VIRUS police et gendarmerie nationale

t'as oublié "jamais" ^^

====

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\Windows\System32\drivers\axiacec.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.

C:\Windows\System32\drivers\axiacec.sys n'existe pas

meme en affichant les fichiers cachés et les fichiers systeme ?

en cherchant manuellement je le trouve pas.

"meme en affichant les fichiers cachés et les fichiers systeme ?" : comment faire ?

panneau de configuration => option des dossiers => affichage

cocher "afficher les fichiers et dossiers cachés"
décocher "masquer les fichiers protegs du systeme d'exploitation"

puis ok

merci pour le tutoriel.
j'ai fais mais il n'apparait toujours pas

ok encore des devoirs :

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\WINDOWS\System32\drivers\xavwaffa.sys
C:\WINDOWS\System32\drivers\gbju.sys


* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.

================================

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Services
feicymhc

:OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2802022764-2121953277-338115081-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2802022764-2121953277-338115081-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61798
FF - user.js - File not found
O7 - HKU\S-1-5-21-2802022764-2121953277-338115081-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Cyanide = C:\Documents and Settings\Francois\Application Data\69F69B.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Reg
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
""="%SystemRoot%\system32\shell32.dll"

:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

C:\WINDOWS\System32\drivers\xavwaffa.sys :
https://www.virustotal.com/gui/file/3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516

C:\WINDOWS\System32\drivers\gbju.sys
https://www.virustotal.com/gui/file/3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516

voici pour otl :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service feicymhc stopped successfully!
Service feicymhc deleted successfully!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-2802022764-2121953277-338115081-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-2802022764-2121953277-338115081-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "http://www.gigabase.ru/search?clid=1&q=" removed from browser.search.defaulturl
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 61798 removed from network.proxy.http_port
Registry value HKEY_USERS\S-1-5-21-2802022764-2121953277-338115081-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Cyanide deleted successfully.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32\\""|"%SystemRoot%\system32\shell32.dll" /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Francois
->Temp folder emptied: 930334 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24400589 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10292012_011724

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

supprime les deux fichiers que je t'ai fait analyser sur virus total

et hop à la poubelle

ok redemarre le pc

salut,

pc redémarré

encore des soucis ?

je sais pas trop, j'attendais que tu conclues... je fais mes mises à jour et c'est "résolu"?

fais le menage

https://gen-hackman.kanak.fr/

salut,

voici le rapport delfix :

# DelFix v9.0 - Rapport créé le 30/10/2012 à 00:14:30
# Mis à jour le 23/09/12 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Francois - PACKARD-5E29A7A (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Francois\Mes documents\Téléchargements\delfix.exe
# Option [Suppression]


~~~~~~ Dossiers(s) ~~~~~~

Supprimé : C:\FyK
Supprimé : C:\_OTL
Supprimé : C:\pre_scan

~~~~~~ Fichier(s) ~~~~~~


~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\Software\g3n-h@ckm@n
Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner

~~~~~~ Autres ~~~~~~

-> Prefetch Vidé

*************************

DelFix[S1].txt - [713 octets] - [30/10/2012 00:14:30]

########## EOF - C:\DelFix[S1].txt - [836 octets] ##########

le rapport purera :

RaProducts' PureRa v1.7
Log created at 00:16 on 30/10/2012 (Francois)

C:\Config.MSI emptied.
C:\Documents and Settings\Francois\Application Data\Microsoft\CryptNetURLCache\Content emptied.
C:\Documents and Settings\Francois\Application Data\Microsoft\CryptNetURLCache\MetaData emptied.
C:\WINDOWS\system32\FNTCACHE.DAT <- Successfully deleted.
Recycle bin emptied.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.
C:\WINDOWS\SoftwareDistribution\Download emptied.
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.
C:\WINDOWS\SoftwareDistribution\WuRedir emptied.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
C:\DOCUME~1\Francois\LOCALS~1\Temp emptied.
C:\WINDOWS\TEMP emptied.
C:\ACER\Preload\Autorun\APP\Setup My PC\pic\Thumbs.db <- Successfully deleted.
C:\ACER\Preload\Autorun\AutorunX\HowToUse\Images\Thumbs.db <- Successfully deleted.
C:\ACER\Preload\Autorun\AutorunX\PB Logo\Thumbs.db <- Successfully deleted.
C:\Book\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db <- Successfully deleted.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm <- Successfully deleted.
C:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Default User\Local Settings\Application Data\IconCache.db <- Successfully deleted.
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\2004-12-08 - Alvira - Postcard from St. Petersburg\2004-12-08 - Alvira - Postcard from St. Petersburg\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\Claire\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\EmilyAndElla\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\forum\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\1317\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\ALA-Melissa_02\ALA-Melissa 02\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\ALA-Melissa_09\ALA-Melissa 09\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\ALA-Melissa_15\ALA-Melissa 15\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\almejaPELADA!\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\britt1\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\britt1\dotchan\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\hx\he\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\MollyAndPaige\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\videos\Nouveau dossier (2)\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\videos\voyage au bout de la nuit\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\videos\webcam\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Bureau\Hotmail\videos\webcam\Kayleyyyy\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\dwhelper\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\IconCache.db <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_1024.db <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_256.db <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_32.db <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_96.db <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_idx.db <- Successfully deleted.
C:\Documents and Settings\Francois\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\thumbcache_sr.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Downloads\Nouveau dossier\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Mes images\MP Navigator EX\2012_01_18\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Mes images\MP Navigator EX\2012_02_07\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Mes images\MP Navigator EX\2012_04_10\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Mes images\MP Navigator EX\2012_04_12\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Mes images\MP Navigator EX\2012_05_05\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Nouveau dossier\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\outdoorgf\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\outdoorgf\randalltv-outdoorgf\Thumbs.db <- Successfully deleted.
C:\Documents and Settings\Francois\Mes documents\Téléchargements\Thumbs.db <- Successfully deleted.
C:\Program Files\K-Lite Codec Pack\Icons\Thumbs.db <- Successfully deleted.
C:\Program Files\Packard Bell\Identity Card\PIC\Thumbs.db <- Successfully deleted.
C:\Program Files\Packard Bell\metaboli\Thumbs.db <- Successfully deleted.
C:\Program Files\Packard Bell\metaboli\img\Thumbs.db <- Successfully deleted.
C:\Program Files\Packard Bell\SetUpMyPC\pbcare\images\Thumbs.db <- Successfully deleted.
C:\Program Files\Packard Bell\SetUpMyPC\pic\Thumbs.db <- Successfully deleted.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db <- Successfully deleted.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm <- Successfully deleted.

Total space cleaned: 84.33 MB

-=E.O.F=-

comment ca se fait qu'il a viré que ca delfix comme outils ?

aucunes idées... peut-être que je l'ai mal manipulé, mais ça m'étonne. je le relance pour voir ce qu'il raconte.
sinon j'ai fait ccleaner, le nettoyage et verifs des disques. reste la défragmentation

faut voir si tu les avais bien mis sur le bureau ou.....