bonjour, voila je suis rentré chez moi et j'ai fait ton instruction voila le rapport :
ComboFix 08-03-01.3 - tef 2006-10-18 4:15:51.2 - NTFSx86
Endroit: C:\Documents and Settings\tef\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.
2008-02-19 00:44 . 2008-02-19 00:44 <REP> d-------- C:\Documents and Settings\tef\Application Data\Grisoft
2008-02-19 00:43 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-19 00:03 . 2008-02-19 00:03 1,116,174 --a------ C:\upload_moi_TEFANIG-LEBAYON.tar.gz
2008-02-18 23:19 . 2008-02-18 23:19 <REP> d-------- C:\VundoFix Backups
2008-02-16 22:23 . 2008-02-16 22:23 <REP> d-------- C:\WINDOWS\system32\bits
2008-02-16 22:23 . 2008-02-16 22:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-16 22:22 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-16 22:22 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-16 22:22 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-16 22:22 . 2004-07-01 23:08 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-02-16 22:22 . 2004-07-01 23:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-02-16 22:21 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-16 22:21 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-16 22:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-16 22:21 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-16 22:21 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-16 22:21 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-16 22:21 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-16 22:21 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-16 17:30 . 2008-02-16 17:30 <REP> d-------- C:\Program Files\Trend Micro
2008-02-16 02:40 . 2008-02-16 02:40 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-15 23:15 . 2008-02-18 20:02 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 01:00 . 2008-02-16 01:53 1,810 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-15 00:58 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-15 00:58 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-15 00:58 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-15 00:58 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-15 00:58 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-15 00:58 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-15 00:51 . 2006-10-18 01:33 11,448 --a------ C:\WINDOWS\setupapi.old
2008-02-15 00:33 . 2008-02-15 01:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-15 00:33 . 2008-02-15 01:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 00:28 . 2008-02-15 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 00:13 . 2008-02-15 00:13 122,385 --a------ C:\WINDOWS\system32\23739fd7caa3bb354ef382f9312f6f78.TMP
2008-02-15 00:12 . 2008-02-15 00:12 122,385 --a------ C:\WINDOWS\system32\afea5f0cb381b53fcc5eeabd4a7e22e0.TMP
2008-02-15 00:12 . 2008-02-15 00:12 122,385 --a------ C:\WINDOWS\system32\23f2df1f0d638cb9b0b2427c22a94919.TMP
2008-02-14 23:37 . 2007-08-24 00:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-02-14 23:37 . 2007-08-24 00:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-14 23:37 . 2007-08-23 18:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-02-14 23:37 . 2007-08-24 00:59 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-14 23:37 . 2007-08-24 00:59 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-02-14 23:37 . 2008-02-14 23:55 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-14 23:37 . 2008-02-15 00:02 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-14 21:30 . 2008-02-18 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 20:51 . 2008-02-14 20:51 122,385 --a------ C:\WINDOWS\system32\edecddc.dll
2008-02-13 20:49 . 2008-02-15 00:28 <REP> d-------- C:\QUARANTINE
2008-02-13 20:49 . 2008-02-16 00:08 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-12 19:22 . 2008-02-12 19:53 217 --a------ C:\WINDOWS\yesmessenger.ini
2008-02-12 19:20 . 2008-02-12 19:26 <REP> d-------- C:\Program Files\YesMessenger
2008-02-05 20:36 . 2008-02-05 20:36 <REP> d-------- C:\Program Files\Google
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 23:27 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-13 21:23 --------- d-----w C:\Documents and Settings\tef\Application Data\LimeWire
2008-01-19 16:46 65,536 ----a-w C:\WINDOWS\DUMP39bd.tmp
2007-10-30 15:56 870,400 -c--a-w C:\Documents and Settings\tef\autorun.dat
2007-10-30 15:56 632,072 -c--a-w C:\Documents and Settings\tef\msvcr80.dll
2007-10-30 15:56 554,248 -c--a-w C:\Documents and Settings\tef\msvcp80.dll
2007-10-30 15:56 505,096 -c--a-w C:\Documents and Settings\tef\msvcp71.dll
2007-10-30 15:56 484,616 -c--a-w C:\Documents and Settings\tef\msvcm80.dll
2007-10-30 15:56 386,312 -c--a-w C:\Documents and Settings\tef\server.dll
2007-10-30 15:56 353,544 -c--a-w C:\Documents and Settings\tef\msvcr71.dll
2007-10-30 15:56 1,180,936 -c--a-w C:\Documents and Settings\tef\msvcr80d.dll
2007-10-30 15:56 1,041,672 -c--a-w C:\Documents and Settings\tef\msvcp80d.dll
2007-10-30 15:56 1,021,192 -c--a-w C:\Documents and Settings\tef\msvcm80d.dll
2007-10-24 19:50 258 -c--a-w C:\Documents and Settings\tef\dat.bin
2007-08-23 18:56 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548E1154-FA99-4B77-9FC5-02C9D8C9D24D}]
C:\Program Files\SpyAway\sa_ie_monitor.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-10 21:48 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"Cmaudio"="cmicnfg.cpl" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2001-08-28 13:00 147968]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-10-01 14:12:18 565309]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edecddc]
C:\WINDOWS\System32\edecddc.dll 2008-02-14 20:51 122385 C:\WINDOWS\system32\edecddc.dll
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 04:17:50
Windows 5.1.2600 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\edecddc.dll
.
Temps d'accomplissement: 2008-03-01 4:19:10
ComboFix-quarantined-files.txt 2008-03-01 03:18:45
ComboFix2.txt 2008-02-20 17:01:32