TR/ATRAPSFermé

Question

Bonjour, 
j'ai un probléme, avira m'indique que j'ai TR/ATRAPS, j'ai beau scanner et le mettre en quarantaine ca reviens toujours si on pourrais m'aider s'il vous plait


Configuration: Windows Vista / Chrome 23.0.1271.95

Malekal_morte- · Answer

Salut,

Dans quel fichier ?
Poste le rapport de scan Antivir.

Okami Ama · Answer

je sais pas si c'est exactement ca que tu veut mais voila Avira Free Antivirus Report file date: mardi 4 décembre 2012 13:47 Scanning for 4477217 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista (TM) Home Premium Windows version : (Service Pack 2) [6.0.6002] Boot mode : Normally booted Username : SYSTEM Computer name : PC-DE-DAMIEN Version information: BUILD.DAT : 12.1.9.1236 40872 Bytes 11/10/2012 15:58:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 14/11/2012 18:02:20 AVSCAN.DLL : 12.3.0.15 54736 Bytes 18/07/2012 16:05:06 LUKE.DLL : 12.3.0.15 68304 Bytes 18/07/2012 16:04:59 AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18/07/2012 16:04:51 AVREG.DLL : 12.3.0.33 232232 Bytes 18/07/2012 16:04:51 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 23:23:21 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 23:32:24 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 22:38:13 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 16:05:05 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 09:08:21 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 19:48:18 VBASE008.VDF : 7.11.50.231 2048 Bytes 22/11/2012 19:48:18 VBASE009.VDF : 7.11.50.232 2048 Bytes 22/11/2012 19:48:19 VBASE010.VDF : 7.11.50.233 2048 Bytes 22/11/2012 19:48:19 VBASE011.VDF : 7.11.50.234 2048 Bytes 22/11/2012 19:48:19 VBASE012.VDF : 7.11.50.235 2048 Bytes 22/11/2012 19:48:19 VBASE013.VDF : 7.11.50.236 2048 Bytes 22/11/2012 19:48:19 VBASE014.VDF : 7.11.51.27 133632 Bytes 23/11/2012 20:00:14 VBASE015.VDF : 7.11.51.95 140288 Bytes 26/11/2012 20:00:27 VBASE016.VDF : 7.11.51.221 164352 Bytes 29/11/2012 20:00:37 VBASE017.VDF : 7.11.52.29 158208 Bytes 01/12/2012 20:09:28 VBASE018.VDF : 7.11.52.91 116736 Bytes 03/12/2012 20:09:30 VBASE019.VDF : 7.11.52.92 2048 Bytes 03/12/2012 20:09:30 VBASE020.VDF : 7.11.52.93 2048 Bytes 03/12/2012 20:09:31 VBASE021.VDF : 7.11.52.94 2048 Bytes 03/12/2012 20:09:31 VBASE022.VDF : 7.11.52.95 2048 Bytes 03/12/2012 20:09:31 VBASE023.VDF : 7.11.52.96 2048 Bytes 03/12/2012 20:09:31 VBASE024.VDF : 7.11.52.97 2048 Bytes 03/12/2012 20:09:31 VBASE025.VDF : 7.11.52.98 2048 Bytes 03/12/2012 20:09:31 VBASE026.VDF : 7.11.52.99 2048 Bytes 03/12/2012 20:09:31 VBASE027.VDF : 7.11.52.100 2048 Bytes 03/12/2012 20:09:31 VBASE028.VDF : 7.11.52.101 2048 Bytes 03/12/2012 20:09:31 VBASE029.VDF : 7.11.52.102 2048 Bytes 03/12/2012 20:09:31 VBASE030.VDF : 7.11.52.103 2048 Bytes 03/12/2012 20:09:31 VBASE031.VDF : 7.11.52.104 2048 Bytes 03/12/2012 20:09:31 Engine version : 8.2.10.214 AEVDF.DLL : 8.1.2.10 102772 Bytes 01/08/2012 09:19:18 AESCRIPT.DLL : 8.1.4.70 467323 Bytes 30/11/2012 20:00:48 AESCN.DLL : 8.1.9.4 131445 Bytes 15/11/2012 18:03:04 AESBX.DLL : 8.2.5.12 606578 Bytes 18/07/2012 16:04:48 AERDL.DLL : 8.2.0.74 643445 Bytes 07/11/2012 17:13:58 AEPACK.DLL : 8.3.0.40 815479 Bytes 12/11/2012 17:14:24 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05/11/2012 17:13:40 AEHEUR.DLL : 8.1.4.156 5579128 Bytes 30/11/2012 20:00:47 AEHELP.DLL : 8.1.25.2 258423 Bytes 12/10/2012 12:54:35 AEGEN.DLL : 8.1.6.10 438646 Bytes 15/11/2012 18:02:58 AEEXP.DLL : 8.2.0.16 119157 Bytes 30/11/2012 20:00:48 AEEMU.DLL : 8.1.3.2 393587 Bytes 01/08/2012 09:19:11 AECORE.DLL : 8.1.29.2 201079 Bytes 07/11/2012 17:13:51 AEBB.DLL : 8.1.1.4 53619 Bytes 05/11/2012 17:13:35 AVWINLL.DLL : 12.3.0.15 27344 Bytes 18/07/2012 16:04:53 AVPREF.DLL : 12.3.0.32 50720 Bytes 14/11/2012 18:02:19 AVREP.DLL : 12.3.0.15 179208 Bytes 18/07/2012 16:04:51 AVARKT.DLL : 12.3.0.33 209696 Bytes 14/11/2012 18:02:19 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18/07/2012 16:04:50 SQLITE3.DLL : 3.7.0.1 398288 Bytes 18/07/2012 16:05:02 AVSMTP.DLL : 12.3.0.32 63480 Bytes 18/07/2012 16:04:52 NETNT.DLL : 12.3.0.15 17104 Bytes 18/07/2012 16:04:59 RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 18/07/2012 16:05:09 RCTEXT.DLL : 12.3.0.32 97056 Bytes 14/11/2012 18:02:18 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20121204-120941-353E3628.avp Logging.............................