Besoin de vous! (hidr et wintems en vue ;)

Bonjour,

Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.

AIDE : Comment supprimer Bagle ?

Salut Angeldark, merci de me repondre  


Jai fait ton petit truc la, et il ne m'a affiché aucun rapport. Jfais toujours des trucs en parrallele sur le pc, donc si les applications que tu me demande de faire necessite larrete de tous les autres programmes, dis le moi ^^

une autre idée?

Ok, on va faire autrement.

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Voila, il m'a fait peur ton programme  

ComboFix 07-11-08.1 - FuMy 2007-11-13 19:55:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1458 [GMT 1:00]
Running from: C:\Documents and Settings\FuMy\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\FuMy\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 19:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 14:28 <REP> d-------- C:\Program Files\Sygate
2007-11-13 14:28 77,824 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-11-13 14:28 55,888 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-11-13 14:28 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-11-13 14:28 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-11-13 14:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-13 14:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-13 14:23 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-13 14:23 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-13 14:23 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-13 14:23 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-13 14:23 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-13 10:49 <REP> d-------- C:\Program Files\Fichiers communs\DeskShare Shared
2007-11-13 10:49 <REP> d-------- C:\Program Files\Deskshare
2007-11-13 02:03 <REP> d-------- C:\Documents and Settings\FuMy\Application Data\Ventrilo
2007-11-13 02:02 <REP> d-------- C:\Program Files\Ventrilo
2007-11-12 23:31 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2007-11-12 23:31 74 --ah----- C:\WINDOWS\uce.dat
2007-11-12 19:06 <REP> d-------- C:\Program Files\ParticleIllusion
2007-11-11 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pI3demoLicense
2007-11-07 22:24 <REP> d-------- C:\Program Files\Xilisoft
2007-11-07 22:13 <REP> d-------- C:\Program Files\VSO
2007-11-07 22:13 <REP> d-------- C:\Documents and Settings\FuMy\Application Data\Vso
2007-11-07 22:13 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-11-07 22:13 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-11-07 22:13 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-11-07 22:13 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-07 22:13 47,360 --a------ C:\Documents and Settings\FuMy\Application Data\pcouffin.sys
2007-11-07 14:26 3,272,704 --a------ C:\WINDOWS\system32\sapphire_ae.dll
2007-11-07 14:25 <REP> d-------- C:\Program Files\GenArts
2007-11-06 22:36 <REP> d-------- C:\Program Files\My Screen Recorder
2007-11-04 14:32 <REP> d-------- C:\users
2007-11-04 14:32 638,976 --a------ C:\WINDOWS\system32\spmd.exe
2007-11-04 14:29 32,768 -ra------ C:\WINDOWS\system32\XSIChooser.exe
2007-11-04 14:28 <REP> d-------- C:\Program Files\XS
2007-11-03 14:54 <REP> d-------- C:\WINDOWS\system32\RNBOSENT
2007-11-03 14:54 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-11-03 14:54 73,728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
2007-11-03 14:54 49,664 --a------ C:\WINDOWS\system32\SNTI386.DLL
2007-11-03 14:54 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-11-03 14:54 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-11-03 14:54 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
2007-11-03 14:54 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-11-03 14:54 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-11-03 14:53 <REP> d-------- C:\Program Files\Alias
2007-11-03 14:52 <REP> d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-11-03 14:52 <REP> d-------- C:\Program Files\Fichiers communs\Alias Shared
2007-11-02 20:06 126,976 --a------ C:\WINDOWS\system32\apphelp.dll
2007-10-29 15:01 <REP> d-------- C:\Documents and Settings\FuMy\Application Data\Locktime
2007-10-29 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2007-10-28 22:44 <REP> d-------- C:\Documents and Settings\FuMy\Application Data\Apple Computer
2007-10-15 22:54 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-10-15 21:07 <REP> d-------- C:\Program Files\Gpotato.eu

