[Résolu] RunDLL - Winfnz32.rom

[tribalsquare]

Bonjour à tous et à toutes,

C'est avec regret que je rejoins cette communauté pour autre chose que le partage ou la découverte de 7.
En effet je viens de recevoir un malware je pense :

Une fenêtre d'erreur sous Seven s'affiche :

RunDLL

Problème lors du démarrage de winfnz32.rom
Le module spécifié est introuvable.

J'espère pouvoir trouver ici de l'aide à ce problème, en attendant je file faire un tour sur ce forum qui m'a l'air bien rempli.

Merci par avance,

Trib' !

[Ycor]

Bonjour
Attend l'avis d'un expert, mais j'ai bein peur que tu as un nuisible dans ton PC

Dans l'attente, télécharge et passe un coup de Malewarebytes

[tribalsquare]

Merci pour la réponse à même pas 11h un dimanche :O !

Je passe un coup de malwarebytes en l'ayant mis à jour

[Ycor]

Bonjour

Merci pour la réponse à même pas 11h un dimanche :O !

Déjà trois heures qu'on est debout et on se prépare à partir en forêt

[tribalsquare]

Des randonneurs en plus, quelle contrée sans être indiscret ? Bonne balade alors !

[nardino]

Bonjour,
N'oublie pas de poster le rapport Malwarebytes.:
Tu lui adjoindras celui-ci :
Télécharge DDS.scr de sUBs
http://download.bleepingcomputer.com/sUBs/dds.scr

Désactive tes protections résidentes un fois l'outil chargé sur le bureau
Il ne nécessite pas d'installation et ne modifie pas le registre.
Clic dsur DDS.scr, clique sur Entrer pour lancer l'outil.
Une barre de progression va s'afficher dans la fenêtre DOS.
A la fin du scan un rapport Attach.txt va s'ouvrir, enregistre-le sous ce nom sur le bureau.
Active le fichier DDS.txt dans la barre des tâches et enregistre-le aussi sous son nom.
Poste DDS.txt par copier-coller dans ta réponse.
@+

[tribalsquare]

Salut Nardino,

Je te remercie de la rapidité. C'est fulgurant, au passage j'ai remarqué que tu avais opté pour une MX518, la meilleure
Voilà mon rapport DDS, celui de malwarebytes semble pas encore terminé après 5h de scann...

DDS (Ver_10-03-17.01) - NTFSX64
Run by user at 15:51:42,69 on 25/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.6143.4777 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskhost.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~2\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~2\McAfee.com\Agent\McUpdate.exe
C:\PROGRA~2\McAfee\MSM\McSmtFwk.exe
C:\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3802&r=17361109ln06973g58km5ug7i1ll94
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3802&r=17361109ln06973g58km5ug7i1ll94
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3802&r=17361109ln06973g58km5ug7i1ll94
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3802&r=17361109ln06973g58km5ug7i1ll94
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files (x86)\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Free Download Manager] "c:\program files (x86)\free download manager\fdm.exe" -autorun
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [MSSMSGS] rundll32.exe winfnz32.rom,ZQuAniOiBwhc
uRun: [AdobeBridge]
mRun: [BackupManagerTray] "c:\program files (x86)\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k
mRun: [Hotkey Utility] c:\program files (x86)\acer\hotkey utility\HotkeyUtility.exe
mRun: [EgisTecLiveUpdate] "c:\program files (x86)\egistec egis software update\EgisUpdate.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [ArcadeDeluxeAgent] "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "c:\program files (x86)\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [IAStorIcon] c:\program files (x86)\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Tout télécharger avec Free Download Manager - file://c:\program files (x86)\free download manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files (x86)\free download manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files (x86)\free download manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files (x86)\free download manager\dlfvideo.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [mwlDaemon] c:\program files (x86)\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\qic4lq2s.default\
FF - component: c:\program files (x86)\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files (x86)\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\x86\nphardwaredetection.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-27 308296]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-6-4 1150496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-7-24 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [2010-7-23 110312]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-7-25 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-7-25 155456]
R2 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-8-13 62208]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-8-27 240160]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y62x64.sys [2009-8-27 287960]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-27 102472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-12 84584]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-24 245280]
S2 0057601280045016mcinstcleanup;McAfee Application Installer Cleanup (0057601280045016);c:\windows\temp\005760~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\005760~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Service Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-23 135664]
S3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\drivers\driverhardwarev2x64.sys [2010-5-1 15872]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-7-24 1038088]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-7-19 341504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-27 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-27 49480]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2009-8-27 332272]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-24 1255736]
S4 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-7-25 606736]