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Start of the scan: mardi 4 décembre 2012 13:47 Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting search for hidden objects. c:\adsm_pdata_0150\dragwait.exe c:\adsm_pdata_0150\dragwait.exe [NOTE] The file is not visible. [WARNING] The file was ignored! c:\adsm_pdata_0150\_avt c:\adsm_pdata_0150\_avt [NOTE] The file is not visible. [WARNING] The file was ignored! c:\adsm_pdata_0150\db\si.db c:\adsm_pdata_0150\db\si.db [NOTE] The file is not visible. [WARNING] The file was ignored! c:\adsm_pdata_0150\db\ul.db c:\adsm_pdata_0150\db\ul.db [NOTE] The file is not visible. [WARNING] The file was ignored! c:\adsm_pdata_0150\db\vl.db c:\adsm_pdata_0150\db\vl.db [NOTE] The file is not visible. [WARNING] The file was ignored! c:\adsm_pdata_0150\db\_avt c:\adsm_pdata_0150\db\_avt [NOTE] The file is not visible. [WARNING] The file was ignored! c:\program files\asus\asus data security manager\driver\x86\asdsm.sys c:\program files\asus\asus data security manager\driver\x86\asdsm.sys [NOTE] The file is not visible. [WARNING] The file was ignored! c:\program files\asus\asus data security manager\driver\x86\_avt c:\program files\asus\asus data security manager\driver\x86\_avt [NOTE] The file is not visible. [WARNING] The file was ignored! c:\users\damien\appdata\local\microsoft\windows emporary internet files\content.ie5\a2ynd033\a_ligatus_com[1].js c:\users\damien\appdata\local\microsoft\windows emporary internet files\content.ie5\a2ynd033\a_ligatus_com[1].js [NOTE] The file is not visible. [WARNING] The file was ignored! c:\adsm_pdata_0150 c:\adsm_pdata_0150 [NOTE] The directory is not visible. [WARNING] The file was ignored! c:\adsm_pdata_0150\db c:\adsm_pdata_0150\db [NOTE] The directory is not visible. [WARNING] The file was ignored! c:\program files\asus\asus data security manager\driver\x86 c:\program files\asus\asus data security manager\driver\x86 [NOTE] The directory is not visible. [WARNING] The file was ignored! Hidden driver [NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts. The scan of running processes will be started Scan process 'SearchFilterHost.exe' - '33' Module(s) have been scanned Scan process 'taskeng.exe' - '24' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '52' Module(s) have been scanned Scan process 'chrome.exe' - '71' Module(s) have been scanned Scan process 'chrome.exe' - '38' Module(s) have been scanned Scan process 'chrome.exe' - '38' Module(s) have been scanned Scan process 'chrome.exe' - '64' Module(s) have been scanned Scan process 'chrome.exe' - '38' Module(s) have been scanned Scan process 'chrome.exe' - '87' Module(s) have been scanned Scan process 'wlcomm.exe' - '101' Module(s) have been scanned Scan process 'browser.exe' - '170' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'vssvc.exe' - '49' Module(s) have been scanned Scan process 'avscan.exe' - '86' Module(s) have been scanned Scan process 'avscan.exe' - '28' Module(s) have been scanned Scan process 'FTCOMModule.exe' - '30' Module(s) have been scanned Scan process 'OraConfigRecover.exe' - '27' Module(s) have been scanned Scan process 'CoreCom.exe' - '93' Module(s) have been scanned Scan process 'connectivitymanager.exe' - '64' Module(s) have been scanned Scan process 'deskboard.exe' - '71' Module(s) have been scanned Scan process 'Launcher.exe' - '125' Module(s) have been scanned Scan process 'svchost.exe' - '21' Module(s) have been scanned Scan process 'AlertModule.exe' - '28' Module(s) have been scanned Scan process 'svchost.exe' - '61' Module(s) have been scanned Scan process 'ehmsas.exe' - '19' Module(s) have been scanned Scan process 'TomTomHOMERunner.exe' - '31' Module(s) have been scanned Scan process 'NPSAgent.exe' - '31' Module(s) have been scanned Scan process 'LightScribeControlPanel.exe' - '33' Module(s) have been scanned Scan process 'msnmsgr.exe' - '162' Module(s) have been scanned Scan process 'ehtray.exe' - '26' Module(s) have been scanned Scan process 'sidebar.exe' - '103' Module(s) have been scanned Scan process 'avgnt.exe' - '72' Module(s) have been scanned Scan process 'datamngrUI.exe' - '44' Module(s) have been scanned Scan