|
|
Auteur
|
Message
|
1
|
|
|
|
Salut à vous
Antivir (conseillé par vous, ça n'a pas l'air mal d'ailleurs) vient de détecter sur notre ordinateur un truc qui s'appelle TR/Agent.49664.J
J'ai mis en quarantaine
Par ailleurs, en regardant mon poste de travail, je trouve un programme un peu bizarre, que je n'ai pas sollicité (c'est un disque de données, il n'y a aucune info système dessus)
ça s'appelle mrtstub.exe, qui est dans un dossier de71aff76e515b7d577ceb818f47e1
Est-ce que quelqu'un a déjà entendu parler de ça? Est-ce lié? Merci d'avance.
|
|
|
|
|
Pour info, mon scan Antivir:
Avira AntiVir Personal
Report file date: lundi 14 juillet 2008 20:51
Scanning for 1431952 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-BF6594C3434
Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 14/04/2008 22:25:38
AVSCAN.DLL : 8.1.1.0 53505 Bytes 14/04/2008 22:25:38
LUKE.DLL : 8.1.2.9 151809 Bytes 14/04/2008 22:25:38
LUKERES.DLL : 8.1.2.1 12033 Bytes 14/04/2008 22:25:38
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:25:46
ANTIVIR2.VDF : 7.0.5.105 821248 Bytes 13/07/2008 18:41:14
ANTIVIR3.VDF : 7.0.5.112 139776 Bytes 14/07/2008 18:41:16
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 14/04/2008 22:25:38
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 02/07/2008 18:04:08
AESCN.DLL : 8.1.0.22 119157 Bytes 22/06/2008 21:17:28
AERDL.DLL : 8.1.0.20 418165 Bytes 28/04/2008 19:25:40
AEPACK.DLL : 8.1.1.6 364918 Bytes 22/06/2008 21:17:26
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 22/06/2008 21:17:24
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 02/07/2008 18:04:08
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 12:51:50
AEGEN.DLL : 8.1.0.29 307573 Bytes 22/06/2008 21:17:20
AEEMU.DLL : 8.1.0.6 430451 Bytes 09/05/2008 12:02:34
AECORE.DLL : 8.1.0.32 168311 Bytes 02/07/2008 18:04:02
AVWINLL.DLL : 1.0.0.7 14593 Bytes 14/04/2008 22:25:38
AVPREF.DLL : 8.0.0.1 25857 Bytes 14/04/2008 22:25:38
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 14/04/2008 22:25:38
AVARKT.DLL : 1.0.0.23 307457 Bytes 14/04/2008 22:25:38
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 14/04/2008 22:25:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 14/04/2008 22:25:38
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 14/04/2008 22:25:38
NETNT.DLL : 8.0.0.1 7937 Bytes 14/04/2008 22:25:38
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 14/04/2008 22:25:30
RCTEXT.DLL : 8.0.32.0 86273 Bytes 14/04/2008 22:25:30
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 14 juillet 2008 20:51
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'QuickDCF2.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'ACEngSvr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ACMON.EXE' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'DLLHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ftp.exe
[DETECTION] Is the Trojan horse TR/Agent.49664.J
[NOTE] The file was moved to '48eba186.qua'!
C:\WINDOWS\SoftwareDistribution\Download\ffe45341c231bb2b0219bca9e5806a77\update\update.exe
[WARNING] The file could not be opened!
C:\WINDOWS\SoftwareDistribution\Download\a61b612a902d2a831303e51d8beb5fc6\update\update.exe
[WARNING] The file could not be opened!
C:\WINDOWS\SoftwareDistribution\Download\691af543d2613e8f8725a561f986419a\update\update.exe
[WARNING] The file could not be opened!
C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\update\update.exe
[WARNING] The file could not be opened!
C:\WINDOWS\SoftwareDistribution\Download\b51583c5f22da0e6e536a968a9783fd0\update\update.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{8E2026AD-7A0A-4DF2-A221-1F2797F9C3D6}\RP317\A0058276.exe
[DETECTION] Is the Trojan horse TR/Agent.49664.J
[NOTE] The file was moved to '48aba3d6.qua'!
C:\System Volume Information\_restore{8E2026AD-7A0A-4DF2-A221-1F2797F9C3D6}\RP317\A0058279.exe
[DETECTION] Is the Trojan horse TR/Agent.49664.J
[NOTE] The file was moved to '48aba613.qua'!
Begin scan in 'D:\'
End of the scan: lundi 14 juillet 2008 21:33
Used time: 42:17 min
The scan has been done completely.
8214 Scanning directories
443231 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
6 Files cannot be scanned
443228 Files not concerned
7721 Archives were scanned
6 Warnings
3 Notes
Ainsi que mon scan HiJack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:02, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Appareil photo\QuickDCF2.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Sécurité Antoine\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.(...)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 6149 bytes
|
|
|
1
|
|
|
|
