Pbm desinstallation apres desinfection
Résolu/Fermé
boopy9
Messages postés
138
Date d'inscription
vendredi 9 novembre 2007
Statut
Membre
Dernière intervention
15 janvier 2012
-
2 déc. 2007 à 17:41
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 21 janv. 2008 à 23:50
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 21 janv. 2008 à 23:50
A voir également:
- Pbm desinstallation apres desinfection
- Logiciel de desinstallation - Télécharger - Nettoyage
- Mcafee desinstallation - Guide
- Comment récupérer les messages whatsapp après désinstallation - Guide
- Désinstallation avast - Télécharger - Antivirus & Antimalwares
- Comment forcer la desinstallation d'une application - Guide
90 réponses
boopy9
Messages postés
138
Date d'inscription
vendredi 9 novembre 2007
Statut
Membre
Dernière intervention
15 janvier 2012
19 déc. 2007 à 20:10
19 déc. 2007 à 20:10
Bonsoir,
J'ai fait un scan Antivir et il m'a detecté un trojan! :-(((
Je vous poste le rapport antivir :
AntiVir PersonalEdition Classic
Report file date: mercredi 19 décembre 2007 18:22
Scanning for 980737 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JOJO
Version information:
BUILD.DAT : 270 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:17:20
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 21:17:20
ANTIVIR3.VDF : 7.0.1.118 110592 Bytes 18/12/2007 21:15:45
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 13/12/2007 21:21:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 19 décembre 2007 18:22
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '20' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\frdcmb6\.housecall6.6\Quarantine\TFTP1556.bac_a02352
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47bd53c0.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: mercredi 19 décembre 2007 19:34
Used time: 1:12:38 min
The scan has been done completely.
6982 Scanning directories
408068 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
408068 Files not concerned
3736 Archives were scanned
2 Warnings
15 Notes
Avant de faire l'analyse je venais de mettre un trojan en quarantaine :
detection : TR/Gorshok.A
engine ; 7.06.00.45
vdf : 7.00.01.101
souce : C/Systeme volume information/_restore{F0580B78-B274-4684-9DA9-30E722EC3328}\RP118\A0130549.ddl
Merci beaucoup
J'ai fait un scan Antivir et il m'a detecté un trojan! :-(((
Je vous poste le rapport antivir :
AntiVir PersonalEdition Classic
Report file date: mercredi 19 décembre 2007 18:22
Scanning for 980737 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JOJO
Version information:
BUILD.DAT : 270 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:17:20
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 21:17:20
ANTIVIR3.VDF : 7.0.1.118 110592 Bytes 18/12/2007 21:15:45
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 13/12/2007 21:21:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 19 décembre 2007 18:22
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '20' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\frdcmb6\.housecall6.6\Quarantine\TFTP1556.bac_a02352
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47bd53c0.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: mercredi 19 décembre 2007 19:34
Used time: 1:12:38 min
The scan has been done completely.
6982 Scanning directories
408068 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
408068 Files not concerned
3736 Archives were scanned
2 Warnings
15 Notes
Avant de faire l'analyse je venais de mettre un trojan en quarantaine :
detection : TR/Gorshok.A
engine ; 7.06.00.45
vdf : 7.00.01.101
souce : C/Systeme volume information/_restore{F0580B78-B274-4684-9DA9-30E722EC3328}\RP118\A0130549.ddl
Merci beaucoup
boopy9
Messages postés
138
Date d'inscription
vendredi 9 novembre 2007
Statut
Membre
Dernière intervention
15 janvier 2012
19 déc. 2007 à 20:16
19 déc. 2007 à 20:16
J'ai ensuite une fenetre qui s'est ouverte :
C:\...\TFTP1556.bac_ a02352
"You may not have the requires permission or the file is locked. Please make sure that you have administrative rights for this action.
"Contains suspicious code HEUR/Crypted "
Et on me propose :
Delete locked files after reboot ou Ignore
Que dois je faire?
