Problème Explorer

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 857

22:16:57 15/06/2008
mbam-log-6-15-2008 (22-16-57).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 176240
Temps écoulé: 35 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Paul\AppData\Local\Temp\yayxywVN.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:21, on 16/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\Paul\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winhhb32.rom,SaKRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: Gangsters2Setup.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7555 bytes

Même problème ?

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

non windows explorer refonctionne a merveille !
je te remercie beaucoup pour ton aide aussi rapide.

par contre au demarrage un message d'erreur apparait et me dit qu'il manque un fichier.dll.
mais ca n'altere pas les performances de mon pc pour autant ...

Le rapport ?

ComboFix 08-06-16.5 - Paul 2008-06-18 19:14:19.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1129 [GMT 2:00]
Endroit: C:\Users\Paul\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 13:01 . 2008-06-17 23:43 <REP> d-------- C:\Users\Paul\AppData\Roaming\SPORE Creature Creator
2008-06-17 12:58 . 2008-06-17 12:58 <REP> d-------- C:\Program Files\Electronic Arts
2008-06-16 22:24 . 2008-06-16 22:27 <REP> d-------- C:\Program Files\SlySoft
2008-06-16 22:24 . 2008-06-16 22:26 24 --ahs---- C:\Windows\SEA1DE7AB.tmp
2008-06-16 20:50 . 2008-02-22 13:30 334,792 --a------ C:\Windows\System32\_AxShlEx.dll
2008-06-16 19:39 . 2008-06-16 19:39 <REP> d-------- C:\Users\Paul\AppData\Roaming\DAEMON Tools
2008-06-15 20:54 . 2008-06-15 20:54 <REP> d-------- C:\Users\Paul\AppData\Roaming\Malwarebytes
2008-06-15 20:54 . 2008-06-15 20:54 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-15 20:53 . 2008-06-15 20:53 <REP> d-------- C:\Users\Paul\AppData\Roaming\Download Manager
2008-06-15 18:59 . 2008-06-15 18:59 <REP> d-------- C:\Program Files\Trend Micro
2008-06-15 12:52 . 2008-06-15 12:52 <REP> d-------- C:\Program Files\RegCleaner
2008-06-15 12:13 . 2008-06-15 12:13 <REP> d-------- C:\Users\Paul\AppData\Roaming\InstallShield
2008-06-12 22:44 . 2008-06-12 22:44 21,036 --a------ C:\Windows\System32\SIntfNT.dll
2008-06-12 22:44 . 2008-06-12 22:44 15,132 --a------ C:\Windows\System32\SIntf32.dll
2008-06-12 22:44 . 2008-06-12 22:44 12,067 --a------ C:\Windows\System32\SIntf16.dll
2008-06-04 19:05 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-06-02 23:29 . 2008-06-02 23:29 271,360 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-06-02 23:28 . 2008-06-02 23:28 18,048 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-06-02 11:25 . 2008-06-02 11:25 <REP> d-------- C:\ProgramData\NVIDIA
2008-06-02 01:55 . 2008-06-18 00:03 27,744 --a------ C:\ProgramData\nvModes.dat
2008-05-30 21:08 . 2008-05-30 21:08 1 --a------ C:\Windows\System32\SI.bin
2008-05-30 21:04 . 2008-05-30 21:04 <REP> d-------- C:\Program Files\Alcohol Soft
2008-05-27 20:50 . 2008-05-27 20:50 <REP> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-27 20:49 . 2003-07-21 05:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-05-27 20:49 . 2005-01-04 20:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-05-26 22:18 . 2008-05-26 22:18 <REP> d-------- C:\ProgramData\InstallShield
2008-05-26 16:52 . 2008-06-18 00:03 <REP> d-------- C:\Users\Paul\AppData\Roaming\Azureus
2008-05-26 16:52 . 2008-05-26 16:52 <REP> d-------- C:\ProgramData\Azureus
2008-05-26 16:44 . 2008-06-15 18:55 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-26 15:42 . 2008-06-17 20:36 <REP> d-------- C:\Program Files\Azureus
2008-05-23 21:17 . 2008-05-23 21:17 <REP> d-------- C:\Defiler Backups

