eccolo:
Logfile of HijackThis v1.99.1
Scan saved at 15.26.33, on 06/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAMMI\TREND MICRO\OFFICESCAN CLIENT\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\TREND MICRO\OFFICESCAN CLIENT\OFCDOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\MAR_INET.EXE
C:\WINDOWS\SYSTEM\ITDDD.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAMMI\HP DESKJET 895C SERIES\EREG\REMIND32.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA9.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic 2000\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic 2000\Search Bar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {C12B4EC1-1F65-11D3-91CA-00104B9C4765} - C:\Programmi\Copernic 2000\CopernicFind.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [MarathonInternetServices] mar_inet.exe
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAMMI\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\SYSTEM\itDDD.exe
O4 - HKLM\..\Run: [Olympic] C:\windows\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAMMI\TREND MICRO\OFFICESCAN CLIENT\pccwin97.exe"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Promemoria del Calendario di Microsoft Works.lnk = C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Reminder-hpc41003.lnk = C:\Programmi\HP DeskJet 895C Series\ereg\Remind32.exe
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Ricerca utilizzando Copernic -
file://C:\Programmi\Copernic 2000\Search Extension.htm
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programmi\Copernic 2000\Copernic.exe
O9 - Extra 'Tools' menuitem: Avviare Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programmi\Copernic 2000\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programmi\Copernic 2000\Copernic.exe
O9 - Extra button: Traduci - {99EFB53C-C965-43CF-9F45-52242D134187} -
file://C:\Programmi\Copernic 2000\Translate.htm
O9 - Extra 'Tools' menuitem: &Traduci utilizzando Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} -
file://C:\Programmi\Copernic 2000\Translate.htm
O15 - Trusted Zone:
http://www.redfunny.com
O15 - Trusted Zone:
http://www.skymasters.biz
O15 - Trusted Zone:
http://www.archiviosex.net
O15 - Trusted Zone:
http://www.sgrunt.biz
O15 - Trusted Zone:
http://www.linkautomatici.com
O16 - DPF: {5A52A590-0282-11D1-AA38-00A024FE694D} (USIFirmaSoft) -
https://webbank.unicredito.it/common/in ... tFirma.cab
O16 - DPF: {4A52A590-0282-11D1-AA38-00A024FE694D} (USIFirmaJava) -
https://webbank.unicredito.it/common/in ... aFirma.cab
O16 - DPF: {0201A637-524E-4783-B8A7-087E68E025A9} (CBIIMPORTJava) -
https://webbank.unicredito.it/06330/it/cbi/CBImport.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
https://tatiana/officescan/console/html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) -
https://tatiana/officescan/console/Clie ... veCtrl.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) -
https://tatiana/officescan/console/Clie ... tupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) -
https://tatiana/officescan/console/Clie ... /setup.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
http://www.sgrunt.biz/closer/close.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = clubnet.tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.216.112.222,212.216.172.162