Logfile of Trend Micro HijackThis v2.0.5 , Scan saved at 12.57.26, on 19/12/2013 , Platform: Windows XP SP3 (WinNT 5.01.2600) , MSIE: Internet Explorer v8.00 (8.00.6001.18702) , FIREFOX: 26.0 (it) , Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Programmi\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG2014\avgidsagent.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Dati applicazioni\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\Programmi\WinCalendarTime\WinCalendarTime.exe
C:\Programmi\FeedReader30\feedreader.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Secunia\PSI\PSIA.exe
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\Programmi\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Dati applicazioni\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
C:\Programmi\AVG\AVG2014\avgcsrvx.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Laura\Desktop\HijackThis 2.0.5.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Dati applicazioni\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [KeyScrambler] C:\Programmi\KeyScrambler\keyscrambler.exe /a
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WinCalendarTime.exe] C:\Programmi\WinCalendarTime\WinCalendarTime.exe
O4 - HKCU\..\Run: [feedreader.exe] "C:\Programmi\FeedReader30\feedreader.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Programmi\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: (no name) - {96538116-AB8C-4879-9F21-BD2BFE22A414} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programmi\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programmi\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Programmi\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O16 - DPF: {10000000-1000-1000-1000-100000000000} -
http://cdn.betteradvertising.com/ghoste ... ostery.cab
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) -
http://kitchenplanner.ikea.com/IT/Core/ ... _Win32.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Programmi\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Programmi\Secunia\PSI\sua.exe