Virus...Au secours !

Voici pour info.txt
https://www.cjoint.com/?fhryY5QDzj

Et pour log.txt, je ne sais pas pourquoi mais cela ne marche pas (Internet explorer ne peut pas afficher cette page). Et je ne peux pas coller le contenu dans un autre fichier txt ou word car sinon, l'ordi plante. Donc ou je le colle dans mon message ou bien y-a-t-il une autre solution ?

En tout cas merci, j'espère qu'on va y arriver...

J'ai bien fais attention à fermer antivirus, antispyware et pare feu, mais l'ordi redémarre tout seul en plein milieu du scan, il n'y a donc pas de rapport... Que faire ???

C'est bon ça a marché ! Je pense que le problème est réglé, visuellement en tout cas c'est sur. Je dois faire d'autres choses ou pas ? En tout cas un merci infini dédétraqué =) !

Voici le rapport :
ComboFix 10-05-06.05 - Propriétaire 07/05/2010 20:11:52.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2559.2101 [GMT 2:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PROPRI~1\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Favoris\_favdata.dat
c:\documents and settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Protection.lnk
c:\program files\Data Protection
c:\program files\Data Protection\about.ico
c:\program files\Data Protection\activate.ico
c:\program files\Data Protection\buy.ico
c:\program files\Data Protection\dat.db
c:\program files\Data Protection\datext.dll
c:\program files\Data Protection\dathook.dll
c:\program files\Data Protection\help.ico
c:\program files\Data Protection\scan.ico
c:\program files\Data Protection\settings.ico
c:\program files\Data Protection\Uninstall.exe
c:\program files\Data Protection\update.ico
c:\windows\PRAGMAxnmemwtlgd
c:\windows\system32\Thumbs.db

Une copie infectée de c:\windows\system32\drivers\agp440.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Legacy_PRAGMAxnmemwtlgd
-------\Service_Boonty Games
-------\Service_NPF
-------\Service_PRAGMAxnmemwtlgd


((((((((((((((((((((((((((((( Fichiers créés du 2010-04-07 au 2010-05-07 ))))))))))))))))))))))))))))))))))))
.

2010-05-07 14:56 . 2010-05-07 14:57 -------- d-----w- C:\rsit
2010-05-07 14:56 . 2010-05-07 14:57 -------- d-----w- c:\program files\trend micro
2010-05-06 20:14 . 2010-05-06 20:14 -------- d-----w- c:\windows\C8BB491212D942AEB571E580D8CD1B5B.TMP
2010-05-06 20:11 . 2010-04-20 14:40 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-05-06 20:09 . 2010-05-06 20:12 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-06 20:08 . 2010-05-06 20:08 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-05 16:48 . 2010-05-05 16:48 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2010-05-02 19:01 . 2010-05-02 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2010-05-02 19:01 . 2010-05-02 19:01 -------- d-----w- c:\program files\Free Download Manager

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 20:09 . 2007-06-09 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-06 18:15 . 2007-06-11 16:46 -------- d-----w- c:\program files\CCleaner
2010-04-20 14:35 . 2010-04-05 13:04 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-07 18:35 . 2008-05-01 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-04-06 16:15 . 2004-08-05 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-06 16:15 . 2004-08-05 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-06 16:15 . 2007-08-31 16:09 365656 ----a-w- c:\windows\system32\perfh040.dat
2010-04-06 16:15 . 2007-08-31 16:09 47104 ----a-w- c:\windows\system32\perfc040.dat
2010-04-05 13:04 . 2007-06-09 09:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-03-28 09:19 . 2010-03-28 09:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-28 09:18 . 2010-03-26 19:44 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-26 19:44 . 2010-03-26 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-03-26 19:44 . 2009-11-06 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-11 12:34 . 2004-08-05 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:34 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:34 . 2004-08-05 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-08-05 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2004-08-05 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2004-08-04 00:49 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-03 12:45 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-08-25 14:33 . 2006-08-25 14:14 76 -c--a-w- c:\program files\temp3.exe
2006-08-25 14:33 . 2006-08-25 14:14 10 -c--a-w- c:\program files\temp2.exe
2006-01-08 02:18 . 2006-08-25 14:33 2374863 -c--a-w- c:\program files\temp1.exe
2006-01-08 02:18 . 2006-08-25 14:33 2374863 -c--a-w- c:\program files\install.exe
2003-08-16 17:56 . 2005-10-26 22:39 579584 -csha-r- c:\windows\system32\cd.exe
2006-08-25 11:03 . 2006-08-25 10:46 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe" [2009-04-10 2901024]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-04-05 476480]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-11 192512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\man__off\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\man__off\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [27/07/2008 22:21 2915944]
R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [16/05/2008 18:10 14144]
R2 myAgtSvc;Service McAfee de protection antivirus et antispyware;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [19/07/2006 17:10 282824]
R2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [06/04/2009 11:35 1002016]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [20/04/2010 16:38 1050440]
R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [21/08/2006 22:49 90229]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [19/07/2006 12:58 439296]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 11:18 10064]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 14:49 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2010-05-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 12:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://maxicours.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Download ALL with IDA
IE: Download with IDA
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\fm7v4enq.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-Data Protection - c:\program files\Data Protection\Pklkvqdii+'}'
AddRemove-LastFM_is1 - f:\last.fm\unins000.exe
AddRemove-Livre Animé Interactif Hercule - f:\disney\HERC_ASB.FR\HRCDEL95.EXE
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 20:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-682003330-2146964071-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-682003330-2146964071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E5AD34CF-962A-139D-7E35-92A0B483F880}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e4,cd,9f,bc,62,70,26,7d,f1,36,f5,57,df,ce,3b,aa,78,94,be,fc,8b,
54,73,de,ed,f9,75,56,8f,b5,df,17,5d,79,48,5e,d2,b7,d5,a9,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{efd3fd0b-03cb-4122-904a-f5cd9044930a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ea
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,4a,76,86,dd,7c,c1,4e,24,c4,9f,27,cf,25,5d,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1372)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Packard Bell\Software Suite\pbDevDetect.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Heure de fin: 2010-05-07 20:36:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-07 18:36