process 'realsched.exe' - '36' Module(s) have been scanned Scan process 'InCD.exe' - '45' Module(s) have been scanned Scan process 'jusched.exe' - '32' Module(s) have been scanned Scan process 'SystrayApp.exe' - '34' Module(s) have been scanned Scan process 'oopmagentts.exe' - '13' Module(s) have been scanned Scan process 'ASScrPro.exe' - '30' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '27' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '49' Module(s) have been scanned Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned Scan process 'igfxpers.exe' - '20' Module(s) have been scanned Scan process 'hkcmd.exe' - '23' Module(s) have been scanned Scan process 'igfxtray.exe' - '24' Module(s) have been scanned Scan process 'avshadow.exe' - '33' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '16' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '72' Module(s) have been scanned Scan process 'svchost.exe' - '31' Module(s) have been scanned Scan process 'TomTomHOMEService.exe' - '8' Module(s) have been scanned Scan process 'svchost.exe' - '44' Module(s) have been scanned Scan process 'spmgr.exe' - '36' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned Scan process 'InCDsrv.exe' - '35' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '17' Module(s) have been scanned Scan process 'FsUsbExService.Exe' - '23' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '30' Module(s) have been scanned Scan process 'SeaPort.EXE' - '56' Module(s) have been scanned Scan process 'ALUSchedulerSvc.exe' - '33' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '30' Module(s) have been scanned Scan process 'avguard.exe' - '65' Module(s) have been scanned Scan process 'sched.exe' - '52' Module(s) have been scanned Scan process 'armsvc.exe' - '24' Module(s) have been scanned Scan process 'ALU.exe' - '44' Module(s) have been scanned Scan process 'taskeng.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '60' Module(s) have been scanned Scan process 'sched.exe' - '52' Module(s) have been scanned Scan process 'taskeng.exe' - '83' Module(s) have been scanned Scan process 'taskeng.exe' - '49' Module(s) have been scanned Scan process 'spoolsv.exe' - '82' Module(s) have been scanned Scan process 'KBFiltr.exe' - '14' Module(s) have been scanned Scan process 'ATKOSD.exe' - '13' Module(s) have been scanned Scan process 'ACEngSvr.exe' - '33' Module(s) have been scanned Scan process 'ACMON.exe' - '26' Module(s) have been scanned Scan process 'BatteryLife.exe' - '25' Module(s) have been scanned Scan process 'wcourier.exe' - '23' Module(s) have been scanned Scan process 'ATKOSD2.exe' - '23' Module(s) have been scanned Scan process 'Hcontrol.exe' - '59' Module(s) have been scanned Scan process 'Explorer.EXE' - '145' Module(s) have been scanned Module is OK -> [NOTE] Process 'explorer.exe' was terminated [NOTE] The registration entry was successfully repaired. [NOTE] The registration entry was successfully repaired. [NOTE] The registration entry was successfully repaired. [NOTE] The registration entry was successfully repaired. [NOTE] The registration entry was successfully repaired. Module is OK -> [NOTE] The file does not exist! Scan process 'Dwm.exe' - '40' Module(s) have been scanned Scan process 'GFNEXSrv.exe' - '12' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '20' Module(s) have been scanned Scan process 'ASLDRSrv.exe' - '25' Module(s) have been scanned Scan process 'ADSMSrv.exe' - '12' Module(s) have been scanned Scan process 'svchost.exe' - '95' Module(s) have been scanned Scan process 'svchost.exe' - '87' Module(s) have been scanned Scan process 'SLsvc.exe' - '23' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '155' Module(s) have been scanned Scan process 'svchost.exe' - '108' Module(s) have been scanned Scan process 'svchost.exe' - '67' Module(s) have been scanned Scan process 'svchost.exe' - '35' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'winlogon.exe' - '30' Module(s) have been scanned Scan process 'lsm.exe' - '22' Module(s) have been scanned Scan process 'lsass.exe' - '62' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'wininit.exe' - '26' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Scan process 'SearchFilterHost.exe' - '33' Module(s) have been scanned