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 20:48 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-06-17 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 21:32 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-06-16 21:22 --------- d-----w C:\Program Files\THQ
2008-06-16 17:40 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-06-11 18:35 --------- d-----w C:\Program Files\Microsoft Games
2008-06-11 18:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-01 23:13 12,978 ----a-w C:\Users\Paul\AppData\Roaming\nvModes.dat
2008-06-01 10:40 --------- d-----w C:\Program Files\Java
2008-05-30 19:29 --------- d-----w C:\Program Files\Ubisoft
2008-05-26 13:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-21 16:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-12 12:54 --------- d-----w C:\ProgramData\Avira
2008-05-12 12:54 --------- d-----w C:\Program Files\Avira
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_19.10.45,32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 17:07:34 5,541,888 ----a-w C:\Windows\erdnt\Hiv-backup\schema.dat
+ 2008-06-18 17:14:14 5,541,888 ----a-w C:\Windows\erdnt\Hiv-backup\schema.dat
- 2008-06-18 17:09:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-18 17:15:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-18 17:15:39 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"MSSMSGS"="winhhb32.rom" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 20:42 1057328]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-07-27 20:31 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-07-27 20:31 37232]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2008-01-16 00:54 37376]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-13 13:39 262401]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-08 01:55 13527584]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-08 01:55 92704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1651362847-2190745949-2528751684-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5B6D7B8A-581A-49E4-8B1C-AC5AD084C004}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{8CD4B029-4A90-4B5A-8CFC-43A596249E6C}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{F324DCC1-F8F6-471B-9E00-1C54E65C9D9D}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{9D20AF80-831A-4A2B-96AC-913982F0BF59}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{4BA7B576-CD64-4662-A786-FC59FE62C1D5}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{F3CA0724-B031-47DA-9037-479BE5FC7D60}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{97D22EEE-B24D-4451-9515-DEDED564705D}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{1DFF91A9-0EBC-418B-8540-7FD245EBA14E}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{C53DABEF-DF9B-4582-98B7-91E4BD70B995}C:\\unrealtournament\\system\\unrealtournament.exe"= UDP:C:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{F9AD2C88-4D41-4BCF-B7F9-3E22CBE41AD3}C:\\unrealtournament\\system\\unrealtournament.exe"= TCP:C:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"{F9ACE26F-F7A1-4A29-8488-83D32BCF3B26}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7CDC5753-2F80-4B05-B1B0-3486FCC303C2}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{8746D76F-4FB4-4DAE-8721-0F3B6286837F}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{43F8D832-C686-4AEA-8B7B-1B84374C18CD}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{CB781E14-6D88-4075-ABBD-2F8270C9564E}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{9AF2274E-40EC-47BA-8B4D-1241175CDE5A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F6AC9585-400D-44D2-81F0-C59EE4449E8A}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{A2F51A90-035E-40F5-9418-66E9506D3D77}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{7C8C6E7C-9102-4375-9136-7C910B4A0903}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{1B8CF4AF-DBBB-4E79-A400-648F493A0949}C:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"UDP Query User{FED1AE47-C49B-45DF-9FC3-88293BEADE49}C:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest
"TCP Query User{1188CF35-DD25-4932-BAD5-2B3218CD8931}C:\\users\\paul\\desktop\\sro_new_full-client_downloader.exe"= UDP:C:\users\paul\desktop\sro_new_full-client_downloader.exe:sro_new_full-client_downloader.exe
"UDP Query User{ABFD657D-43BB-43CE-A31D-30856941E890}C:\\users\\paul\\desktop\\sro_new_full-client_downloader.exe"= TCP:C:\users\paul\desktop\sro_new_full-client_downloader.exe:sro_new_full-client_downloader.exe
"{5B1BF3CA-BF4A-4F7B-A99A-38365F418D1D}"= UDP:C:\Program Files\Cyanide\Loki\Loki.exe:Loki
"{61158BBF-0E54-4BAC-8C12-70E799D7887F}"= TCP:C:\Program Files\Cyanide\Loki\Loki.exe:Loki
"{C19F8E3D-0F9C-49D3-9A0E-8146676E956F}"= UDP:C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:Loki - AutoRun
"{50CA85B7-26AB-487F-A84E-AD291F448B9F}"= TCP:C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:Loki - AutoRun
"TCP Query User{D0755C49-6099-42EF-AFA6-76CACF533B76}C:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= UDP:C:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{D21D6C42-CD0D-4CC8-8621-7573E19CDEB6}C:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= TCP:C:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{C70CB66C-A57C-4A86-AB09-4313C6EB02F3}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe arkCrusade
"UDP Query User{5C03498A-C3E5-4994-A5B6-DF8E13B0DA92}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe arkCrusade
"TCP Query User{9742EB41-BD0C-4BDB-A4C5-CC0AFC97A900}C:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:C:\program files\thq\dawn of war\w40k.exe:W40K
"UDP Query User{0B203722-271B-4460-AF26-220624F67380}C:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:C:\program files\thq\dawn of war\w40k.exe:W40K

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 08:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dbafaa5-3bdf-11dd-9231-001bfcf4455d}]
\shell\AutoRun\command - F:\AutoPlay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0375db0-3bcb-11dd-84d1-001bfcf4455d}]
\shell\AutoRun\command - F:\autoplay.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-18 17:15:09 C:\Windows\Tasks\User_Feed_Synchronization-{0E345A75-C261-441B-BA98-BE478503815F}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 19:15:45
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-18 19:16:33
ComboFix-quarantined-files.txt 2008-06-18 17:16:28
ComboFix2.txt 2008-06-18 17:11:14

Pre-Run: 23,339,008,000 octets libres
Post-Run: 23,186,042,880 octets libres

174 --- E O F --- 2008-06-18 16:44:12

Tu peux faire un screen du problème avec la .dll ?

Il te suffit de fixer la ligne suivante avec Hijackthis :
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winhhb32.rom,SaKRun

pffiou !
franchement merci angeldark pour ta rapidité et ton efficacité.
tout est resolu et mon pc refonctionne parfaitement.  
encore merci  

No problem