Avant-CF: 5 348 315 136 octets libres
Après-CF: 5 381 226 496 octets libres

- - End Of File - - 19C2289212F4626E45513E412B434E04

Je n'ai pas trouvé le fichier cd.exe. Est-il caché ??

Voici les autres résultats :
Temp 3
http://www.virustotal.com/fr/analisis/fe2d53af62048da397759487ad6c9a12f4d893611482502ce9e4f335b8473d5b-1273260492

Temp2
http://www.virustotal.com/fr/analisis/0b168b271a227012272a574e31089df3e2d9aaabf0f253e3ec57d25d91e28bb4-1273260440

Temp1
http://www.virustotal.com/fr/analisis/56b97bed342db3ae9b3310c854050b0401dc5ab0300fe6ffe03ad45d2956728d-1273260258

Install
http://www.virustotal.com/fr/analisis/56b97bed342db3ae9b3310c854050b0401dc5ab0300fe6ffe03ad45d2956728d-1273260715

Et voilà pour cd.exe
http://www.virustotal.com/fr/analisis/d0b749451ae9563198c0e6201f2abf324db49d6f601bb85d6558bb75dfb5059c-1273263857

Et maintenant que faire ? =)

Voilà le rapport de OTM !
All processes killed
========== FILES ==========
c:\windows\C8BB491212D942AEB571E580D8CD1B5B.TMP folder moved successfully.
c:\program files\temp3.exe moved successfully.
c:\program files\temp2.exe moved successfully.
c:\program files\temp1.exe moved successfully.
c:\program files\install.exe moved successfully.
c:\windows\system32\cd.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 3795 bytes

User: Propritaire
->Temp folder emptied: 0 bytes

User: Propriétaire

User: Propriétaire
->Temp folder emptied: 1496 bytes
->Temporary Internet Files folder emptied: 10227668 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28117853 bytes
->Apple Safari cache emptied: 1304158 bytes
->Flash cache emptied: 1931874 bytes

User: PropriÚtaire
->Temporary Internet Files folder emptied: 215112 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 10589696 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52,00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05072010_235222

Files moved on Reboot...
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\SS40MYNL\293373-11-virus-aidez[1].htm moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K8VCSQWY\affich-17650608-virus-au-secours[1].htm moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K8VCSQWY\mail[2].htm moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\EXYBWGI0\cdntests_cedexis[1].htm moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\EXYBWGI0\mail[1].htm moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\EXYBWGI0\mail[2].htm moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

Et bien j'aimerais juste savoir comment faire en sorte que cela ne se reproduise plus, mieux protéger mon ordi, et les différentes techniques pour avoir un ordi en bonne santé =)

Aussi, est-ce que je peux supprimer tous les logiciels installé durant la manip (Combofix, OTM...) ?

Voilà le rapport de Tools Cleaner :
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Downloads\Software\Rsit.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\Propriétaire\Bureau\OTM.exe: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Downloads\Software\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !

Fichiers temporaires nettoyés !

J'ai supprimé les trucs qui restaient...
Bon et bien je pense que c'est bon... ^^
Je te remercie infiniment dédétraqué pour ton aide et tes précisions de qualité. =) Voilà si tu n'a rien à ajouter je pense que l'on peut en conclure là !