run: 10.020.384.768 byte disponibili
Post-Run: 11.545.018.368 byte disponibili
.
- - End Of File - - C5D89589EBDBF585854D8BAD5E3BE2C6

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao melyssa, perdona la brutalità ma non è opportuno accodarsi a topic "simili".

Dopo l'esecuzione di Combofix hai notato cambiamenti di comportamento?

Per cortesia, scarica ed installa MBAM, aggiornalo, non attivare la modalità demo e procedi ad una scansione completa del sistema, possibilmente scollegata da internet.

Può occorrere molto tempo, quindi per cortesia lascia pure che il pc lavori e se ti propone di pulire qualcosa, consentiglielo. Se ti chiede di riavviare il pc, consenti anche quello.

Cortesemente, infine, allega la scansione di MBAM al tuo prossimo post.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ad ogni avvio mi ritrovo il programma winyou.exe nella lista proccessi attivi. Ho provato a cancellare c:\program files (x86)\WinYou ma ad ogni riavvio me la ritrovo li .

Ho fatto gia una scansione con combofix che vi allego.

Appena torno dall'uni posto la scansione con hijack

ComboFix.txt

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Sia prima che dopo combofix nn ho notato differenza. Il comp nn ha problemi apparte questo winyou che lavora in background e nn so che fa!

Appena torno dall'uni oggi pomeriggio cerco di capire come scaricare MBAM.

Edit ho cercato su google:

E' questo qui percaso? --> http://download.cnet...4-10804572.html

Modificato da melyssa

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Il pc sembra pulito.

Ho usato Google per cercare qualche informazione per WinYou.exe, senza trovarne.

Se non hai comportamenti strani, mi fermerei qui. Altrimenti, potresti tentare con HitMan Pro, per vedere se qualcun altro dei file del tuo PC può essere una minaccia...

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Il comportamento strano è che ogni tanto compare una finestra vuota di questo winyou.

Non potresti aiutarmi a disinstallare questa programma che gira nel mio pc e occupa risorse inutilmente?

Non so come toglierlo! Anche cancellando la cartella dall'hard disk non ha funzionato dato che ritorna da sola.

Legato a quel programma c'è anche GuaTast Me e WinServerControl che sono dello stesso produttore e si avviano in automatico (ho controllato con MsConfig)

Modificato da melyssa

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Li hai presenti in "Programmi e funzionalità"?

Se sì, prova a rimuoverli da lì, intanto...

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Allora prova con HitManPro.

Scarica la versione giusta per il tuo sistema operativo (32 o 64 bit)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

La scansione di hitmanPro è durata solo 3 minuti... Forse ho sbagliato le impostazioni?

HitmanPro 3.6.2.171
www.hitmanpro.com

Computer name . . . . : melissa-PC
Windows . . . . . . . : 6.1.1.7601.X86/3
User name . . . . . . : melissa-PC\melissa
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2012-10-19 11:59:59
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 40s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 13

Objects scanned . . . : 1.358.512
Files scanned . . . . : 43.228
Remnants scanned . . : 425.873 files / 889.411 keys

Miniport ____________________________________________________________________

Primary
DriverObject . . . : 85A994B8
DriverName . . . . : \Driver\nvstor32
DriverPath . . . . : \SystemRoot\system32\DRIVERS\nvstor32.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 8516D1E8 +0
Solution
DriverObject . . . : 85A994B8
DriverName . . . . : \Driver\nvstor32
DriverPath . . . . : \SystemRoot\system32\DRIVERS\nvstor32.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 8B0DE547 \SystemRoot\system32\drivers\storport.sys+34119

Cookies _____________________________________________________________________

C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\FYUOK3WF.txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\U7PW79YJ.txt
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:ads.ookla.com
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:adtech.de
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:atdmt.com
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:content.yieldmanager.com
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:doubleclick.net
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:eas4.emediate.eu
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:serving-sys.com
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:smartadserver.com
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\cookies.sqlite:track.adform.net


Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Idee per togliere di mezzo questo winyou.exe che è veramente fastidioso?

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ho installato la versione revo unistaller pro ma winyou o gli altri processi non compaiono nella lista...

