Virus (trojan??)

Claire -  
 Utilisateur anonyme -
Bonjour!
J'ai un souci avec mon pc. J'ai chopé un virus qui ne veut pas partir... j'ai avast comme anti-virus. J'espere que quelqu'un pourra m'aider. Je vous joins un scan ewido ainsi que hijackthis.

Merci d'avance pour votre aide!!!
Claire

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:27:28 14/09/2006

+ Scan result:

C:\WINDOWS\system32\dgactfrm.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dnmclien.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\fp8m03l1e.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\inxrtmgr.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\kddhe220.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mhhtmler.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\nttui0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\o2ns0c57ef.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\shrvdeps.dll -> Adware.Look2Me : No action taken.
[664] C:\WINDOWS\system32\inxrtmgr.dll -> Adware.Look2Me : No action taken.
[808] C:\WINDOWS\system32\inxrtmgr.dll -> Adware.Look2Me : No action taken.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 16:31:40, on 14/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\anti-virus\aswUpdSv.exe
C:\Program Files\anti-virus\ashServ.exe
C:\Program Files\anti-virus\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\anti-virus\ashMaiSv.exe
C:\Program Files\anti-virus\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\ANTI-V~1\ashDisp.exe
C:\Program Files\anti-virus\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\LOR'\Bureau\hijackthis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTI-V~1\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\anti-virus\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [zvjd7e66] RUNDLL32.EXE w070a528.dll,n 003d7e630000000a070a528
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\n64s0gh7e64.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\anti-virus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\anti-virus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\anti-virus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\anti-virus\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGF1cmUgZ3JpbW91aWxsZQ\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\anti-virus\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

1 réponse

  1. Utilisateur anonyme
     
    Salut,

    Télécharge L2mfix ici:
    http://www.downloads.subratam.org/l2mfix.exe

    Lances "L2mfix.bat" et sélectionne l'option 2
    L'ordi va redémarrer automatiquement si non, fais le de toi même
    Recopie le rapport et colle le ici avec un nouveau rapport HijackThis
    0
    1. claire
       
      Merci beaucoup pour ton aide.
      Voici les rapports :

      L2mfix 051206
      Creating Account.
      Le compte existe d‚j….

      Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 2224.

      Adding Administrative privleges.
      Checking for L2MFix account(0=no 1=yes):
      1
      Granting SeDebugPrivilege to L2MFIX ... successful

      Running From:
      C:\WINDOWS\system32

      Killing Processes!
      Killing 'smss.exe'
      \SystemRoot\System32\smss.exe (704)
      Killing 'winlogon.exe'
      winlogon.exe (832)
      Killing 'explorer.exe'
      C:\WINDOWS\Explorer.EXE (356)
      Killing 'rundll32.exe'
      rundll32.exe "C:\WINDOWS\system32\axstream.dll",DllGetVersion (1576)
      Restoring Sedebugprivilege:
      Granting SeDebugPrivilege to Administrateurs ... successful

      Scanning First Pass. Please Wait!

      First Pass Completed

      Second Pass Scanning

      Second pass Completed!
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).

      Running From:
      C:\WINDOWS\system32

      Killing Processes!
      Killing 'smss.exe'
      \SystemRoot\System32\smss.exe (700)
      Killing 'winlogon.exe'
      winlogon.exe (812)
      Killing 'explorer.exe'
      C:\WINDOWS\Explorer.EXE (1852)
      Killing 'rundll32.exe'
      Restoring Sedebugprivilege:
      Granting SeDebugPrivilege to Administrateurs ... successful

      Scanning First Pass. Please Wait!

