Antivirus XP 2008 spyware detected

kuleman · Août 13, 2008, 4:46

bonjour,
depuis ce matin j’ai le virus “antivirus XP 2008”. c’est apparu tout a coup, et depuis c’est la galere !
pas moyen de m’en debarasser. j’ai essaye des spyware, mais rien ne fonctionne, et a chaque fois j’ai un ecran bleu au final qui me dit de rebooter.
j’ai des pubs de antivirus qui s’affiche tout le temps. une page random de site de cul qui apparaissent et disparaissent. l’ordi qui ralentit. c’est l’enfer.

j’ai vu que d’autres avaient le meme probleme, mais chaque cas est un peu particulier apparemment. j’ai tente de suivre les reponses des autres cas, mais sans succes.

je ne sais pas du tout comment faire, pourriez-vous me donner un coup de main s’il vous plait ?!

guigui14100 · Août 13, 2008, 5:43

Salut

Post un log hijackthis

Fait un scan complet avec malwarebytes antimalware, supprime les détection et post le rapport

(les logiciels sont disponible dans la logithéque de clubic)

kuleman · Août 14, 2008, 5:21

merci de m’aider !
voici le log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at ?? 11:01:41, on 2008-08-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SetPoint\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\lphc7okj0e5fr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\neos.exe
C:\Program Files\SetPoint\SetPoint\SetPoint.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R3 - URLSearchHook: (no name) - {6113A2ED-1682-4B57-8DF9-1FEF9F6F6CA3} - C:\Program Files\PCFree\Modules\PCFreeHelper.dll
O2 - BHO: RunBHO - {54D8E0D7-FC69-468E-8B36-E5C9B1BDC7AB} - C:\WINDOWS\system\run.dll
O2 - BHO: (no name) - {6113A2ED-1682-4B57-8DF9-1FEF9F6F6CA3} - C:\Program Files\PCFree\Modules\PCFreeHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: BhoApp Class - {BA22646F-4258-97FA-F62B-DC4959C115FE} - C:\Program Files\altcmd\altcmd32.dll
O3 - Toolbar: ??? ??(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_3_139.dll
O4 - HKLM…\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM…\Run: [RunDaemon] C:\WINDOWS\system\rundlI32.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [Easy Synchronization] C:\Program Files\SetPoint\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM…\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [lphc7okj0e5fr] C:\WINDOWS\system32\lphc7okj0e5fr.exe
O4 - HKCU…\Run: [UniUSBDriver] C:\Documents and Settings\Administrator.KAMJA\Local Settings\Temp{2BD84ABA-6D2D-4C90-8046-FB03422B8221}{1196b828-b5c5-4a1d-82d9-5354a3961c85}\UniUSBDriver.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe”
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [neos] C:\WINDOWS\neos.exe
O4 - HKUS\S-1-5-19…\Run: [ctfmon.exe] ctfmon.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [ctfmon.exe] ctfmon.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18…\Run: [ctfmon.exe] ctfmon.exe (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\Run: [SystemDriverLoad] (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\Run: [SystemDriver] (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\Run: [FDriver] (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\Run: [ADriver] (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [ctfmon.exe] ctfmon.exe (User ‘Default user’)
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: ??? ?? - C:\Program… Files\naver\NaverToolbar\NaverTB_3_0_3_107.dll /SEARCH.HTML
O8 - Extra context menu item: ??? ??? - C:\Program… Files\naver\NaverToolbar\NaverTB_3_0_3_107.dll /BOOKMARK.HTML
