Ciao!ho avuto un problema col file bridge.dll che yoghi mi ha aiutato a risolvere,ma visto che non mi intendo granchè di pc volevo un' ulteriore consulenza e mi ha detto di rivolgermi ad Alfonso. Praticamente,vorrei sapere se,esaminando il log di hijack,c'è qualche altra schifezza che farei bene a togliere dal pc.Io ho eliminato solo bridge.dll e il riferimento a www.flingstone.fatemi sapere!grazie!ecco il log:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\WINDOWS\System32\NVATray.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\SuperBar\sbhc.exe
C:\program files\altnet\points manager\points manager.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\docume~1\chiara~1\impost~1\temp\msbb.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
C:\Programmi\NaviSearch\bin\nls.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\WinTools\WToolsS.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\Belkin\Software Bluetooth\BTTray.exe
C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates0.exe
C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates1.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\chiara biagioli\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da VirgilioTin
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Programmi\se\v11\se.DLL
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\Programmi\se\v11\se.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Programmi\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SuperBar - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Programmi\SuperBar\SuperBar.Dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Programmi\MediaLoads Enhanced\ME2.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programmi\Toolbar\toolbar.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Virgilio Rapido - {844FC402-F06A-4A47-ACB9-45BDC9721BD1} - C:\WINDOWS\Downloaded Program Files\VirgilioBands187.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SuperBar - {7BBDB13D-D91F-4164-A90C-10C699F06902} - C:\Programmi\SuperBar\SuperBar.Dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programmi\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Programmi\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DownloadWare] "C:\Programmi\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [PromulGate] "C:\Programmi\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBHC] C:\Programmi\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Programmi\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programmi\File comuni\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [updmgr] C:\Programmi\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [msbb] c:\docume~1\chiara~1\impost~1\temp\msbb.exe
O4 - HKLM\..\Run: [mpkzgnsn] C:\WINDOWS\mpkzgnsn.exe
O4 - HKLM\..\Run: [gnqr] C:\WINDOWS\gnqr.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [kbqroj] C:\WINDOWS\kbqroj.exe
O4 - HKLM\..\Run: [UStorag] c:\programmi\u-storage tools2.6\ustorage.exe sys_auto_run C:\Programmi\U-Storage Tools2.6
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmi\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [xmpvxfuym] C:\WINDOWS\System32\blegji.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [WebSavingsFromEbates0] "C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates0.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Morpheus] "C:\Programmi\StreamCast\Morpheus\Morpheus.exe" -min
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Web Savings - file://C:\Programmi\WebSavings_from_Ebates\Sy400\Tp400\scri400a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Umail - {0C106FF2-5E8E-4382-863F-827961716328} - http://gw.virgilio.it/b2c01.umail (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {0DCABC94-5086-4E08-A4C9-BF284A614E81} (WwwPlugin Class) - http://www.grupox.com/perf/WwwPlugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://do.gameonstarter.com/cont/sc.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.lochness.scotland.net/push.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programmi\Toolbar\toolbar.dll

Chiara

Ciao Chiara,
a quanto pare Alfonso è molto occupato con il suo lavoro e appare pochissimo sul forum, cercherò di aiutarti con il log di Hijack per quel poco che ne capisco..
<b>Hai usato SPYBOT e AD AWARE ???</b> (sei piena di SPY <img src=icon_smile_shock.gif border=0 align=middle> )... potrebbe non essere facile eliminarle tutte ... (voglio dire adesso le eliminiamo, ma potrebbero riapparire!)

<b></b>PRIMA DI PROCEDERE FAI IL BACKUP DEL REGISTRO!<u></u>

Allora proviamo; dovresti eliminare queste voci:

<font color=red>C:\docume~1\chiara~1\impost~1\temp\msbb.exe</font id=red>- noto spyware - se conosci bene l'inglese guarda su questa pagina:
http://www.doxdesk.com/parasite/nCase.html


<font color=red>C:\Programmi\SuperBar\sbhc.exe</font id=red> - spyware -
se conosci bene l'inglese guarda su questa pagina:
http://www.2-spyware.com/file-sbhc-exe.html

<font color=red>C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe</font id=red> - pericoloso spyware -
se conosci bene l'inglese guarda su questa pagina:
http://www.2-spyware.com/file-asm-exe.html

<font color=red>C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates0.exe -spy -
C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates1.exe
O8 - Extra context menu item: Web Savings - file://C:\Programmi\WebSavings_from_Ebates\Sy400\Tp400\scri400a.htm</font id=red>
se conosci bene l'inglese guarda su questa pagina:
http://www.2-files.com/filename/websavingsfromebates1-exe

