Bon alors après quelques problème (pubs intempestive , démarrage lent ) j'ai réussi a a peu près y remedier en passant

En mode normal :

-Ad-aware

-Spybot Search&Destroy

-Ccleaner

-AVG anti-spyware

-Avast (mon anti virus)

->J'ai viré pas mal de truc qui sont revenus bien entendu alors je suis passer en

Mode Sans Echec:

-Ad-aware

-Spybot Search&Destroy

-Ccleaner

-AVG anti-spyware

Quelques problèmes réglé mais toujours ces pubs et démarrage assez lent

Donc je me suis mis a passer : Vundofix qui m'a suppr pas mal de fichier (3-4) dans system32 et après j'ai passer : VirtumundoBeGone qui lui ne m'a rien trouvé de spécial

Et pour finir j'ai crée un dossier sur le bureau après mis Hijackthis et je vous post le rapport (j'espère que je ne me suis pas trompé :

Logfile of HijackThis v1.99.1
Scan saved at 13:40:23, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Antho\Bureau\rapport\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nordvssud.com/accueil/accueil.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {35845E32-35D9-46BB-9240-258AB96391C5} - C:\WINDOWS\system32\cbxyyvw.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {5291B91C-34B0-4CEB-AFEF-83D4A2048C83} - C:\WINDOWS\system32\oyreheyr.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\mvxknjjg.dll (file missing)
O2 - BHO: (no name) - {691AFADD-74D9-4397-85D1-B1E00F40B6A1} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\yjidjeiy.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6612356171
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Je suis ensuite aller sur le Site d'Hijackthis pour faire analyser mon rapport et il m'a trouver un petit problème ici :
[color=#FF0000]
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\yjidjeiy.dll",setvm[/color]

A mon dernier démarrage une fois rentré sur la session il me semble bien avoir eu ce message : yjidjeiy.dll fichier introuvable (quelquechose du genre)

Vu que je ne suis pas un pro , j'attend vos avis pour savoir si il y a autre chose a faire ou si il faut le supprimé

Merci d'avance pour vos futures réponses

Re,

• Télécharge combofix.exe (par sUBs) sur ton Bureau
• Double clique combofix.exe.
• Tape sur la touche Y (Yes) pour démarrer le scan.
• Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

&

Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

AIDE : Tuto sur BlackLight (Malekal)

Bon alors pour Combofix :

"Antho" - 07-03-31 14:52:58 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Antho\Bureau"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Antho\Bureau.\internet explorer.lnk


((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-31 ))))))))))))))))))))))))))))))))))