O8 - Extra context menu item: ??? ??? ?? - C:\Program… Files\naver\NaverToolbar\NaverTB_3_0_3_107.dll /BLOG.HTML
O8 - Extra context menu item: ??? ?? ?? - C:\Program… Files\naver\NaverToolbar\NaverTB_3_0_3_107.dll /DIC.HTML
O8 - Extra context menu item: ??? ?? ?? - C:\Program… Files\naver\NaverToolbar\NaverTB_3_0_3_107.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java ?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ??? - {3EE937ED-CE4C-4416-AC3B-12A59F021185} - C:\Program Files\DC\DirectButton.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: *.update.microsoft.com…
O16 - DPF: {00ECE694-7A5C-482D-B11B-9592A4303737} (INETSETCtl Class) - metasearch.yonsei.ac.kr…
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - cyimg6.cyworld.nate.com…
O16 - DPF: {05F82D57-462B-4E84-97C6-E808B0670EAF} (XAgntRun Control) - portal.snu.ac.kr:6888…
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} (Aosmgr Control) - ahnlabdownload.nefficient.co.kr…
O16 - DPF: {084D34EE-CBF7-4BFA-B747-D310A165CF67} (QMSforOther Control) - www.myspeed.ne.kr…
O16 - DPF: {0CEB093F-50E4-43E4-A1FE-A11E8094C5FF} (CyEncoderActiveX Control) - minihp.cyworld.nate.com…
O16 - DPF: {11D327E3-EE49-4205-B986-596D1C96646F} (HanConnectManager Control) - www.hangok.com…
O16 - DPF: {12F95316-DEC3-4CBC-B708-B2A5E297DFBE} (KKBIS_ZaolmapClient Control) - www.gbis.go.kr…
O16 - DPF: {1545689F-FB2C-4941-B7B5-FE21D1F789E7} (TrustSite 1.0 Control) - img.telec.co.kr…
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - www.epostbank.go.kr…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {2022EE84-1E1F-45B0-8D35-FF9DA75366BC} (ExpressViewer Class) - ums.myangel.co.kr…
O16 - DPF: {216FC5D2-962D-4DD6-A000-02754CF91231} (MxMenu Class) - [C:\WINDOWS\Temp\MxMenu.cab…](file://C:\WINDOWS\Temp\MxMenu.cab)
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - vs.messagebay.co.kr…
O16 - DPF: {2506B38B-0FF7-4249-BA3E-8BC1DC399FBB} (MxDataSet Class) - [C:\WINDOWS\Temp\MxDataSet.cab…](file://C:\WINDOWS\Temp\MxDataSet.cab)
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - simfile.chol.com…
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - dn2.initech.com…
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - file.nx.com…
O16 - DPF: {2A99B1B3-E263-4A00-A167-C1B967716DE2} (MxChart Class) - [C:\WINDOWS\Temp\MxChart.cab…](file://C:\WINDOWS\Temp\MxChart.cab)
O16 - DPF: {2B0B1D8B-CAAA-4E06-BD9A-A09A916BD67A} (MxImageSet Class) - [C:\WINDOWS\Temp\MxImageSet.cab…](file://C:\WINDOWS\Temp\MxImageSet.cab)
O16 - DPF: {2D4411C2-5F0F-4182-9599-30CF9B4FB2EE} (PhotoX Class) - photolog.blog.naver.com…
O16 - DPF: {2F5DF8D9-F63C-460E-B5CB-399E816B0274} (MxTextArea Class) - [C:\WINDOWS\Temp\MxTextArea.cab…](file://C:\WINDOWS\Temp\MxTextArea.cab)
O16 - DPF: {3042C30E-50B7-44EF-B4B6-C9AB391DEF78} (Manager Class) - www.xcion.co.kr…
O16 - DPF: {36720FCC-EFF3-406D-904C-7C6AEDDE2447} (WebDownloadLuncher_movierg Control) - movierg.com…
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - pib.wooribank.com…
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - eng.wooribank.com…
O16 - DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} (AllatPayREAtl Class) - tx.allatpay.com…
O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} (Sysinfo2 Control) - 210.182.142.35:8020…
O16 - DPF: {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} (PowerComSpeedTest Control) - 210.182.142.35:8020…
O16 - DPF: {441F59A6-8813-457B-9A48-C5AA21A55DF4} (FolderoStarter Control) - new.foldero.com…
O16 - DPF: {4A35BB2C-B831-4199-A486-FEA332D085D9} (MxBinder Class) - [C:\WINDOWS\Temp\MxBinder.cab…](file://C:\WINDOWS\Temp\MxBinder.cab)