=============== Created Last 30 ================

2010-07-25 09:13:20 45 ----a-w- c:\windows\syswow64\initdebug.nfo
2010-07-25 09:13:20 0 d-----w- c:\program files (x86)\SpeedFan
2010-07-25 09:10:45 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-25 09:10:45 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll
2010-07-25 09:10:45 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-25 09:10:45 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll
2010-07-25 09:10:44 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-25 09:10:44 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-07-25 09:08:30 0 d-----w- c:\program files (x86)\Codemasters
2010-07-25 08:42:11 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2010-07-25 08:42:04 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 08:42:04 0 d-----w- c:\programdata\Malwarebytes
2010-07-25 08:42:04 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-24 20:12:14 0 d-----w- c:\programdata\NOS
2010-07-24 17:05:50 0 d-----w- c:\users\user\appdata\roaming\Ubisoft
2010-07-24 17:04:48 0 d-----w- c:\programdata\Ubisoft
2010-07-24 16:57:50 0 d-----w- c:\program files (x86)\SystemRequirementsLab
2010-07-24 12:31:13 0 d-----w- c:\users\user\appdata\roaming\Intel Corporation
2010-07-24 12:08:08 9112096 ----a-w- c:\windows\syswow64\RtsUStoricon.dll
2010-07-24 12:08:08 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2010-07-24 12:08:08 245280 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2010-07-24 12:03:01 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-07-24 11:58:54 0 d-----w- c:\program files (x86)\JRE
2010-07-24 11:58:01 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-07-24 11:55:48 0 d-----w- c:\programdata\Sun
2010-07-24 11:55:25 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-24 11:55:25 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-24 11:55:25 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-24 11:55:25 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-24 11:30:36 54156 ---ha-w- c:\windows\QTFont.qfn
2010-07-24 11:30:36 1409 ----a-w- c:\windows\QTFont.for
2010-07-24 11:30:00 0 d-----w- c:\programdata\Apple Computer
2010-07-24 10:42:45 0 d-----w- c:\programdata\FLEXnet
2010-07-24 10:31:36 0 d-----w- c:\program files\Adobe
2010-07-24 10:18:25 0 d-----w- c:\programdata\ALM
2010-07-24 10:03:14 0 d-----w- c:\windows\syswow64\spool
2010-07-24 10:00:21 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-24 09:17:42 0 d-----w- c:\program files\common files\Adobe
2010-07-24 09:13:36 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-07-24 08:44:34 82432 ----a-w- c:\windows\syswow64\winfnz32.rom
2010-07-24 07:54:33 0 d-----w- c:\program files (x86)\VideoLAN
2010-07-24 01:28:16 0 d-----w- c:\windows\syswow64\Wat
2010-07-24 01:28:16 0 d-----w- c:\windows\system32\Wat
2010-07-24 01:09:06 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-24 01:09:06 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-07-24 01:07:19 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-07-24 01:05:53 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-24 01:05:53 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-24 01:05:53 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-24 01:05:53 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-24 01:05:53 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-24 01:05:53 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-24 01:05:53 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-24 01:05:53 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-24 01:05:53 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-24 01:05:53 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-24 01:05:36 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-23 18:06:59 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-07-23 18:04:00 0 d-----w- c:\windows\syswow64\directx
2010-07-23 18:02:32 0 d-----w- c:\programdata\ma-config.com
2010-07-23 18:02:32 0 d-----w- c:\program files\ma-config.com
2010-07-23 17:43:17 0 d-----w- c:\program files\WinRAR
2010-07-23 16:34:29 0 d-----w- c:\users\user\Tracing
2010-07-23 15:45:00 0 d-----w- C:\Downloads
2010-07-23 15:42:51 0 d-----w- c:\users\user\appdata\roaming\Free Download Manager
2010-07-23 15:42:50 0 d-----w- c:\programdata\FreeDownloadManager.ORG
2010-07-23 15:42:49 0 d-----w- c:\program files (x86)\Free Download Manager
2010-07-23 15:38:52 0 d-----w- c:\programdata\McAfee Security Scan
2010-07-23 15:38:52 0 d-----w- c:\program files (x86)\McAfee Security Scan
2010-07-23 15:38:05 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-07-23 15:38:05 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-07-23 15:38:05 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-07-23 15:38:04 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-07-23 15:38:04 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-07-23 15:38:04 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-07-23 15:38:02 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2010-07-23 15:38:01 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2010-07-23 15:38:01 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2010-07-23 15:38:00 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-07-23 15:36:54 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-23 15:30:17 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-07-23 15:30:17 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-23 15:30:08 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-23 15:30:08 132608 ----a-w- c:\windows\syswow64\cabview.dll

==================== Find3M ====================

2010-07-25 08:20:44 694766 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-25 08:20:44 127478 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-15 13:18:22 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-02 02:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 02:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 02:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 02:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 09:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 09:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 09:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 09:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 09:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 09:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2009-11-05 17:47:57 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2009-11-05 17:47:57 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2009-11-05 17:47:57 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2009-11-05 17:47:57 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-10 19:23:42 192484 ----a-w- c:\program files (x86)\common files\Acer GameZone online.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:53:36,13 ===============

Je poste l'autre rapport dés qu'il est terminé.

Merci encore !

[tribalsquare]

Voici le rapport de malwares bytes :

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Version de la base de données: 4345

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/07/2010 16:24:19
mbam-log-2010-07-25 (16-24-19).txt

Type d'examen: Examen complet (C:\|D:\|K:\|)
Elément(s) analysé(s): 419212
Temps écoulé: 5 heure(s), 26 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssmsgs (Backdoor.Bot) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\winfnz32.rom (Backdoor.Bot) -> No action taken.

[nardino]

Bonsoir,
Tu relances Malwarebytes et tu supprimes la sélection à la fin du scan.
Et les choses devraient rentrer dans l'ordre.
@+

[tribalsquare]

Bonsoir,

En effet j'ai bien attendu ta réponse avant de fermer Malwarebytes, j'ai donc supprimé !
Je te remercie encore du temps accordé, faut il passer le sujet en résolu ?

Trib' !