Voila, j'ai supprimé le dossier "Moved files".
Le rapport RAV:
[04/03/2008 14:40:31] - virus trouvé : f:\Autorun.inf
[04/03/2008 14:40:31] - virus Supprimé avec succès ==>f:\autorun.inf
[04/03/2008 14:40:49] - virus Supprimé avec succès ==>f:\AutoTransfer.exe
[04/03/2008 14:40:56] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ==> réparé
[04/03/2008 14:40:56] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ==> réparé
[04/03/2008 14:40:56] - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ==> réparé
[04/03/2008 14:40:56] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun ==> réparé
[04/03/2008 14:40:56] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer ==> réparé
[04/03/2008 14:40:56] - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions ==> réparé
[04/03/2008 14:40:56] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig ==> réparé
[04/03/2008 14:40:56] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR ==> réparé
[04/03/2008 14:40:56] - virus Supprimé avec succès
Pas de rapport avec Flash Disinfector
Rapport Combofix :
ComboFix 08-03-04.2 - Laetitia 2008-03-04 14:56:28.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.479 [GMT 1:00]
Endroit: C:\Documents and Settings\Laetitia\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))))
.
2008-03-03 21:39 . 2008-03-03 21:39 17,772,680 --a------ C:\upload_moi_NOM-D678AF4E6A3.tar.gz
2008-03-03 21:22 . 2008-03-03 21:22 <REP> d-------- C:\_OTMoveIt
2008-02-26 19:55 . 2008-02-26 19:55 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 17:23 . 2008-02-26 17:23 <REP> d-------- C:\Documents and Settings\Laetitia\Application Data\Grisoft
2008-02-26 17:22 . 2008-02-26 17:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-26 17:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-26 16:56 . 2008-02-26 16:56 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-12 19:49 . 2008-02-26 19:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-12 19:49 . 2008-02-12 19:49 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 19:46 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-05 11:13 --------- d-----w C:\Documents and Settings\Laetitia\Application Data\Zango
2008-01-05 11:13 --------- d-----w C:\Documents and Settings\Laetitia\Application Data\WeatherDPA
2008-01-05 11:13 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
2008-01-05 11:13 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-07 14:37 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-23 17:47 6,609,890 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-08-30 06:03 118,784 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-08-22 06:17 3,342,336 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-08-03 11:48 806 ----a-w C:\Documents and Settings\Laetitia\Application Data\wklnhst.dat
2007-04-26 04:01 20,545,247 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_25_09_39_01_full.dmp.zip
2007-04-24 22:27 17,639,002 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_24_09_00_59_full.dmp.zip
2007-04-19 15:16 17,618,897 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_19_05_10_45_full.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-11 20:41 25343016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-21 13:52 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-26 21:53:44 110592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2006-02-21 15:20 180224 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2004-09-23 13:41 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--------- 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22880:TCP"= 22880:TCP:BitComet 22880 TCP
"22880:UDP"= 22880:UDP:BitComet 22880 UDP
R2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2003-08-19 23:28]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-05-22 22:30]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-27 22:13]
S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2005-06-08 15:55]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f41167a3-b4a2-11dc-a0cc-001731a4bd9e}]
\Shell\AutoRun\command - F:\AutoTransfer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 14:59:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-04 15:00:16
.
2008-02-14 06:19:58 --- E O F ---
Afficher icone connexion barre