O16 - DPF: {4AEAFD66-8D65-41AC-B1D1-57E7FF2A734F} (MxMaskEdit Class) - [C:\WINDOWS\Temp\MxMaskEdit.cab…](file://C:\WINDOWS\Temp\MxMaskEdit.cab)
O16 - DPF: {5002118E-45F8-4AAB-95A3-2EF269057B97} (NHNActiveX Control) - up.blog.naver.com…
O16 - DPF: {55218724-9E0F-4A9A-858C-B5E6F5A9C65E} (Idefense3.1 Control) - kings.cachenet.com…
O16 - DPF: {55218724-9E0F-4A9A-858C-B5E6F5A9C65F} (Idefense Control) - kings.cachenet.com…
O16 - DPF: {5586077A-2041-4710-8F2E-0D5060D0378D} (Kdfense Control) - kings.cachenet.com…
O16 - DPF: {5AD9C93B-7A86-4F8C-A6E6-0A2F8C12331B} (Wloader Control) - file.ziller.co.kr:8000…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - cafe.naver.com…
O16 - DPF: {642F28CC-EE71-4015-8CB4-77AA75A47E65} (AxEGOVLogin Class) - gcc.nefficient.co.kr…
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - imgcdn.pandora.tv…
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - mail.yonsei.ac.kr…
O16 - DPF: {6BA6E0F6-E3A1-45ED-9E03-CBFC682EC63C} (MxTab Class) - [C:\WINDOWS\Temp\MxTab.cab…](file://C:\WINDOWS\Temp\MxTab.cab)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - ck.softforum.co.kr…
O16 - DPF: {6DD1CE9F-1722-46F0-AF93-B2BC58383CD2} (MxTree Class) - [C:\WINDOWS\Temp\MxTree.cab…](file://C:\WINDOWS\Temp\MxTree.cab)
O16 - DPF: {6EBA4C9C-4EEA-402A-B4A2-F247B7B9738F} (RxMVP Control) - 211.234.229.28…
O16 - DPF: {6F63B5E1-10EE-4D25-8CFF-2C17117A084D} (SecuSSLVPN Class) - diana.snu.ac.kr:7001…
O16 - DPF: {6F863FB0-36E2-44B3-A497-1E0CE9200A56} (TerraceHttpUpload Control) - mail.yonsei.ac.kr…
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - www.bccard.com…
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - 211.189.37.94…
O16 - DPF: {7876A60C-6116-4AD9-B0EE-C53A06C08747} (IPCheckerX Control) - 203.248.245.162:8080…
O16 - DPF: {78E24950-4295-43D8-9B1A-1F41CD7130E5} (MxLogicalTR Class) - [C:\WINDOWS\Temp\MxLogicalTR.cab…](file://C:\WINDOWS\Temp\MxLogicalTR.cab)
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - www.x2game.com…
O16 - DPF: {8068959B-E424-45AD-B62B-A3FA45B1FBAF} (Report Designer 4.0 Control) - underwood1.yonsei.ac.kr:7779…
O16 - DPF: {81B14C2D-6436-42C6-83EC-F60DEF852AEC} (MakeShortCut Control) - www.gmarket.co.kr…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - charon777.free.fr…
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - download.signgate.com…
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - blog.naver.com…
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - cyimg8.cyworld.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {91A6D076-F1AA-44DC-9825-9F7DE41E2398} (WooricyMap Control) - traffic.local.naver.com…
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - app.tubemusic.com…
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - secure.kcp.co.kr…
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - ahnlabdownload.nefficient.co.kr…
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - file.naver.com…
O16 - DPF: {9DEFEDFC-8193-4BE6-AA60-B6375AB7C8BE} (Launcher Class) - patch.mnet.com…
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) -
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - plugin.inicis.com…
O16 - DPF: {A31736ED-B338-4310-8E4C-FCDC91738ECD} (WebHardImagePreview Control) - program.webhard.co.kr…
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - kings.nefficient.co.kr…
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - cyimg7.cyworld.nate.com…
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - pgdownload.lgdacom.net…
O16 - DPF: {AB14AFC3-7AFB-403E-8ABF-8966E0FD360D} (DnsChangeX Control) - 203.248.245.162:8080…
