Brontok ;'(
Forum Accès Internet & Réseaux : Serveurs et sécurité - Brontok ;'(
Bonjour à tous, je fais appel à vos conseils avisés afin de m'aider à éliminer le vilain ver Brontok de mon pc...
Je suis équipé de Windows Vista (que je n'aime paaas 
)
J'espère que vous les experts prendrez un peu de votre temps pour me sortir de là... et je vous en remercie d'avance.
Si j'ai bien suivi les quelques fils de discussion sur google vous avez besoin du rapport ComboFix que voilà :
ComboFix 09-08-04.03 - Gary 05/08/2009 18:17.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.1245 [GMT 2:00]
Running from: I:\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1532331536-3084111610-3787217896-500
c:\$recycle.bin\S-1-5-21-1638992271-1691765578-3997248754-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Conditions générales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Confidentialité.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Désinstaller.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\users\Gary\AppData\Roaming\Google\dwms.exe
c:\users\Gary\AppData\Roaming\Google\Shell32.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.
2009-08-05 16:25 . 2009-08-05 16:25 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-08-05 16:25 . 2009-08-05 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 16:25 . 2009-08-05 16:25 -------- d-----w- c:\users\Gary_2\AppData\Local\temp
2009-08-05 07:29 . 2009-08-05 07:29 422 ----a-w- c:\users\Gary\AppData\Roaming\Bioshock\mario.exe
2009-08-05 07:29 . 2009-08-05 07:29 16141 ----a-w- c:\users\Gary\AppData\Roaming\DAEMON Tools\flamiks32.exe
2009-08-05 07:29 . 2009-08-05 07:29 145131 ----a-w- c:\users\Gary\AppData\Roaming\CyberLink\pingo.dll
2009-08-05 07:29 . 2009-08-05 07:29 13221 ----a-w- c:\users\Gary\AppData\Roaming\Apple Computer\xl12.exe
2009-08-05 07:29 . 2009-08-05 07:29 11232 ----a-w- c:\users\Gary\AppData\Roaming\Adobe\norigami.dll
2009-07-22 09:31 . 2009-07-22 09:32 -------- d-----w- C:\Downloads
2009-07-22 09:31 . 2009-07-22 09:46 -------- d-----w- c:\program files\BitComet
2009-07-19 13:02 . 2009-07-19 13:02 -------- d-----w- c:\program files\iPod
2009-07-19 12:51 . 2009-07-19 12:51 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-18 12:08 . 2009-07-18 12:08 -------- d-----w- c:\users\Gary_2\AppData\Roaming\Roxio
2009-07-17 08:49 . 2009-07-17 08:50 -------- d-----w- c:\users\Gary\AppData\Roaming\Steinberg
2009-07-17 08:32 . 2005-05-09 18:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2009-07-17 08:31 . 2002-11-25 03:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2009-07-17 08:31 . 2002-11-25 06:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2009-07-17 08:31 . 2005-10-17 07:35 704512 ----a-w- c:\windows\system32\SYNSOACC.dll
2009-07-17 08:31 . 2004-05-10 13:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2009-07-17 08:31 . 2009-07-17 08:31 -------- d-----w- c:\program files\Syncrosoft
2009-07-15 07:40 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:40 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:40 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:40 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:40 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 07:40 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:12 . 2007-06-25 20:34 -------- d-----w- c:\programdata\Roxio
2009-08-05 09:09 . 2006-11-02 15:48 690832 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-05 09:09 . 2006-11-02 15:48 117572 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-05 09:01 . 2008-01-18 11:47 94384 ----a-w- c:\users\Gary\AppData\Roaming\nvModes.dat
2009-08-05 07:29 . 2008-12-24 20:28 -------- d-----w- c:\users\Gary\AppData\Roaming\Apple Computer
2009-08-05 07:29 . 2008-07-17 12:31 -------- d-----w- c:\users\Gary\AppData\Roaming\DAEMON Tools
2009-08-05 07:29 . 2008-05-23 19:03 -------- d-----w- c:\users\Gary\AppData\Roaming\Bioshock
2009-08-05 07:29 . 2008-01-17 16:10 -------- d-----w- c:\users\Gary\AppData\Roaming\CyberLink
2009-08-04 18:30 . 2009-03-26 15:06 27430 ----a-w- c:\users\Gary_2\AppData\Roaming\nvModes.dat
2009-08-02 09:41 . 2008-12-23 09:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 17:31 . 2009-05-30 19:01 -------- d-----w- c:\users\Gary_2\AppData\Roaming\Spotify
2009-07-22 17:25 . 2009-04-21 08:10 -------- d-----w- c:\users\Gary\AppData\Roaming\Spotify
2009-07-19 13:02 . 2008-12-24 20:27 -------- d-----w- c:\program files\iTunes
2009-07-19 13:02 . 2008-12-24 20:22 -------- d-----w- c:\program files\Common Files\Apple
2009-07-19 08:25 . 2008-04-19 21:21 680 ----a-w- c:\users\Gary\AppData\Local\d3d9caps.dat
2009-07-18 12:17 . 2009-07-29 06:07 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-07-29 06:07 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-07-29 06:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-07-29 06:07 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-07-29 06:07 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-07-29 06:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-18 08:29 . 2008-03-30 16:02 -------- d-----w- c:\program files\EA GAMES