<font color=red>R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Programmi\se\v11\se.DLL</font id=red> -adaware-
se conosci bene l'inglese guarda su questa pagina:
http://www.pestpatrol.com/PestInfo/s/search-exe.asp

<font color=red>O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll</font id=red>- trojan - adaware -
se conosci bene l'inglese guarda su questa pagina:
http://pestpatrol.com/zks/pestinfo/t/twain-tech.asp
<font color=red>O3 - Toolbar: SuperBar - {7BBDB13D-D91F-4164-A90C-10C699F06902} - C:\Programmi\SuperBar\SuperBar.Dll</font id=red> -adaware-
se conosci bene l'inglese guarda su questa pagina:
http://www.pestpatrol.com/PestInfo/S/SuperBar.asp

<font color=red>http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab</font id=red>
se conosci bene l'inglese guarda su questa pagina:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=SPYW_BRISS.A&VSect=T

<font color=red></font id=red>

<font color=red></font id=red>
___________________________________________________

Rimuovi anche le voci "file Missing":
=====================================
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Programmi\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)



___________________________________________________




Questi sono sospetti però non sono sicuro: (Alfonso AIUTOOOO !!!!)

O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL


O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
http://it.mcafee.com/virusInfo/default.asp?id=description&virus_k=100881

O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe(QUESTO SEMBRA UNA VARIANTE DI GATOR - Spyware)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (SEMBRA UN DIALER)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (COME SOPRA)

O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll (sconosciuto)

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab (POTREBBE ESSERE UN DIALER)

O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.lochness.scotland.net/push.cab (sconosciuto forse collegato a quello sopra)

___________________________________________

Sicuramente ne hai altre che io non riesco a vedere....

<font color=brown>Inoltre hai troppi processi che si caricano all'avvio di Windows (la voce :HKLM\..\Run), cerca di eliminare quelli che non ti servono....</font id=brown>



Ciao
Robi

ciao!ho eseguito tutti passaggi che mi hai detto,ti invio il log di hijack,fammi sapere
ciao
Chiara

Il sistema e troppo infetto, qualche voce da me indicato potrebbe danneggiare il sistema, esegui l'operazione a tuo rischio e pericolo, l'alternativa e formattare il computer, pertanto fai comunque delle copie di riserva dei dati importanti prima di procedere.


Avvia il computer in modalità provvisoria, apri Hijack ed elimina queste righe:

---

C:\Programmi\File comuni\WinTools\WToolsS.exe
-
C:\WINDOWS\System32\blegji.exe
-
C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates0.exe
C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
-
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
-
C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates1.exe
-
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
-
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
-
O3 - Toolbar: SuperBar - {7BBDB13D-D91F-4164-A90C-10C699F06902} - C:\Programmi\SuperBar\SuperBar.Dll (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programmi\Toolbar\toolbar.dll (file missing)
-
O4 - HKLM\..\Run: [xmpvxfuym] C:\WINDOWS\System32\blegji.exe
-
O4 - HKLM\..\Run: [WebSavingsFromEbates0] "C:\Programmi\WebSavings_from_Ebates\WebSavingsFromEbates0.exe"
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [TBPS] C:\Programmi\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
-
O8 - Extra context menu item: Web Savings - file://C:\Programmi\WebSavings_from_Ebates\Sy400\Tp400\scri400a.htm
-
O9 - Extra button: Umail - {0C106FF2-5E8E-4382-863F-827961716328} - http://gw.virgilio.it/b2c01.umail (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
-
O16 - DPF: {0DCABC94-5086-4E08-A4C9-BF284A614E81} (WwwPlugin Class) - http://www.grupox.com/perf/WwwPlugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
-
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.lochness.scotland.net/push.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programmi\Toolbar\toolbar.dll (file missing)

---

Utilizza il TROVA di windows, cerca i file seguenti ed eliminali

<font color=red>
WToolsS.exe
blegji.exe
WebSavingsFromEbates0.exe
SearchUpgrader.exe
WToolsA.exe
WSup.exe
WebSavingsFromEbates1.exe
MYBAR.DLL
WToolsB.dll
SuperBar.Dll
toolbar.dll
TBPS.exe
WToolsA.exe
</font id=red>

Per il momento tieni il ripristino di configurazione NON ATTIVO.

---

Collaboratore Aiutamici