O16 - DPF: {AB62736B-21A9-4BFD-B895-A73F8607864C} (Naver Sketch) - blog.naver.com…
O16 - DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} (EzCertForClient Control) - gcc.nefficient.co.kr…
O16 - DPF: {B22DC058-80A2-438F-A64D-08B3B04AD7E0} (MxRadio Class) - [C:\WINDOWS\Temp\MxRadio.cab…](file://C:\WINDOWS\Temp\MxRadio.cab)
O16 - DPF: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} (Naver Mail BigFile Upload Control2) - mail.naver.com…
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - cafeimg.hanmail.net…
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - download.signgate.com…
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - www.hangame.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {C722848E-C7EE-4DC6-947E-C2CD49BBA9DE} (MxFileControl Class) - [C:\WINDOWS\Temp\MxFileControl.cab…](file://C:\WINDOWS\Temp\MxFileControl.cab)
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - program.webhard.co.kr…
O16 - DPF: {CC21233B-9A79-4D9F-B169-8DFBFA923861} (SearchAx Control) - www.infomeca.co.kr…
O16 - DPF: {CC26E2A9-760B-4EA6-8DDF-DB423FD24089} (MxReport Class) - [C:\WINDOWS\Temp\MxReport.cab…](file://C:\WINDOWS\Temp\MxReport.cab)
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - casx.musiccity.co.kr…
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - update.nprotect.net…
O16 - DPF: {D0E0AE91-4B4A-4377-9FC4-FBA240471FB1} (NWebPhotoManager) - upphoto.blog.naver.com…
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - update.nprotect.net…
O16 - DPF: {D7B608A1-2575-4726-8460-3446D73AC32C} (ActNeoInstall Control) - www.neofolder.com…
O16 - DPF: {D7EBA5BF-69D0-40E4-B513-87078CA7DD87} (Woori Credit Card Class) - ccd.wooribank.com…
O16 - DPF: {D8798B2A-5EB1-424A-AB19-E38CFB69E295} (CywordMovieUp Control) - mptop.cyworld.nate.com…
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - gcc.nefficient.co.kr…
O16 - DPF: {D8BCC087-4710-427D-B2E4-A4B93B6EA197} (MxCombo Class) - [C:\WINDOWS\Temp\MxCombo.cab…](file://C:\WINDOWS\Temp\MxCombo.cab)
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - asp.congnamul.com…
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - update.nprotect.net…
O16 - DPF: {DC5C4F1B-8F7A-47CE-ACCA-EBB25D1567C6} (Naver_ZaolMap2Client Control) - traffic.local.naver.com…
O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - www.congnamul.com…
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - cafeimg.hanmail.net…
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - program.webhard.co.kr…
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - pg.banktown.com…
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - www.vpay.co.kr…
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - kings.cachenet.com…
O16 - DPF: {EA8B6EE6-3DD8-4534-B4BB-27148CF0042B} (MxGrid Class) - [C:\WINDOWS\Temp\MxGrid.cab…](file://C:\WINDOWS\Temp\MxGrid.cab)
O16 - DPF: {EDEB4C33-5320-42B3-838C-ADF6A0D2055B} (XA3boxUpDown Control) - www.a3box.co.kr…
O16 - DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} (RD_SmartUpdate Class) - pib.wooribank.com…
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - www.gmarket.co.kr…
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - secure.gopetslive.com…
O16 - DPF: {FF700A33-E570-4947-9C09-92E50449B547} (WebPriSKTelecom Control) - emailweb.sktelecom.com…
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\ADMINI~1.KAM\LOCALS~1\Temp\dnlsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod ??? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe (file missing)