      First Pass Completed

      Second Pass Scanning

      Second pass Completed!
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      1 fichier(s) copi‚(s).
      Deleting: C:\WINDOWS\system32\aza8077ue.dll
      Successfully Deleted: C:\WINDOWS\system32\aza8077ue.dll
      Deleting: C:\WINDOWS\system32\dgactfrm.dll
      Successfully Deleted: C:\WINDOWS\system32\dgactfrm.dll
      Deleting: C:\WINDOWS\system32\dnmclien.dll
      Successfully Deleted: C:\WINDOWS\system32\dnmclien.dll
      Deleting: C:\WINDOWS\system32\dycpcsvc.dll
      Successfully Deleted: C:\WINDOWS\system32\dycpcsvc.dll
      Deleting: C:\WINDOWS\system32\fp8m03l1e.dll
      Successfully Deleted: C:\WINDOWS\system32\fp8m03l1e.dll
      Deleting: C:\WINDOWS\system32\inxrtmgr.dll
      Successfully Deleted: C:\WINDOWS\system32\inxrtmgr.dll
      Deleting: C:\WINDOWS\system32\kddhe220.dll
      Successfully Deleted: C:\WINDOWS\system32\kddhe220.dll
      Deleting: C:\WINDOWS\system32\mhhtmler.dll
      Successfully Deleted: C:\WINDOWS\system32\mhhtmler.dll
      Deleting: C:\WINDOWS\system32\mtminst.dll
      Successfully Deleted: C:\WINDOWS\system32\mtminst.dll
      Deleting: C:\WINDOWS\system32\mxencode.dll
      Successfully Deleted: C:\WINDOWS\system32\mxencode.dll
      Deleting: C:\WINDOWS\system32\nttui0.dll
      Successfully Deleted: C:\WINDOWS\system32\nttui0.dll
      Deleting: C:\WINDOWS\system32\o2ns0c57ef.dll
      Successfully Deleted: C:\WINDOWS\system32\o2ns0c57ef.dll
      Deleting: C:\WINDOWS\system32\s2880cluefq80.dll
      Successfully Deleted: C:\WINDOWS\system32\s2880cluefq80.dll
      Deleting: C:\WINDOWS\system32\shrvdeps.dll
      Successfully Deleted: C:\WINDOWS\system32\shrvdeps.dll
      Deleting: C:\WINDOWS\system32\axstream.dll
      Successfully Deleted: C:\WINDOWS\system32\axstream.dll
      Deleting: C:\WINDOWS\system32\aza8077ue.dll
      Successfully Deleted: C:\WINDOWS\system32\aza8077ue.dll
      Deleting: C:\WINDOWS\system32\dgactfrm.dll
      Successfully Deleted: C:\WINDOWS\system32\dgactfrm.dll
      Deleting: C:\WINDOWS\system32\dnmclien.dll
      Successfully Deleted: C:\WINDOWS\system32\dnmclien.dll
      Deleting: C:\WINDOWS\system32\dycpcsvc.dll
      Successfully Deleted: C:\WINDOWS\system32\dycpcsvc.dll
      Deleting: C:\WINDOWS\system32\fp8m03l1e.dll
      Successfully Deleted: C:\WINDOWS\system32\fp8m03l1e.dll
      Deleting: C:\WINDOWS\system32\inxrtmgr.dll
      Successfully Deleted: C:\WINDOWS\system32\inxrtmgr.dll
      Deleting: C:\WINDOWS\system32\kddhe220.dll
      Successfully Deleted: C:\WINDOWS\system32\kddhe220.dll
      Deleting: C:\WINDOWS\system32\mhhtmler.dll
      Successfully Deleted: C:\WINDOWS\system32\mhhtmler.dll
      Deleting: C:\WINDOWS\system32\mtminst.dll
      Successfully Deleted: C:\WINDOWS\system32\mtminst.dll
      Deleting: C:\WINDOWS\system32\mxencode.dll
      Successfully Deleted: C:\WINDOWS\system32\mxencode.dll
      Deleting: C:\WINDOWS\system32\nttui0.dll
      Successfully Deleted: C:\WINDOWS\system32\nttui0.dll
      Deleting: C:\WINDOWS\system32\o2ns0c57ef.dll
      Successfully Deleted: C:\WINDOWS\system32\o2ns0c57ef.dll
      Deleting: C:\WINDOWS\system32\s2880cluefq80.dll
      Successfully Deleted: C:\WINDOWS\system32\s2880cluefq80.dll
      Deleting: C:\WINDOWS\system32\shrvdeps.dll
      Successfully Deleted: C:\WINDOWS\system32\shrvdeps.dll

      msg11?.dll
      0 fichier(s) copi‚(s).



