Provato AboutBuster
Ho provato AboutBuster, con risultati purtroppo non definitivi.La prima loggata di Hijackthis sembra ok:
Logfile of HijackThis v1.98.2
Scan saved at 9.07.26, on 27/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\usrbridg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmi\PopUp Killer\popupkiller.EXE
C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\BHODemon 2\BHODemon.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
c:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://it.msn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {EABD82EE-3227-BE5F-0151-50BB569AF9CF} - C:\WINNT\system32\syssn.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Programmi\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO
O4 - Startup: BHODemon 2.0.lnk = C:\Programmi\BHODemon 2\BHODemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor conn. telefonica.lnk = C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Poi appena avviato IE e connesso in rete....rieccoti 'sto bastardo!!!
Logfile of HijackThis v1.98.2
Scan saved at 9.49.09, on 27/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmi\PopUp Killer\popupkiller.EXE
C:\WINNT\mfcht32.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\odnxdu.exe
C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\bzqfq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\bzqfq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\bzqfq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\bzqfq.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\bzqfq.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\bzqfq.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\bzqfq.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {EABD82EE-3227-BE5F-0151-50BB569AF9CF} - C:\WINNT\system32\syssn.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Programmi\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [mfcht32.exe] C:\WINNT\mfcht32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Sbat] C:\Documents and Settings\user\Dati applicazioni\eici.exe
O4 - HKCU\..\Run: [Ezvpq] C:\WINNT\system32\odnxdu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor conn. telefonica.lnk = C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E647B4B-4D09-4091-81B1-AD4BAE1D3959}: NameServer = 193.70.192.25 193.70.152.25
ORA PRENDO A PICCONATE IL MONITOR! :grrr:
N.B.ho provato AboutB dalla modalità normale e dalla provvisoria; inoltre sulla schermata di disinstallazione applicazioni di W2K la cosa sconvolgente è che 'sto Home Search Assistant sta lì, bello bello, e come chiedi di toglierlo logga così: !PROBLEMA CON IL COLLEGAMENTO Impossibile aprire
http://looking-for.cc/uninstall/HomeSearchAssistant.html
:boh: