Virus sur mon ordinateur

apellegr -  
H3RV3 Messages postés 3661 Statut Contributeur sécurité -
Bonjour,


Je sollicite votre aide car j'ai actuellement un pb sur mon ordinateur sous windows XP. Les symptomes sont les suivants :

- Coupure intempestive du réseau local
- Plus de clique droit pour propriété dossier
- Quand surf sur le net, souvent rerouté vers d'autre page qui n'ont rien avoir
- Très très lent

Merci pour votre aide

Cordialement
Alain
A voir également:

27 réponses

Précédent
  • 1
  • 2
Réponse 21 / 27
H3RV3 Messages postés 3661 Statut Contributeur sécurité 280
 
C'est bien çà, il est possible que ta connexion ne fonctionne pas sur le live CD, dans ce cas il serait préférable que tu imprimes les instructions qui vont suivre.

Démarre sur le CD et patiente pendant le chargement.

Ensuite, double clique sur l'icone OTLPE présente sur le bureau.

A la question "Do you wish to load remote user profile for scanning", réponds Yes.

A la prochaine fenêtre, choisis ta session (vérifie que "Automatically Load All Remaining Users" est sélectionné) et clique sur OK.

OTLPE se lance, copie le texte ci-dessous : 



netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
wininit.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT




Et colle le dans le cadre "Custom Scans/Fixes" de OTLPE

Clique sur Run Scan et patiente pendant le scan

Quand le scan est terminé, un rapport va s'ouvrir, héberge le sur le site cijoint et copie le lien dans ta réponse.

Le rapport se trouve dans C:\OTL.txt
0
Réponse 22 / 27
apellegr
 
Bonjour

J ai fait le scan et voici le resultat

http://www.cijoint.fr/cjlink.php?file=cj201010/cij8u34SCE.txt

merci encore
alain
0
Réponse 23 / 27
H3RV3 Messages postés 3661 Statut Contributeur sécurité 280
 
Parfait, la suite :

Reémarre sur le CD si tu n'y es plus

Ensuite, double clique sur l'icone OTLPE présente sur le bureau.

A la question "Do you wish to load remote user profile for scanning", réponds Yes.

A la prochaine fenêtre, choisis ta session (vérifie que "Automatically Load All Remaining Users" est sélectionné) et clique sur OK.

OTLPE se lance, copie le texte ci-dessous : 



:OTL
SRV - File not found [Auto] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (DFBCFDBA)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/02/09 06:20:30 | 000,015,360 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\cxruad5d.sys -- (cxruad5d)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Documents and Settings\isabelle\Mes documents\Picasa2\PicasaMediaDetector.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.68,93.188.166.7
MsConfig - StartUpReg: [b]CTFMON.EXE/b - hkey= - key= -  File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\isabelle\Bureau\*.tmp files -> C:\Documents and Settings\isabelle\Bureau\*.tmp -> ]
:reg
[HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
"SetCommand"=dword:00000001
"SecurityLevel"=dword:00000001
[HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\Explorer]
"AlwaysUnloadDll"=dword:00000001
:commands
[resethosts]
[emptytemp]



Et colle le dans le cadre "Custom Scans/Fixes" de OTLPE

Clique cette fois sur Run Fix et patiente pendant le scan

Redémarre ton PC normalement.
0
Réponse 24 / 27
apellegr
 
bonjour

j ai lance le fix et j ai le log suivant



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLTNetCnService deleted successfully.
File C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WDICA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRELI deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDFRAME deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDCOMP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIDump deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lbrtfdc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omgmt deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFBCFDBA deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Changer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme deleted successfully.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cxruad5d deleted successfully.
C:\WINDOWS\system32\drivers\cxruad5d.sys moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Picasa Media Detector deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CTFMON.EXE/b\ not found.
C:\WINDOWS\002283_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\isabelle\Bureau\~WRL2280.tmp deleted successfully.
========== REGISTRY ==========
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SetCommand"|dword:00000001 /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SecurityLevel"|dword:00000001 /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKLM\SOFTWARE_ON_C\Microsoft\Windows\CurrentVersion\Explorer\\"AlwaysUnloadDll"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 7936810 bytes
->Temporary Internet Files folder emptied: 5686710 bytes
->FireFox cache emptied: 2499776 bytes
->Flash cache emptied: 0 bytes

User: alain
->Temp folder emptied: 426 bytes
->Temporary Internet Files folder emptied: 16958123 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: bvallee
->Temp folder emptied: 6946277 bytes
->Temporary Internet Files folder emptied: 5259836 bytes
->FireFox cache emptied: 5375203 bytes
->Flash cache emptied: 541 bytes

User: CIA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 911453 bytes
->Flash cache emptied: 0 bytes

User: ciadmin
->Temp folder emptied: 7546878 bytes
->Temporary Internet Files folder emptied: 6423107 bytes
->FireFox cache emptied: 4196416 bytes
->Flash cache emptied: 348 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Franck
->Temp folder emptied: 750049 bytes
->Temporary Internet Files folder emptied: 30475726 bytes
->FireFox cache emptied: 7889415 bytes
->Flash cache emptied: 348 bytes

User: francois
->Temp folder emptied: 61817 bytes
->Temporary Internet Files folder emptied: 55386429 bytes
->Flash cache emptied: 348 bytes

User: isabelle
->Temp folder emptied: 6311057 bytes
->Temporary Internet Files folder emptied: 733207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4859294 bytes
->Flash cache emptied: 658 bytes

User: laurent
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: lbrouiller
->Temp folder emptied: 456389 bytes
->Temporary Internet Files folder emptied: 7707922 bytes
->FireFox cache emptied: 8090588 bytes
->Flash cache emptied: 1076 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 48456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: paola
->Temp folder emptied: 163007 bytes
->Temporary Internet Files folder emptied: 1194958 bytes
->Flash cache emptied: 348 bytes

User: svergon
->Temp folder emptied: 296225 bytes
->Temporary Internet Files folder emptied: 39893801 bytes
->FireFox cache emptied: 2774798 bytes
->Flash cache emptied: 348 bytes

User: vfelder
->Temp folder emptied: 2627 bytes
->Temporary Internet Files folder emptied: 1086381 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24237 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 287029 bytes

Total Files Cleaned = 227.00 mb


OTLPE by OldTimer - Version 3.1.42.0 log created on 10152010_095504





merci beaucoup

est ce que je dois faire autre chose ?

alain
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 27
H3RV3 Messages postés 3661 Statut Contributeur sécurité 280
 
Salut,

Cà n'est pas fini.
Déjà, dis-moi si ton PC va mieux.
Ensuite, essaie de faire maintenant un rapport ZHPDiag comme noté ici ==> https://forums.commentcamarche.net/forum/affich-19448685-virus-sur-mon-ordinateur#1
0
Réponse 26 / 27
apellegr
 
Bonjour,

J'étais en congés, et c'est le PC du travail.
J'ai donc retenté, mais toujours pariel, impossible de lancer ZHPDiag.

Merci
Alain
0
Réponse 27 / 27
H3RV3 Messages postés 3661 Statut Contributeur sécurité 280
 
Salut,

OK pour ZHPDiag, peux-tu si tu as encore des problèmes, et lesquels.
0