Non ho proprio voglia di formattare il pc

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Melissa

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note

all'interno del documento, copia ed incolla il seguente testo, senza copiare il tag Code:

 
Folder::
c:\program files\WinYou

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinYou]

salva il documento chiamandolo CFScript

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verrà creato un nuovo log combofix.txt, postalo

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ComboFix 12-10-16.02 - melissa 02/11/2012 14:01:16.2.3 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3071.1959 [GMT 1:00]

Eseguito da: c:\users\melissa\AppData\Local\Opera\Opera emporary_downloads\ComboFix.exe

Opzioni usate :: c:\users\melissa\AppData\Local\Opera\Opera emporary_downloads\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\WinYou

c:\program files\WinYou\DirectShowLib-2005.dll

c:\program files\WinYou\ErrCod.etx

c:\program files\WinYou\Ionic.Zip.dll

c:\program files\WinYou\it\Microsoft.VisualBasic.PowerPacks.Vs.resources.dll

c:\program files\WinYou\Microsoft.VisualBasic.PowerPacks.Vs.dll

c:\program files\WinYou\WinYou.exe

c:\windows\system32\bit4ipki.dll.conf

.

.

((((((((((((((((((((((((( Files Creati Da 2012-10-02 al 2012-11-02 )))))))))))))))))))))))))))))))))))

.

.

2012-11-02 13:07 . 2012-11-02 13:07 -------- d-----w- c:\users\melissa\AppData\Local emp

2012-11-02 13:07 . 2012-11-02 13:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local emp

2012-11-02 13:07 . 2012-11-02 13:07 -------- d-----w- c:\users\postgres\AppData\Local emp

2012-11-02 13:07 . 2012-11-02 13:07 -------- d-----w- c:\users\Default\AppData\Local emp

2012-11-01 19:24 . 2012-11-01 19:24 -------- d-----w- c:\users\melissa\AppData\Local\VS Revo Group

2012-11-01 19:24 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-11-01 19:24 . 2012-11-01 19:24 -------- d-----w- c:\program files\VS Revo Group

2012-10-31 19:29 . 2012-10-31 19:29 -------- d-----w- c:\program files\CDisplay

2012-10-29 18:56 . 2012-10-29 18:56 -------- d-----w- c:\users\melissa\AppData\Local\Downloaded Installations

2012-10-27 12:56 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2012-10-27 12:56 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax

2012-10-27 12:56 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll

2012-10-27 12:56 . 2012-10-27 12:56 -------- d-----w- c:\program files\Xvid

2012-10-27 12:48 . 2012-10-27 12:48 -------- d-----w- c:\program files\CamStudio 2.6b

2012-10-27 12:48 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll

2012-10-24 16:05 . 2012-10-24 16:05 -------- d-----w- c:\users\melissa\AppData\Local\Chromium

2012-10-21 09:58 . 2012-10-21 09:58 -------- d-----w- c:\program files\Common Files\Java

2012-10-19 09:59 . 2012-10-19 10:00 -------- d-----w- c:\programdata\HitmanPro

2012-10-18 16:13 . 2012-10-18 16:13 -------- d-----w- c:\users\melissa\AppData\Local\CAPCOM

2012-10-18 15:54 . 2012-10-18 15:54 -------- d-----w- c:\program files\CAPCOM

2012-10-18 15:52 . 2012-10-18 15:52 -------- d-----w- c:\windows\system32\xlive

2012-10-18 15:52 . 2012-10-18 15:53 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2012-10-17 18:04 . 2012-10-17 18:04 -------- d-----w- c:\users\melissa\AppData\Roaming\Malwarebytes

2012-10-17 18:03 . 2012-10-17 18:03 -------- d-----w- c:\programdata\Malwarebytes

2012-10-17 18:03 . 2012-10-17 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-17 18:03 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-12 12:00 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-10-12 12:00 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-12 12:00 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32 zres.dll

2012-10-12 12:00 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-12 12:00 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-10-12 11:59 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-12 11:59 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-08 18:44 . 2012-04-02 15:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-08 18:44 . 2011-06-18 20:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-24 13:32 . 2012-06-14 07:20 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 13:32 . 2011-08-07 07:31 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-03 19:48 . 2012-09-03 19:48 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-08-24 06:59 . 2012-09-22 10:04 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-22 10:04 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-22 10:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 10:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 10:04 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-22 10:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-22 17:16 . 2012-09-12 14:09 1292144 ----a-w- c:\windows\system32\drivers cpip.sys

2012-08-22 17:16 . 2012-09-12 14:09 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 17:16 . 2012-09-12 14:09 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 17:16 . 2012-09-12 14:09 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-05 06:34 . 2012-08-05 06:34 124688 ----a-w- c:\windows\system32\mswinsck.ocx

2011-07-08 07:44 . 2011-07-16 22:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-11-22 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