      Restoring Windows Update Certificates.:

      The following Is the Current Export of the Winlogon notify key:
      ****************************************************************************
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
      "DLLName"="Ati2evxx.dll"
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000001
      "Lock"="AtiLockEvent"
      "Logoff"="AtiLogoffEvent"
      "Logon"="AtiLogonEvent"
      "Disconnect"="AtiDisConnectEvent"
      "Reconnect"="AtiReConnectEvent"
      "Safe"=dword:00000000
      "Shutdown"="AtiShutdownEvent"
      "StartScreenSaver"="AtiStartScreenSaverEvent"
      "StartShell"="AtiStartShellEvent"
      "Startup"="AtiStartupEvent"
      "StopScreenSaver"="AtiStopScreenSaverEvent"
      "Unlock"="AtiUnLockEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
      "Asynchronous"=dword:00000000
      "DllName"="C:\\WINDOWS\\system32\\aza8077ue.dll"
      "Impersonate"=dword:00000000
      "Logon"="WinLogon"
      "Logoff"="WinLogoff"
      "Shutdown"="WinShutdown"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001


      The following are the files found:
      ****************************************************************************
      C:\WINDOWS\system32\aza8077ue.dll
      C:\WINDOWS\system32\dgactfrm.dll
      C:\WINDOWS\system32\dnmclien.dll
      C:\WINDOWS\system32\dycpcsvc.dll
      C:\WINDOWS\system32\fp8m03l1e.dll
      C:\WINDOWS\system32\inxrtmgr.dll
      C:\WINDOWS\system32\kddhe220.dll
      C:\WINDOWS\system32\mhhtmler.dll
      C:\WINDOWS\system32\mtminst.dll
      C:\WINDOWS\system32\mxencode.dll
      C:\WINDOWS\system32\nttui0.dll
      C:\WINDOWS\system32\o2ns0c57ef.dll
      C:\WINDOWS\system32\s2880cluefq80.dll
      C:\WINDOWS\system32\shrvdeps.dll
      C:\WINDOWS\system32\axstream.dll
      C:\WINDOWS\system32\aza8077ue.dll
      C:\WINDOWS\system32\dgactfrm.dll
      C:\WINDOWS\system32\dnmclien.dll
      C:\WINDOWS\system32\dycpcsvc.dll
      C:\WINDOWS\system32\fp8m03l1e.dll
      C:\WINDOWS\system32\inxrtmgr.dll
      C:\WINDOWS\system32\kddhe220.dll
      C:\WINDOWS\system32\mhhtmler.dll
      C:\WINDOWS\system32\mtminst.dll
      C:\WINDOWS\system32\mxencode.dll
      C:\WINDOWS\system32\nttui0.dll
      C:\WINDOWS\system32\o2ns0c57ef.dll
      C:\WINDOWS\system32\s2880cluefq80.dll
      C:\WINDOWS\system32\shrvdeps.dll

