bonjour,

Norton m'affiche toute les 2 secondes une fenetres alerte virus, qui s'appellle downloader. Je ne sait pas quoi faire
Aidez-moi!!!!!
merci

Bonjour,

L'emplacement ?

windows\system32\

merci pour l'aide

Nom et extension du fichier ?

moi j'ai le même pb. pour un fichier dans system32 qui se nomme :
__c007703E.dat
voilà voilà

C'est du Vundo

• Télécharge combofix.exe (par sUBs) sur ton Bureau.
• Double clique combofix.exe.
• Tape sur la touche 1 (Yes) pour démarrer le scan.
• Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

voilà un copier coller du rapport :

ComboFix 07-11-08.1 - DIgnatio 2007-11-12 17:04:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.394 [GMT 1:00]
Running from: C:\Documents and Settings\DIgnatio\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\DIgnatio\Favoris\Online Security Guide.lnk
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
C:\WINDOWS\system32\__c007703E.dat
C:\WINDOWS\system32\tbxtidov.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-12 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 14:45 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Grisoft
2007-11-12 14:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-12 14:43 <REP> d-------- C:\Program Files\CCleaner
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Intel
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\AegisP.sys
2007-11-12 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-12 12:21 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2007-11-12 12:21 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-11-12 12:21 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2007-11-12 09:38 <REP> d-------- C:\SWSetup
2007-11-12 09:35 <REP> d-------- C:\Intel
2007-11-09 12:07 266 --a------ C:\Documents and Settings\1-op\Application Data\config.dat
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage r‚seau
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage d'impression
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\ModÅ les
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Mes documents
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Menu D‚marrer
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Favoris
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Bureau
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Infineon
2007-11-09 09:44 237 --a------ C:\vpwaf.dat
2007-11-07 12:59 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-05 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 21:02 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Lavasoft
2007-11-05 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 18:32 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\GrabIt
2007-11-05 17:03 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Ahead
2007-10-30 11:01 251,402 ---hs---- C:\WINDOWS\system32\pqtss.bak2
2007-10-29 09:53 <REP> d-------- C:\WINDOWS\pss
2007-10-28 11:36 243,527 ---hs---- C:\WINDOWS\system32\pqtss.bak1
2007-10-28 11:30 0 --a------ C:\WINDOWS\system32\27031_mssql.exe
2007-10-22 10:42 <REP> d---s---- C:\Documents and Settings\DIgnatio\UserData
2007-10-18 09:34 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-10-18 09:34 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-10-18 09:34 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-10-18 09:33 <REP> d-------- C:\Program Files\SkyRecon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 11:21 --------- d-----w C:\Program Files\Intel
2007-11-12 10:35 --------- d-----w C:\Program Files\DominoForOutlook
2007-11-12 10:24 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\SolidDocuments
2007-11-05 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 10:30 359,808 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-18 12:53 368 ----a-w C:\WINDOWS\system32\drivers\thor_old.srn
2007-10-18 12:53 168 ----a-w C:\WINDOWS\system32\drivers\stateful_old.srn
2007-10-10 08:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-09 19:39 --------- d-----w C:\Program Files\Fichiers communs\Intel
2007-10-04 08:54 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Program Files\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Cisco
2007-10-04 08:29 --------- d-----w C:\Program Files\SolidDocuments
2007-10-04 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments
2007-10-04 08:23 --------- d-----w C:\Program Files\FreshDevices
2007-10-04 08:20 --------- d-----w C:\Program Files\PDFCreator
2007-10-04 08:12 --------- d-----w C:\Program Files\Observer
2007-10-04 08:10 --------- d-----w C:\Program Files\Ethereal
2007-10-04 07:58 --------- d-----w C:\Program Files\Ekahau
2007-10-04 07:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-04 06:25 --------- d-----w C:\Program Files\Canon
2007-10-04 06:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 06:23 --------- d--h--w C:\Program Files\CanonBJ
2007-09-19 07:35 --------- d-----w C:\Program Files\Lexmark_HostCD
2007-09-13 13:10 --------- d-----w C:\Program Files\MSN Messenger
2007-09-13 08:09 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Talkback
2007-09-12 15:19 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-12 15:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Infineon
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Infineon
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E8755C-7538-45B6-A050-01DBE389F30A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58472AB6-A02B-49ED-A170-2BE115018BE9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2003-04-29 12:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 11:30]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 14:39]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 09:49]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 13:02]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvtsr]
cbxvtsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 2006-01-12 13:05 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-03 14:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tbxtidov]
tbxtidov.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli AsWlnPkg

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys
R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;C:\WINDOWS\system32\DRIVERS\CdpPacket.sys
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\ekauio.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 Cpmt;Cisco Media Termination;C:\WINDOWS\system32\Drivers\Cpmt.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
S0 odin;system32\odin-sys.sra;C:\WINDOWS\system32\odin-sys.sra
S0 thor2;C:\WINDOWS\system32\drivers\thor2.sra;C:\WINDOWS\system32\drivers\thor2.sra
S2 ASBroker;Courtier de session de connexion;C:\WINDOWS\System32\svchost.exe -k Cognizance
S2 Microsoft Windows SMTH Control;Microsoft Windows SMTH Control;"C:\WINDOWS\system32\dllcache\winsmth.exe"
S2 StormShield Agent;StormShield Agent;"C:\Program Files\SkyRecon\StormShield Agent\SRService.exe"
S3 EClient;EClient;C:\Program Files\Ekahau\Client\bin\Eclient.exe
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\WINDOWS\system32\flcdlock.exe
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S3 WPRO_40_901;WinPcap Packet Driver (WPRO_40_901);C:\WINDOWS\system32\drivers\WPRO_40_901.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1a374c6-7d4e-11dc-8299-00170843cca4}]
\Shell\AutoRun\command - F:\muisetup.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 17:09:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 17:11:51 - machine was rebooted
.
--- E O F ---

Re,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

le voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\DIgnatio\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safir/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://safir/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nsproxy.ares.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = safir;*.lyon.ares.ssii;intra*;10.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {52E8755C-7538-45B6-A050-01DBE389F30A} - (no file)
O2 - BHO: (no name) - {58472AB6-A02B-49ED-A170-2BE115018BE9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7Y19C2X74Z] C:\WINDOWS\syss_.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://safir/default.aspx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/g [...] ection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\Software\..\Telephony: DomainName = lyon.ares.ssii
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O20 - Winlogon Notify: cbxvtsr - cbxvtsr.dll (file missing)
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: tbxtidov - tbxtidov.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EClient - Ekahau, Inc. - C:\Program Files\Ekahau\Client\bin\Eclient.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Microsoft Windows SMTH Control - Unknown owner - C:\WINDOWS\system32\dllcache\winsmth.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: StormShield Agent - Unknown owner - C:\Program Files\SkyRecon\StormShield Agent\SRService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10177 bytes

Refais un scan Combofix.