2007-03-31 13:26 <REP> d-------- C:\!KillBox
2007-03-31 12:53 <REP> d-------- C:\VundoFix Backups
2007-03-31 11:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-03-31 01:25 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-31 01:16 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-03-31 01:14 <REP> d-------- C:\WINDOWS\AU_Temp
2007-03-31 01:14 <REP> d-------- C:\WINDOWS\AU_Log
2007-03-31 01:13 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-03-31 01:13 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-03-31 01:13 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-03-23 21:09 366,080 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2007-03-23 21:09 365,440 --a------ C:\WINDOWS\system32\drivers\RT619x.sys
2007-03-23 21:09 255,616 --a------ C:\WINDOWS\system32\drivers\rt73u98.sys
2007-03-23 21:09 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2007-03-23 21:09 247,808 --a------ C:\WINDOWS\system32\drivers\rt25u98.sys
2007-03-23 21:09 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2007-03-23 21:09 244,608 --a------ C:\WINDOWS\system32\drivers\rt25009x.sys
2007-03-23 21:09 243,328 --a------ C:\WINDOWS\system32\drivers\rt2500.sys
2007-03-23 21:09 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-03-23 21:09 <REP> d-------- C:\Program Files\Hercules
2007-03-23 21:08 <REP> d-------- C:\DOCUME~1\Antho\APPLIC~1\InstallShield
2007-03-18 16:58 <REP> d-------- C:\NvsS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-31 14:21 49460 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-03-31 14:21 380 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-31 00:37 -------- d-------- C:\Program Files\daemon tools
2007-03-29 19:46 -------- d-------- C:\Program Files\windows live safety center
2007-03-23 21:09 -------- d--h----- C:\Program Files\installshield installation information
2007-03-21 20:36 -------- d-------- C:\DOCUME~1\Antho\APPLIC~1\teamspeak2
2007-02-22 19:54 -------- d-------- C:\Program Files\splus
2007-02-21 16:11 -------- d-------- C:\DOCUME~1\Antho\APPLIC~1\gearbox software
2007-02-21 16:01 -------- d-------- C:\Program Files\yahoo!
2007-02-21 16:01 -------- d-------- C:\Program Files\ccleaner
2007-02-08 09:25 -------- d-------- C:\Program Files\google
2007-01-31 19:29 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-01-31 19:29 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-01-31 18:53 -------- d-------- C:\Program Files\monte cristo
2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-14 13:11 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-09 21:31 60416 --a------ C:\WINDOWS\alcfdrtm.exe
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-07 19:04 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2006-12-28 16:08 71 ---h----- C:\WINDOWS\dsez4200.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\yjidjeiy.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Antho^Menu Démarrer^Programmes^Démarrage^Registration .LNK]
"path"="C:\\Documents and Settings\\Antho\\Menu Démarrer\\Programmes\\Démarrage\\Registration .LNK"
"backup"="C:\\WINDOWS\\pss\\Registration .LNKStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Ubisoft\\FACESO~1\\REGIST~1.EXE -d 802846 -l english -r 7 -g -c us -i "
"item"="Registration "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Antho^Menu Démarrer^Programmes^Démarrage^ubisoft register.lnk]
"path"="C:\\Documents and Settings\\Antho\\Menu Démarrer\\Programmes\\Démarrage\\ubisoft register.lnk"
"backup"="C:\\WINDOWS\\pss\\ubisoft register.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Ubisoft\\Eagle Dynamics\\Lock On\\Register\\schedule.exe /01/02/2049 19:07:41 /game=Lock On: Air Combat Simulation /language=French /country=France /url=http://register-it.ubi.com/register.asp"
"item"="ubisoft register"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="razerhid"
"hkey"="HKLM"
"command"="C:\\Program Files\\Razer\\Copperhead\\razerhid.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uxkillmg"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\uxkillmg.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Valve\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuperCopier2"
"hkey"="HKCU"
"command"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35845E32-35D9-46BB-9240-258AB96391C5}"=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-31 14:56:03


Et pour BlackLight :

03/31/07 14:58:40 [Info]: BlackLight Engine 1.0.61 initialized
03/31/07 14:58:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/31/07 14:58:40 [Note]: 7019 4
03/31/07 14:58:40 [Note]: 7005 0
03/31/07 14:59:01 [Note]: 7006 0
03/31/07 14:59:01 [Note]: 7011 516
03/31/07 14:59:01 [Note]: 7026 0
03/31/07 14:59:01 [Note]: 7026 0
03/31/07 14:59:03 [Note]: FSRAW library version 1.7.1021
03/31/07 15:05:42 [Note]: 2000 1012
03/31/07 15:05:42 [Note]: 2000 1012
03/31/07 15:05:42 [Note]: 2000 1012

-----------------------------------------------------------

Je tiens a préciser que je n'avais plus de ralientissement au démarrage et que je n'ai pas de pubs , juste une massage d'erreur à l'ouverture de session

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {35845E32-35D9-46BB-9240-258AB96391C5} - C:\WINDOWS\system32\cbxyyvw.dll (file missing)
O2 - BHO: (no name) - {5291B91C-34B0-4CEB-AFEF-83D4A2048C83} - C:\WINDOWS\system32\oyreheyr.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\mvxknjjg.dll (file missing)
O2 - BHO: (no name) - {691AFADD-74D9-4397-85D1-B1E00F40B6A1} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\yjidjeiy.dll",setvm

Clique sur Fix checked (en bas à gauche)

Ca devrait être ok.

ok c'est réglé , merci bien , a+

Bon surf