      Registry Entries that were Deleted:
      Please verify that the listing looks ok.
      If there was something deleted wrongly there are backups in the backreg folder.
      ****************************************************************************
      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{A7C904B7-79F2-4494-AB48-282D607202C5}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{A7C904B7-79F2-4494-AB48-282D607202C5}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{A7C904B7-79F2-4494-AB48-282D607202C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{A7C904B7-79F2-4494-AB48-282D607202C5}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mhhtmler.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{77694E8D-C1EC-44C1-8470-88F55031D4ED}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{77694E8D-C1EC-44C1-8470-88F55031D4ED}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{77694E8D-C1EC-44C1-8470-88F55031D4ED}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{77694E8D-C1EC-44C1-8470-88F55031D4ED}\InprocServer32]
      @="C:\\WINDOWS\\system32\\nttui0.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C98845D3-B723-4A6B-AE68-F6879CC20445}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C98845D3-B723-4A6B-AE68-F6879CC20445}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C98845D3-B723-4A6B-AE68-F6879CC20445}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C98845D3-B723-4A6B-AE68-F6879CC20445}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kddhe220.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{DA0CFC87-3FDB-4CDD-85F8-3462EC9853FC}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{DA0CFC87-3FDB-4CDD-85F8-3462EC9853FC}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{DA0CFC87-3FDB-4CDD-85F8-3462EC9853FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{DA0CFC87-3FDB-4CDD-85F8-3462EC9853FC}\InprocServer32]
      @="C:\\WINDOWS\\system32\\shrvdeps.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{74EB5142-BC0A-409B-B163-B12C8809B447}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{74EB5142-BC0A-409B-B163-B12C8809B447}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{74EB5142-BC0A-409B-B163-B12C8809B447}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{74EB5142-BC0A-409B-B163-B12C8809B447}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mxencode.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D4EC676B-12B2-4B0F-9AE1-688385B534B2}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D4EC676B-12B2-4B0F-9AE1-688385B534B2}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D4EC676B-12B2-4B0F-9AE1-688385B534B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D4EC676B-12B2-4B0F-9AE1-688385B534B2}\InprocServer32]
      @="C:\\WINDOWS\\system32\\ohhlp30e.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{76ACA4A6-7A90-40A3-B99E-602D8FF94748}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{76ACA4A6-7A90-40A3-B99E-602D8FF94748}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{76ACA4A6-7A90-40A3-B99E-602D8FF94748}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{76ACA4A6-7A90-40A3-B99E-602D8FF94748}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mtminst.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{24412AC8-D70B-4340-980A-3909971E1B1B}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{24412AC8-D70B-4340-980A-3909971E1B1B}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{24412AC8-D70B-4340-980A-3909971E1B1B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{24412AC8-D70B-4340-980A-3909971E1B1B}\InprocServer32]
      @="C:\\WINDOWS\\system32\\dycpcsvc.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{892691B9-5743-4DBF-B45C-4EC727B26007}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{892691B9-5743-4DBF-B45C-4EC727B26007}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{892691B9-5743-4DBF-B45C-4EC727B26007}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{892691B9-5743-4DBF-B45C-4EC727B26007}\InprocServer32]
      @="C:\\WINDOWS\\system32\\axstream.dll"
      "ThreadingModel"="Apartment"

      REGEDIT4

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      REGEDIT4

      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "SV1"=""
      ****************************************************************************
      Desktop.ini Contents:
      ****************************************************************************

      ****************************************************************************
      Checking for L2MFix account(0=no 1=yes):
      0
      Zipping up files for submission:
      adding: dlls/axstream.dll (164 bytes security) (deflated 5%)
      adding: dlls/aza8077ue.dll (164 bytes security) (deflated 5%)
      adding: dlls/dgactfrm.dll (164 bytes security) (deflated 4%)
      adding: dlls/dnmclien.dll (164 bytes security) (deflated 5%)
      adding: dlls/dycpcsvc.dll (164 bytes security) (deflated 6%)
      adding: dlls/fp8m03l1e.dll (164 bytes security) (deflated 5%)
      adding: dlls/inxrtmgr.dll (164 bytes security) (deflated 5%)
      adding: dlls/kddhe220.dll (164 bytes security) (deflated 5%)
      adding: dlls/mhhtmler.dll (164 bytes security) (deflated 6%)
      adding: dlls/mtminst.dll (164 bytes security) (deflated 5%)
      adding: dlls/mxencode.dll (164 bytes security) (deflated 5%)
      adding: dlls/nttui0.dll (164 bytes security) (deflated 5%)
      adding: dlls/o2ns0c57ef.dll (164 bytes security) (deflated 4%)
      adding: dlls/s2880cluefq80.dll (164 bytes security) (deflated 6%)
      adding: dlls/shrvdeps.dll (164 bytes security) (deflated 5%)
      adding: backregs/24412AC8-D70B-4340-980A-3909971E1B1B.reg (188 bytes security) (deflated 70%)
      adding: backregs/74EB5142-BC0A-409B-B163-B12C8809B447.reg (188 bytes security) (deflated 70%)
      adding: backregs/76ACA4A6-7A90-40A3-B99E-602D8FF94748.reg (188 bytes security) (deflated 70%)
      adding: backregs/77694E8D-C1EC-44C1-8470-88F55031D4ED.reg (188 bytes security) (deflated 70%)
      adding: backregs/892691B9-5743-4DBF-B45C-4EC727B26007.reg (188 bytes security) (deflated 70%)
      adding: backregs/A7C904B7-79F2-4494-AB48-282D607202C5.reg (188 bytes security) (deflated 70%)
      adding: backregs/C98845D3-B723-4A6B-AE68-F6879CC20445.reg (188 bytes security) (deflated 70%)
      adding: backregs/D4EC676B-12B2-4B0F-9AE1-688385B534B2.reg (188 bytes security) (deflated 70%)
      adding: backregs/DA0CFC87-3FDB-4CDD-85F8-3462EC9853FC.reg (188 bytes security) (deflated 70%)
      adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
      adding: backregs/shell.reg (164 bytes security) (deflated 73%)