–
End of file - 22982 bytes

je tente plusieurs fois de scanner avec malware, mais au bout d’un moment ca plante, et j’ai un ecran bleu, et je dois rebooter…

guigui14100 · Août 14, 2008, 1:49

Désactive tes protections
Utilise combofix et laisse travailler
Colle le rapport

Dans hijackthis fix

O16 - DPF: {00ECE694-7A5C-482D-B11B-9592A4303737} (INETSETCtl Class) - metasearch.yonsei.ac.kr…
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - cyimg6.cyworld.nate.com…
O16 - DPF: {05F82D57-462B-4E84-97C6-E808B0670EAF} (XAgntRun Control) - portal.snu.ac.kr:6888…
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} (Aosmgr Control) - ahnlabdownload.nefficient.co.kr…
O16 - DPF: {084D34EE-CBF7-4BFA-B747-D310A165CF67} (QMSforOther Control) - www.myspeed.ne.kr…
O16 - DPF: {0CEB093F-50E4-43E4-A1FE-A11E8094C5FF} (CyEncoderActiveX Control) - minihp.cyworld.nate.com…
O16 - DPF: {11D327E3-EE49-4205-B986-596D1C96646F} (HanConnectManager Control) - www.hangok.com…
O16 - DPF: {12F95316-DEC3-4CBC-B708-B2A5E297DFBE} (KKBIS_ZaolmapClient Control) - www.gbis.go.kr…
O16 - DPF: {1545689F-FB2C-4941-B7B5-FE21D1F789E7} (TrustSite 1.0 Control) - img.telec.co.kr…
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - www.epostbank.go.kr…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {2022EE84-1E1F-45B0-8D35-FF9DA75366BC} (ExpressViewer Class) - ums.myangel.co.kr…
O16 - DPF: {216FC5D2-962D-4DD6-A000-02754CF91231} (MxMenu Class) - C:WINDOWSTempMxMenu.cab…
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - vs.messagebay.co.kr…
O16 - DPF: {2506B38B-0FF7-4249-BA3E-8BC1DC399FBB} (MxDataSet Class) - C:WINDOWSTempMxDataSet.cab…
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - simfile.chol.com…
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - dn2.initech.com…
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - file.nx.com…
O16 - DPF: {2A99B1B3-E263-4A00-A167-C1B967716DE2} (MxChart Class) - C:WINDOWSTempMxChart.cab…
O16 - DPF: {2B0B1D8B-CAAA-4E06-BD9A-A09A916BD67A} (MxImageSet Class) - C:WINDOWSTempMxImageSet.cab…
O16 - DPF: {2D4411C2-5F0F-4182-9599-30CF9B4FB2EE} (PhotoX Class) - photolog.blog.naver.com…
O16 - DPF: {2F5DF8D9-F63C-460E-B5CB-399E816B0274} (MxTextArea Class) - C:WINDOWSTempMxTextArea.cab…
O16 - DPF: {3042C30E-50B7-44EF-B4B6-C9AB391DEF78} (Manager Class) - www.xcion.co.kr…
O16 - DPF: {36720FCC-EFF3-406D-904C-7C6AEDDE2447} (WebDownloadLuncher_movierg Control) - movierg.com…
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - pib.wooribank.com…
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - eng.wooribank.com…
O16 - DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} (AllatPayREAtl Class) - tx.allatpay.com…
O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} (Sysinfo2 Control) - 210.182.142.35:8020…
O16 - DPF: {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} (PowerComSpeedTest Control) - 210.182.142.35:8020…
O16 - DPF: {441F59A6-8813-457B-9A48-C5AA21A55DF4} (FolderoStarter Control) - new.foldero.com…
O16 - DPF: {4A35BB2C-B831-4199-A486-FEA332D085D9} (MxBinder Class) - C:WINDOWSTempMxBinder.cab…
O16 - DPF: {4AEAFD66-8D65-41AC-B1D1-57E7FF2A734F} (MxMaskEdit Class) - C:WINDOWSTempMxMaskEdit.cab…
O16 - DPF: {5002118E-45F8-4AAB-95A3-2EF269057B97} (NHNActiveX Control) - up.blog.naver.com…
O16 - DPF: {55218724-9E0F-4A9A-858C-B5E6F5A9C65E} (Idefense3.1 Control) - kings.cachenet.com…
O16 - DPF: {55218724-9E0F-4A9A-858C-B5E6F5A9C65F} (Idefense Control) - kings.cachenet.com…
O16 - DPF: {5586077A-2041-4710-8F2E-0D5060D0378D} (Kdfense Control) - kings.cachenet.com…
O16 - DPF: {5AD9C93B-7A86-4F8C-A6E6-0A2F8C12331B} (Wloader Control) - file.ziller.co.kr:8000…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - cafe.naver.com…
O16 - DPF: {642F28CC-EE71-4015-8CB4-77AA75A47E65} (AxEGOVLogin Class) - gcc.nefficient.co.kr…
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - imgcdn.pandora.tv…
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - mail.yonsei.ac.kr…
O16 - DPF: {6BA6E0F6-E3A1-45ED-9E03-CBFC682EC63C} (MxTab Class) - C:WINDOWSTempMxTab.cab…
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - ck.softforum.co.kr…
O16 - DPF: {6DD1CE9F-1722-46F0-AF93-B2BC58383CD2} (MxTree Class) - C:WINDOWSTempMxTree.cab…
O16 - DPF: {6EBA4C9C-4EEA-402A-B4A2-F247B7B9738F} (RxMVP Control) - 211.234.229.28…
O16 - DPF: {6F63B5E1-10EE-4D25-8CFF-2C17117A084D} (SecuSSLVPN Class) - diana.snu.ac.kr:7001…
O16 - DPF: {6F863FB0-36E2-44B3-A497-1E0CE9200A56} (TerraceHttpUpload Control) - mail.yonsei.ac.kr…
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - www.bccard.com…
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - 211.189.37.94…
O16 - DPF: {7876A60C-6116-4AD9-B0EE-C53A06C08747} (IPCheckerX Control) - 203.248.245.162:8080…
O16 - DPF: {78E24950-4295-43D8-9B1A-1F41CD7130E5} (MxLogicalTR Class) - C:WINDOWSTempMxLogicalTR.cab…