"GuaTast"="c:\program files\GuaTast\GuaTast.exe" [2012-08-05 354816]

"WinServerControl"="c:\program files\WinServerControl\WinServerControl.exe" [2012-08-05 406016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-09-19 14:42 136176 ----atw- c:\users\melissa\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuaTast]

2012-08-05 06:34 354816 ----a-w- c:\program files\GuaTast\GuaTast.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2011-03-04 10:45 2741616 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2010-12-21 09:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinServerControl]

2012-08-05 06:34 406016 ----a-w- c:\program files\WinServerControl\WinServerControl.exe

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R2 WinServiceMY;WinServiceMY;c:\program files\WinServiceMY\WinServiceMY.exe [x]

R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]

S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:44]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134582593-855539462-1939750873-1001Core.job

- c:\users\melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 14:42]

.

2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134582593-855539462-1939750873-1001UA.job

- c:\users\melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 14:42]

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://it.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: ddo.com

Trusted Zone: playspan.com

Trusted Zone: turbine.com

TCP: DhcpNameServer = 62.101.93.101 83.103.25.250

FF - ProfilePath - c:\users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\

FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]

"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]

"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2012-11-02 14:09:08

ComboFix-quarantined-files.txt 2012-11-02 13:09

ComboFix2.txt 2012-10-16 12:37

.

Pre-Run: 6.783.950.848 byte disponibili

Post-Run: 7.097.839.616 byte disponibili

.

- - End Of File - - 8E00B83060537F70977856E92788FA60

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Melissa

Scarica AdwCleaner by Xplode sul tuo desktop

Chiudere tutti i programmi e le pagine internet aperte.

Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.

Fare clic su Elimina.

Confermare ogni volta con Ok.

Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.

Si prega di inviare il contenuto di tale file di log nela risposta successiva.

È possibile trovare il file di log anche in C:\AdwCleaner [s1] txt ..

Si prega di non allegare i log, fare copia / incolla del loro contenuto

Ancora problemi con winyou? :anna::ciao:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

A corollario di quanto scritto da Mr 4011: si gradisce non poco l'uso del tag "code" per allegare i log, che diventano

  1. distinguibili dal resto del testo scritto dalle persone
  2. più facilmente scorribili, in quanto vengono più compattati rispetto alla discussione.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ecco la scansione fatta con adw cleaner.

Winyou si reinstalla ogni volta da solo anche se ho provato a cancellare le cartelle Winyou e Guatast nella cartella C.\programmi

# AdwCleaner v2.007 - Logfile creato il 08/11/2012 alle 13:39:12
# Aggiornamento 06/11/2012 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Utente : melissa - melissa-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\melissa\AppData\Local\Opera\Opera	emporary_downloads\adwcleaner.exe
# Opzioni [Elimina]

***** [servizi] *****

***** [File / Cartelle] *****
Cartella Eliminato : C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\extensions\staged
***** [Registro] *****
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKLM\Software\Conduit
***** [browser Internet] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registro Pulito.
-\\ Mozilla Firefox v5.0.1 (it)
Nome Profilo : default
File : C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\1xuwrxnr.default\prefs.js
[OK] File Pulito.
-\\ Google Chrome v22.0.1229.94
File : C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File Pulito.
-\\ Opera v12.10.1652.0
File : C:\Users\melissa\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File Pulito.
*************************
AdwCleaner[s1].txt - [1203 octets] - [08/11/2012 13:39:12]
########## EOF - C:\AdwCleaner[s1].txt - [1263 octets] ##########

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Scarica SystemLook dal link qui di seguito e salvalo sulDesktop.

Download #1

  • Doppio-click SystemLook.exe per eseguirlo.
  • Copia il contenuto del seguente codice nel campo di testo.
    Filefind:
    *Winyou*
    Folderfind:
    *Winyou*
    Regfind:
    Winyou


    Click su Look per iniziare la scansione.

    • Alla fine si aprira una finestra di Blocco note. Posta il contenuto nella tua prossima risposta.

    Nota:Il log puo' essere trovato sul tuo desktop, chiamato SystemLook.txt

    Attenzione: Non allegare nessun file, copia/incolla il contenuto del file di testo

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

SystemLook 30.07.11 by jpshortstuff

Log created at 12:10 on 18/11/2012 by melissa

Administrator - Elevation successful

No Context: Filefind:

No Context: *Winyou*

No Context: Folderfind:

No Context: *Winyou*

No Context: Regfind:

No Context: Winyou

-= EOF =-

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0