Malekal_morte- · Answer

Le rapport est incomplet.
Utilise http://pjjoint.malekal.com et donne le lien ici.

Malekal_morte- · Answer

0 Virus.

0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired 
~~

eventuellement :

[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy) 
[*] Quitter tous les programmes 
[*] Lancer RogueKiller.exe. 
[*] Attendre que le Prescan ait fini ... 
[*] Lance un scan afin de débloquer le bouton Suppression à droite.
[*] Clic sur Suppression.
Poste le rapport ici.

!!! Je répète bien faire Suppression à droite et poster le rapport. !!!

Malekal_morte- · Answer

ouais y avait des restes de ZeroAccess :)

Ca doit être bon.

Installe Malwarebyte's Anti-Malware et fais des scans réguliers avec, il est efficace  : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

~~

Remettre le pare-feu et centre de sécurité : https://forum.malekal.com/viewtopic.php?t=36444&start=#p283396 


~~

Important - ton infection est venue par un exploit sur site web :   

Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.  
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.  
Exemple avec : Exploit Java  

Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.

IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash : 
/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite     
https://forum.malekal.com/viewtopic.php?t=15960&start=  

Passe le mot à tes amis ! 

~~

Filtrer les PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/

~~

Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

TR/ATRAPS

5 réponses

Discussions similaires

Newsletters