Logfile of HijackThis v1.99.1
Scan saved at 11.18.29, on 30/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\REALVNC\WINVNC\WINVNC.EXE
C:\PROGRAMMI\NETSUPPORT SCHOOL\CLIENT32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\NETSUPPORT SCHOOL\wclientw.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\DSB\DSB.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\DESKTOP\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {78E3B901-8BE2-11D9-A42D-0050F0726384} - C:\WINDOWS\SYSTEM\CKIK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMI\REALVNC\WINVNC\WINVNC.EXE" -service
O4 - HKLM\..\RunServices: [NetSupport Client] C:\Programmi\NetSupport School\client32.exe *
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC TRANSFORMS="C:\Programmi\File comuni\Wise Installation Wizard\WISE45873F4AB2D473F9CBB78125F4BF624_1_2_0.MST" /I "C:\Programmi\File comuni\Wise Installation Wizard\WISE45873F4AB2D473F9CBB78125F4BF624_1_2_0.MSI" WISE_SETUP_EXE_PATH="D:\INSTALL_CABRI_II_PLUS.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//lfcruot//zbavycf//mfilsxg//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/605689.exeO16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
http://download.energyfactor.com/dialer/it/activex_53_it.exeO16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} -
O16 - DPF: DigiChat Applet -
http://host5.digichat.com/DigiChat/DigiClasses/Client_IE.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.125.3
O18 - Filter: text/html - {78E3B900-8BE2-11D9-A42D-00509F3EC61F} - C:\WINDOWS\SYSTEM\CKIK.DLL
O18 - Filter: text/plain - {78E3B900-8BE2-11D9-A42D-00509F3EC61F} - C:\WINDOWS\SYSTEM\CKIK.DLL