      Logfile of HijackThis v1.99.1
      Scan saved at 17:51:37, on 18/09/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\anti-virus\aswUpdSv.exe
      C:\Program Files\anti-virus\ashServ.exe
      C:\Program Files\anti-virus\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\Program Files\anti-virus\ashMaiSv.exe
      C:\Program Files\anti-virus\ashWebSv.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\PROGRA~1\ANTI-V~1\ashDisp.exe
      C:\Program Files\anti-virus\ewido anti-spyware 4.0\ewido.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\LOR'\Bureau\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
      O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTI-V~1\ashDisp.exe
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\anti-virus\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKLM\..\Run: [winlog] winlog.exe
      O4 - HKLM\..\Run: [zvjd7e66] RUNDLL32.EXE w070a528.dll,n 003d7e630000000a070a528
      O4 - HKLM\..\RunServices: [winlog] winlog.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - AppInit_DLLs: repairs303169590.dll
      O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\aza8077ue.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\anti-virus\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\anti-virus\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\anti-virus\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\anti-virus\ashWebSv.exe" /service (file missing)
      O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGF1cmUgZ3JpbW91aWxsZQ\command.exe (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\anti-virus\ewido anti-spyware 4.0\guard.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

      encore une fois merci!!!
      0
      1. Utilisateur anonyme > claire
         
        Maintenant,

        Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

        R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
        O4 - HKLM\..\Run: [winlog] winlog.exe
        O4 - HKLM\..\Run: [zvjd7e66] RUNDLL32.EXE w070a528.dll,n 003d7e630000000a070a528
        O4 - HKLM\..\RunServices: [winlog] winlog.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O20 - AppInit_DLLs: repairs303169590.dll


        Clic sur demarrer, executer, tape: services.msc puis "ok" une liste va s'ouvrir agrandi la fenêtre cherche les ligne ci-dessous tu double-clique dessus puis tu choisis "type de démarrage: désactivé" appliquer puis ok

        Network Monitor
        Command Service


        Clic sur demarrer, rechercher, cherche et supprime ces fichiers si présent;

        winlog.exe
        command.exe
        netmon.exe

        **Si un fichier persiste lors de la suppression fais ceci:
        -Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement


        Fais ce nettoyage: (à faire réguliérement)

        ¤Telecharges et installes ceci:
        CCleaner:
        Télécharger Ccleaner

        dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
        Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes

        ¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"


        Désactive le pare-feu de Windows et installe celui-ci pour que tu sois mieux protégé

        Kerio: (pare-feu, qui reste gratuit après la periode d'essai!)
        Kerio Personal Firewall
        -tutorial: pour configurer et comprendre l'utilisation de Kerio
        https://kerio.probb.fr/


        Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
        Une fois qu'il a terminé colle le rapport ici stp

        https://www.bitdefender.com/toolbox/


        Bon courage!
        0