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - www.x2game.com…
O16 - DPF: {8068959B-E424-45AD-B62B-A3FA45B1FBAF} (Report Designer 4.0 Control) - underwood1.yonsei.ac.kr:7779…
O16 - DPF: {81B14C2D-6436-42C6-83EC-F60DEF852AEC} (MakeShortCut Control) - www.gmarket.co.kr…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - charon777.free.fr…
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - download.signgate.com…
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - blog.naver.com…
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - cyimg8.cyworld.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {91A6D076-F1AA-44DC-9825-9F7DE41E2398} (WooricyMap Control) - traffic.local.naver.com…
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - app.tubemusic.com…
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - secure.kcp.co.kr…
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - ahnlabdownload.nefficient.co.kr…
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - file.naver.com…
O16 - DPF: {9DEFEDFC-8193-4BE6-AA60-B6375AB7C8BE} (Launcher Class) - patch.mnet.com…
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) -
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - plugin.inicis.com…
O16 - DPF: {A31736ED-B338-4310-8E4C-FCDC91738ECD} (WebHardImagePreview Control) - program.webhard.co.kr…
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - kings.nefficient.co.kr…
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - cyimg7.cyworld.nate.com…
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - pgdownload.lgdacom.net…
O16 - DPF: {AB14AFC3-7AFB-403E-8ABF-8966E0FD360D} (DnsChangeX Control) - 203.248.245.162:8080…
O16 - DPF: {AB62736B-21A9-4BFD-B895-A73F8607864C} (Naver Sketch) - blog.naver.com…
O16 - DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} (EzCertForClient Control) - gcc.nefficient.co.kr…
O16 - DPF: {B22DC058-80A2-438F-A64D-08B3B04AD7E0} (MxRadio Class) - C:WINDOWSTempMxRadio.cab…
O16 - DPF: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} (Naver Mail BigFile Upload Control2) - mail.naver.com…
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - cafeimg.hanmail.net…
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - download.signgate.com…
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - www.hangame.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {C722848E-C7EE-4DC6-947E-C2CD49BBA9DE} (MxFileControl Class) - C:WINDOWSTempMxFileControl.cab…
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - program.webhard.co.kr…
O16 - DPF: {CC21233B-9A79-4D9F-B169-8DFBFA923861} (SearchAx Control) - www.infomeca.co.kr…
O16 - DPF: {CC26E2A9-760B-4EA6-8DDF-DB423FD24089} (MxReport Class) - C:WINDOWSTempMxReport.cab…
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - casx.musiccity.co.kr…
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - update.nprotect.net…
O16 - DPF: {D0E0AE91-4B4A-4377-9FC4-FBA240471FB1} (NWebPhotoManager) - upphoto.blog.naver.com…
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - update.nprotect.net…
O16 - DPF: {D7B608A1-2575-4726-8460-3446D73AC32C} (ActNeoInstall Control) - www.neofolder.com…
O16 - DPF: {D7EBA5BF-69D0-40E4-B513-87078CA7DD87} (Woori Credit Card Class) - ccd.wooribank.com…
O16 - DPF: {D8798B2A-5EB1-424A-AB19-E38CFB69E295} (CywordMovieUp Control) - mptop.cyworld.nate.com…
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - gcc.nefficient.co.kr…
O16 - DPF: {D8BCC087-4710-427D-B2E4-A4B93B6EA197} (MxCombo Class) - C:WINDOWSTempMxCombo.cab…
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - asp.congnamul.com…
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - update.nprotect.net…
O16 - DPF: {DC5C4F1B-8F7A-47CE-ACCA-EBB25D1567C6} (Naver_ZaolMap2Client Control) - traffic.local.naver.com…
O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - www.congnamul.com…
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - cafeimg.hanmail.net…
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - program.webhard.co.kr…
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - pg.banktown.com…
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - www.vpay.co.kr…
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - kings.cachenet.com…
O16 - DPF: {EA8B6EE6-3DD8-4534-B4BB-27148CF0042B} (MxGrid Class) - C:WINDOWSTempMxGrid.cab…
O16 - DPF: {EDEB4C33-5320-42B3-838C-ADF6A0D2055B} (XA3boxUpDown Control) - www.a3box.co.kr…
O16 - DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} (RD_SmartUpdate Class) - pib.wooribank.com…
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - www.gmarket.co.kr…
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - secure.gopetslive.com
O16 - DPF: {FF700A33-E570-4947-9C09-92E50449B547} (WebPriSKTelecom Control) - emailweb.sktelecom.com…

Post un nouveau log hijackthis stp