• Moderatore

    PDFCreator segnalato da AVG?

    Oggi AVG mi ha segnalato uno strano Warning:

    Infection
    Trojan horse Agent_r.CD
    C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    Qualcuno sa dirmi qualcosa?


  • User

    ciao

    puoi essere piu' preciso?

    invia un log di hijackthis


  • Moderatore

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10.45.58, on 30/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\windows\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\system32\cisvc.exe
    H:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    H:\WINDOWS\system32\inetsrv\inetinfo.exe
    H:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    H:\WINDOWS\system32\tcpsvcs.exe
    H:\Programmi\SiteAdvisor\6261\SAService.exe
    H:\WINDOWS\System32\snmp.exe
    H:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\mqsvc.exe
    H:\WINDOWS\system32\mqtgsvc.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\system32\igfxtray.exe
    H:\WINDOWS\system32\hkcmd.exe
    H:\WINDOWS\system32\igfxpers.exe
    H:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    H:\Programmi\Analog Devices\SoundMAX\Smax4.exe
    H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    H:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
    H:\Programmi\QuickTime\qttask.exe
    H:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
    H:\PROGRA~1\Hardware\Mouse\Amoumain.exe
    H:\Programmi\HP\HP Software Update\HPWuSchd.exe
    H:\Programmi\HP\hpcoretech\hpcmpmgr.exe
    H:\Programmi\SiteAdvisor\6261\SiteAdv.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Programmi\AS3 Personal Firewall\AS3PF.exe
    H:\Programmi\Messenger\msmsgs.exe
    H:\Programmi\Skype\Phone\Skype.exe
    H:\Programmi\OpenOffice.org 2.4\program\soffice.exe
    H:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
    H:\Programmi\Skype\Plugin Manager\skypePM.exe
    H:\Programmi\Outlook Express\msimn.exe
    H:\Programmi\AVG\AVG8\avgtray.exe
    H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    H:\PROGRA~1\AVG\AVG8\avgrsx.exe
    H:\PROGRA~1\AVG\AVG8\avgemc.exe
    H:\windows\system32\cidaemon.exe
    H:\windows\system32\cidaemon.exe
    H:\Programmi\Internet Explorer\iexplore.exe
    H:\Programmi\AVG\AVG8\avgui.exe
    H:\Programmi\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?sourceid=navclient&hl=it&ie=UTF-8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Programmi\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Programmi\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\Programmi\AVG\AVG8\avgtoolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\programmi\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - H:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
    O2 - BHO: XBTBPos00 - {F1E5286B-7517-4446-874B-65B1C8843A6D} - H:\PROGRA~1\PROZ~1.COM\KUDOZ_~1.DLL (file missing)
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - H:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Programmi\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\Programmi\AVG\AVG8\avgtoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programmi\google\googletoolbar1.dll
    O4 - HKLM..\Run: [igfxtray] H:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM..\Run: [igfxhkcmd] H:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM..\Run: [igfxpers] H:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM..\Run: [SoundMAXPnP] H:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM..\Run: [SoundMAX] "H:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM..\Run: [RemoteControl] H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM..\Run: [SunJavaUpdateSched] "H:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM..\Run: [QuickTime Task] "H:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM..\Run: [Camera Detector] H:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
    O4 - HKLM..\Run: [WheelMouse] H:\PROGRA~1\Hardware\Mouse\Amoumain.exe
    O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM..\Run: [HP Software Update] "H:\Programmi\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM..\Run: [HP Component Manager] "H:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM..\Run: [SiteAdvisor] "H:\Programmi\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM..\Run: [AS3 Personal Firewall] H:\Programmi\AS3 Personal Firewall\AS3PF.exe
    O4 - HKLM..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU..\Run: [NBJ] "H:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU..\Run: [MSMSGS] "H:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU..\Run: [Skype] "H:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = H:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - H:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - H:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163095398117
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5024/mcfscan.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Programmi\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - H:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MySQL - Unknown owner - H:\Programmi\MySQL\MySQL.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - H:\Programmi\SiteAdvisor\6261\SAService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - H:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 9138 bytes


  • Super User

    ...forse perchè quella dll è andata a "toccare" qualcosa che AVG tiene sotto controllo; è un antivirus free quindi si puo' concedergli qualche sbaglio 🙂

    facci sapere


  • User

    se proprio vuoi essere sicuro di non avere problemi puoi disinstallare AVG free e installare il trial di NOD32 (dura 30 gg) per fare una scansione approfondita del sistema
    altrimenti, mantenendo installato AVG puoi installare la versione free di VIRIT (funziona anche con altri antivirus presenti nel sistema) ed effettuare una scansione
    entrambi gli antivirus li trovi cercando su google
    se PDFCreator ti da problemi, prova ad usare PrimoPDF (lo trovi facilmente cercando su google)