Merci.
C:\...\TFTP1556.bac_ a02352
"You may not have the requires permission or the file is locked. Please make sure that you have administrative rights for this action.
"Contains suspicious code HEUR/Crypted "
Et on me propose :
Delete locked files after reboot ou Ignore
Que dois je faire?
Merci.
boopy9
Messages postés
138
Date d'inscription
vendredi 9 novembre 2007
Statut
Membre
Dernière intervention
15 janvier 2012
20 déc. 2007 à 21:13
20 déc. 2007 à 21:13
up!
boopy9
Messages postés
138
Date d'inscription
vendredi 9 novembre 2007
Statut
Membre
Dernière intervention
15 janvier 2012
24 déc. 2007 à 19:26
24 déc. 2007 à 19:26
uup! :-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
boopy9
Messages postés
138
Date d'inscription
vendredi 9 novembre 2007
Statut
Membre
Dernière intervention
15 janvier 2012
30 déc. 2007 à 09:20
30 déc. 2007 à 09:20
up!
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
30 déc. 2007 à 09:24
30 déc. 2007 à 09:24
Hello
--> Delete locked files after reboot
Salut
--> Delete locked files after reboot
Salut
boopy9
Messages postés
138
Date d'inscription
vendredi 9 novembre 2007
Statut
Membre
Dernière intervention
15 janvier 2012
21 janv. 2008 à 21:26
21 janv. 2008 à 21:26
Bonsoir!
Je_voulais_vous_remercier_encore_une_fois_pour_votre_aide.Je_n'ai_pas_eu_de_probleme_depuis_en_esperant_que_ca_dure...
Merci!
Je_voulais_vous_remercier_encore_une_fois_pour_votre_aide.Je_n'ai_pas_eu_de_probleme_depuis_en_esperant_que_ca_dure...
Merci!
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
21 janv. 2008 à 23:50
21 janv. 2008 à 23:50
Salut Boopy
Je mets donc ton sujet en résolu en esperant que tu n'ais pas besoin de revenir cause probleme ;)
Salut .
Je mets donc ton sujet en résolu en esperant que tu n'ais pas besoin de revenir cause probleme ;)
Salut .
Utilisateur anonyme
9 déc. 2007 à 13:55
9 déc. 2007 à 13:55
Il y a quelques robots scanner qui m'ont l'air de t'avoir dans le nez ?
Sans déconner, je te conseille de t'acheter une licence F-secure Internet Security, sinon, tu vas finir parano !
A mon avis, le filtrage est mauvais dans ta config....de Zone-alarm...ce qui fait que tu dois avoir un tas de fausses alertes.
Mais je t'avoue que j'ai un doute...
Mais dans un cas comme dans l'autre, imagine si tu n'avais pas de Fire-wall !
C'est la raison pour laquelle je te conseille de passer à du plus costaud comme fire-wall, je crois que tu seras plus serein et mieux protégé de toutes façon !
---------------------------------------------------------------
http://www.f-secure.fr/home_user/buyonline/
-------------------------
j'ajouterai que mon journal d'alerte ne contient que deux tentatives:
https://www.hiboox.com
Sans déconner, je te conseille de t'acheter une licence F-secure Internet Security, sinon, tu vas finir parano !
A mon avis, le filtrage est mauvais dans ta config....de Zone-alarm...ce qui fait que tu dois avoir un tas de fausses alertes.
Mais je t'avoue que j'ai un doute...
Mais dans un cas comme dans l'autre, imagine si tu n'avais pas de Fire-wall !
C'est la raison pour laquelle je te conseille de passer à du plus costaud comme fire-wall, je crois que tu seras plus serein et mieux protégé de toutes façon !
---------------------------------------------------------------
http://www.f-secure.fr/home_user/buyonline/
-------------------------
j'ajouterai que mon journal d'alerte ne contient que deux tentatives:
https://www.hiboox.com
