Troian.downloader.agent.bq con jabtl

Rainbow Dragon · 07-09-2006, 14:08

Ogni giorno il NOD mi blocca un file jabtl1.dll nella cartella windows identificandolo come variante del Troian.downloader.agent.bq.
Con hijackthis non trovo cose strane:
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65C460DD-F6B5-4EDC-B329-2C89E98BBF6B}: NameServer = 192.168.0.1,192.168.0.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3E471BF-BE3B-42A7-8485-8125E69ABEDD}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Non ho più file verdi in \programmi\file comuni dopo aver usato il tool gromozone. La scansione in modalità provvisoria col NOD non trova niente.
Help

juninho85 · 07-09-2006, 20:42

va postato qui

07-09-2006, 14:08	#1
Rainbow Dragon Member Iscritto dal: Sep 2001 Messaggi: 170	Troian.downloader.agent.bq con jabtl Ogni giorno il NOD mi blocca un file jabtl1.dll nella cartella windows identificandolo come variante del Troian.downloader.agent.bq. Con hijackthis non trovo cose strane: O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{65C460DD-F6B5-4EDC-B329-2C89E98BBF6B}: NameServer = 192.168.0.1,192.168.0.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3E471BF-BE3B-42A7-8485-8125E69ABEDD}: NameServer = 193.70.152.15 193.70.152.25 O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Non ho più file verdi in \programmi\file comuni dopo aver usato il tool gromozone. La scansione in modalità provvisoria col NOD non trova niente. Help __________________ Intel Core 2Duo E6400@3,4Ghz - TT XP90C - Asus Rampage Formula- 2Gb DDR2 800 Corsair XMS2- 2x Sapphire HD4850 - TT Soprano - Seagate 750Gb - Samsung SyncMaster 930BF - Logitech system 5.1 - Win XP SP2. 3DMark2006: 17000 - Ho fatto buoni affari con: GIAN.B, laba e alfredino85.

07-09-2006, 20:42	#2
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28998	va postato qui

Strumenti
Mostra una versione stampabile Invia questa pagina per email