2009-07-18 08:25 . 2007-06-25 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 17:42 . 2009-03-26 14:47 88944 ----a-w- c:\users\Gary_2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-17 08:42 . 2008-01-17 16:07 88944 ----a-w- c:\users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 07:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-08 18:17 . 2008-06-19 18:13 -------- d-----w- c:\program files\Dofus
2009-06-20 14:08 . 2009-06-20 13:57 131172 ----a-w- c:\windows\hpoins15.dat
2009-06-20 14:06 . 2007-06-25 21:22 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-20 14:03 . 2009-06-20 14:03 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-20 13:58 . 2007-06-25 20:53 -------- d-----w- c:\program files\HP
2009-06-15 09:38 . 2009-06-15 09:38 -------- d-----w- c:\users\Gary_2\AppData\Roaming\CyberLink
2009-06-11 06:29 . 2007-06-25 20:49 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 06:28 . 2007-06-25 20:48 -------- d-----w- c:\program files\Microsoft Works
2009-06-03 15:15 . 2009-06-03 15:15 7592 ----a-w- c:\users\Gary_2\AppData\Local\d3d9caps.dat
2009-05-29 11:36 . 2009-05-29 11:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-05-29 11:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-17 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-01 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-01 81920]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-17 1006264]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 634880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{385886E8-F959-405D-AEA8-53E522F0198F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7F62BBC5-75E4-4939-B914-21991D03E0E3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77BE45C3-9CE5-46CF-866A-F628CA4E7CF2}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{57F8BBBF-005C-4CAD-94DA-B7C508017205}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{27E584AD-5875-4928-BF21-9C20E559FB77}c:\\program files\\the all-seeing eye\\eye.exe"= UDP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{F8A91074-FC1C-4C16-BE71-B8E32953C854}c:\\program files\\the all-seeing eye\\eye.exe"= TCP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"{1769A714-3661-432F-B05E-F23EAD31FA55}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{4CDB12A8-7021-4A59-8C1F-A89499C22405}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{64738758-1D69-4EEB-91B5-DC7C032D4B9D}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{CC7F2B5C-E0CD-4AD9-859F-D704A2A8F1F3}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3
"{9196BF3A-DCC6-4B99-A2AF-E43F0913B179}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4159850B-4564-448A-910A-8C40867E73A9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{055AB042-8DD7-45A1-93E7-C58D66B33729}c:\\users\\gary\\appdata\\local\\temp\\blizzard launcher temporary - 0f3efbc8\\launcher.exe"= UDP:c:\users\gary\appdata\local\temp\blizzard launcher temporary - 0f3efbc8\launcher.exe:launcher.exe
"UDP Query User{142D02DC-2C21-4724-8F9B-8E4270593116}c:\\users\\gary\\appdata\\local\\temp\\blizzard launcher temporary - 0f3efbc8\\launcher.exe"= TCP:c:\users\gary\appdata\local\temp\blizzard launcher temporary - 0f3efbc8\launcher.exe:launcher.exe
"{678C8721-3725-4301-A35A-BCE2B307D814}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{C11686A5-0379-4390-BD29-5F38E5B0835B}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{AB9AE295-6CBA-43FA-A30A-63ECC84141F8}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{9B60F818-E9E0-46C3-851E-081DFAF98A8F}"= UDP:c:\program files\Gpotato.eu\Flyff\Flyff.exe:Flyff
"{707A8E01-07A5-46E4-A22D-32E7306F723D}"= TCP:c:\program files\Gpotato.eu\Flyff\Flyff.exe:Flyff
"TCP Query User{C087951C-1EAE-4091-AA1F-F1FE5C52674E}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{C34061B0-92CE-43AD-9E27-2B573D21AFA6}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"{F04FDDBB-A7D6-4AE7-8290-425E1CC7F503}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1E7CE94A-2DCC-4804-A5B1-5534F2E85F9A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E6077711-E8AE-4243-9494-662D5A2BEBFF}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{DA6FB04E-D051-4779-8C7A-417F9C7D225A}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{02B28545-5A46-47BD-8CAA-6543B26E7B29}"= UDP:25143:BitComet 25143 TCP
"{85987B44-27BF-4E11-8071-E58BD03EBD58}"= TCP:25143:BitComet 25143 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [17/07/2009 10:32 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
2009-08-05 c:\windows\Tasks\User_Feed_Synchronization-{BF2B9587-31B9-45B0-804D-6A2445EA2EDE}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
2009-08-05 c:\windows\Tasks\User_Feed_Synchronization-{EAA42FF0-09F9-4192-8DB1-6438F6B9B23F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-realteks - c:\users\Gary\AppData\Roaming\Google\dwms.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\7vibbazp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 18:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\System32\rundll32.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Completion time: 2009-08-05 18:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 16:41
Pre-Run: 48 639 881 216 octets libres
Post-Run: 49 501 474 816 octets libres
268 --- E O F --- 2009-08-04 08:16
Merci d'avance
Kevin57340 