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 18:50 --------- d-----w C:\Program Files\Warcraft III
2007-11-13 17:45 --------- d-----w C:\Program Files\eMule
2007-11-13 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 01:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-13 00:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-12 23:58 --------- d-----w C:\Documents and Settings\FuMy\Application Data\BitTorrent
2007-11-12 22:33 --------- d-----w C:\Documents and Settings\FuMy\Application Data\Ulead Systems
2007-11-12 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-12 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 22:31 --------- d-----w C:\Program Files\Ulead Systems
2007-11-12 17:17 --------- d-----w C:\Documents and Settings\FuMy\Application Data\Skype
2007-11-12 01:05 --------- d-----w C:\Program Files\Doc VinCS (2)
2007-11-09 13:15 --------- d-----w C:\Documents and Settings\FuMy\Application Data\XnView
2007-11-07 18:41 --------- d-----w C:\Documents and Settings\FuMy\Application Data\mIRC
2007-11-07 17:45 --------- d-----w C:\Program Files\mIRC
2007-11-06 22:04 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-10-09 18:35 --------- d-----w C:\Program Files\XnView
2007-10-07 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-07 10:45 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-07 10:45 --------- d-----w C:\Program Files\Microsoft Works
2007-10-06 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-10-05 21:15 --------- d-----w C:\Program Files\CDBurnerXP Pro 3
2007-10-04 12:29 --------- d-----w C:\Program Files\VD
2007-10-04 10:02 --------- d-----w C:\Documents and Settings\FuMy\Application Data\AdobeUM
2007-10-03 13:37 --------- d-----w C:\Program Files\e-on software
2007-10-01 13:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-01 12:43 --------- d-----w C:\Documents and Settings\FuMy\Application Data\ObviousFX
2007-10-01 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ObviousFX
2007-09-28 17:13 --------- d-----w C:\Documents and Settings\FuMy\Application Data\Talkback
2007-09-27 15:46 --------- d-----w C:\Program Files\Audacity
2007-09-27 15:40 --------- d-----w C:\Documents and Settings\FuMy\Application Data\SecondLife
2007-09-27 15:21 --------- d-----w C:\Program Files\GoldWave
2007-09-25 14:51 --------- d-----w C:\Program Files\Skype
2007-09-25 14:51 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-09-25 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-25 09:15 51,094 ----a-w C:\report.zip
2007-09-25 09:14 --------- d-----w C:\Program Files\SmartSound Software
2007-09-25 09:14 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-25 09:13 --------- d-----w C:\Program Files\Windows Media Components
2007-09-25 09:13 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-09-25 09:13 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-09-25 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-09-24 11:06 --------- d-----w C:\Program Files\Magic Bullet Suite 2.0
2007-09-24 11:06 --------- d-----w C:\Program Files\Magic Bullet MisFire
2007-09-24 11:06 --------- d-----w C:\Program Files\Magic Bullet Looks
2007-09-24 10:35 --------- d-----w C:\Program Files\Primatte(After Effects)
2007-09-23 20:56 --------- d-----w C:\Program Files\QuickTime
2007-09-23 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-23 20:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-09-23 12:01 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-09-23 12:01 --------- d-----w C:\Documents and Settings\FuMy\Application Data\BitTorrent DNA
2007-09-23 07:40 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-09-23 07:40 --------- d-----w C:\Program Files\BitTorrent
2007-09-22 15:07 --------- d-----w C:\Documents and Settings\FuMy\Application Data\Uniblue
2007-09-22 10:52 --------- d-----w C:\Program Files\SLD Codec Pack
2007-09-21 17:45 --------- d-----w C:\Program Files\Elaborate Bytes
2007-09-21 17:41 --------- d-----w C:\Program Files\SlySoft
2007-09-21 17:31 --------- d-----w C:\Program Files\VideoLAN
2007-09-21 17:31 --------- d-----w C:\Documents and Settings\FuMy\Application Data\vlc
2007-09-21 17:22 --------- d-----w C:\Program Files\Winamp
2007-09-21 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-21 15:52 --------- d-----w C:\Program Files\Windows Live
2007-09-21 15:52 --------- d-----w C:\Program Files\MSN Messenger
2007-09-21 15:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-09-21 15:36 --------- d-----w C:\Program Files\BeWAN ADSL V1.9.0.5
2007-09-21 15:31 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-09-21 15:31 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-21 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-21 15:21 --------- d-----w C:\Program Files\Realtek
2007-09-21 14:17 --------- d---a-w C:\Documents and Settings\FuMy\Application Data\gtopala
2007-09-21 14:17 --------- d---a-w C:\Documents and Settings\FuMy\Application Data\aignes
2007-09-21 14:14 --------- d-----w C:\Program Files\Java
2007-09-21 14:14 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-21 14:13 --------- d-----w C:\Program Files\WMV9_VCM
2007-09-21 14:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-21 14:07 --------- d-----w C:\Program Files\WSTARTUP
2007-09-21 14:07 --------- d-----w C:\Program Files\UTILS
2007-09-21 14:07 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-21 13:40 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-21 13:38 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 10:20]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2003-10-21 16:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSimpleStartMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"LockTaskbar"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"MaxRecentDocs"=15 (0xf)
"NoInstrumentation"=0 (0x0)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=0 (0x0)
"DisallowCpl"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FuMy^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\FuMy\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
rundll32.exe stmctrl.dll,TaskBar

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 19:57:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-13 19:58:43 - machine was rebooted
.
--- E O F ---

Reposte un rapport Hijackthis.

Bien monsieur

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\FuMy\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C1AEE53-16EF-4F90-BA6E-6E150B4A09AC}: NameServer = 212.151.136.246 212.151.137.166
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Ils n'y a plus les hidr.exe mais jvois toujours wintems.exe dans les processus caché -,-

Refais un scan Combofix  

Merci Angeldark pour ton aide   jespere plus te revoir ! c'est un compliment  

Euh...ta vu ma réponse ?

oui oui mais jpense savoir c'est quoi qui foire   donc le combo truc sera pas neccessaire , jte remerci encore  

Fais comme tu veux, viens pas te plaindre après.

Angel dark  
Jai encore besoin de toi, jpense pas que ca soit lié aux probleme hidr.exe et wintems qui sont definitivement plus la, mais apres avoir fait le combofix, au demarrage de mon pc, windows fait une verification de dossier systeme ( c'est pas dans un ecran bleu, mais sur mon bureau dans une petite fenetre). Ca me le fait a chaque demarage, ca tevoque quelque chose?

Merci

Tu peux faire un screen ?

Oui,

http://static3.filefront.com/images/personal/f/FuMyGeNe...

jsais pas c'est quoi le code tu forums pour les liens images dsl  
Merci

Reposte un rapport Hijackthis.
Balise :

Bien monsieur

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\FuMy\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C1AEE53-16EF-4F90-BA6E-6E150B4A09AC}: NameServer = 212.151.136.246 212.151.137.166
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Tu devrais voir dans Hardware.

developpe plz  
merci

Bah tu vas dans la section Hardware du forum.

ah tu me lache  
mais merci quand meme