Sujet Précédent Sujet Suivant

Virus ->wifi endommage

Fermé
zabrat Messages postés 14 Date d'inscription mercredi 4 juin 2008 Statut Membre Dernière intervention 20 novembre 2008 - 7 nov. 2008 à 00:16
zabrat Messages postés 14 Date d'inscription mercredi 4 juin 2008 Statut Membre Dernière intervention 20 novembre 2008 - 20 nov. 2008 à 00:06
Bonjour a tous,
j'ai choppe un virus ki efface ma connection wifi et meme ma carte wifi qui n'est plus visible par mon protable hp dv600. Meme l'assistant sans fil HP n'affiche que le bluetooth. (je suis sous xp sp2).
Ce n'est pas le virus baggle car j'ai verifie la base de registre et c'est nikel!!
j'ai essaye combofix qui a repare le probleme mais ca n'a dure que 30 minutes.
voici le rapprot de combofix si ca peut etre utile:


ComboFix 08-11-05.02 - HP 2008-11-06 22:33:09.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.454 [GMT 1:00]
Running from: c:\documents and settings\HP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-04 16:41 . 2008-11-04 16:41 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-04 01:29 . 2008-11-05 03:33 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-03 23:10 . 2008-08-14 10:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-11-03 21:02 . 2008-11-03 21:02 <DIR> d--h----- c:\windows\PIF
2008-11-03 02:25 . 2008-11-03 02:25 <DIR> d-------- c:\documents and settings\HP\Application Data\InstallShield
2008-11-02 23:47 . 2008-11-02 23:47 <DIR> d-------- c:\program files\Broadcom
2008-10-31 07:07 . 2008-10-31 07:07 <DIR> d-------- c:\program files\Boson Software
2008-10-30 03:06 . 2008-10-30 03:06 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 03:31 . 2008-10-23 03:31 <DIR> d-------- c:\program files\GoldBarre
2008-10-22 08:03 . 2008-10-26 13:25 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-22 08:03 . 2008-10-22 08:03 1,409 --a------ c:\windows\QTFont.for
2008-10-21 03:57 . 2008-10-21 03:57 <DIR> d-------- c:\program files\Samsung
2008-10-14 04:06 . 2008-11-03 02:24 <DIR> d-------- c:\program files\HooTech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 21:38 28,494,624 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-06 21:37 1,953,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-06 20:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-06 19:16 391,088 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-06 19:16 188,036 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-03 21:41 822,272 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2008-11-03 01:25 --------- d-----w c:\program files\MessengerDiscovery
2008-11-03 01:25 --------- d-----w c:\program files\ma-config.com
2008-11-03 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-03 00:22 --------- d-----w c:\program files\HPQ
2008-11-03 00:22 --------- d-----w c:\program files\Hewlett-Packard
2008-11-01 06:26 --------- d-----w c:\program files\FlashGet
2008-10-31 17:23 --------- d-----w c:\program files\eMule
2008-10-31 06:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 02:06 --------- d-----w c:\program files\Java
2008-10-28 09:51 --------- d-----w c:\documents and settings\HP\Application Data\Skype
2008-10-28 09:00 --------- d-----w c:\documents and settings\HP\Application Data\skypePM
2008-10-21 03:16 --------- d-----w c:\documents and settings\HP\Application Data\Samsung
2008-10-16 09:47 --------- d-----w c:\program files\MP3 Stream Creator
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-19 15:17 60,712 ----a-w c:\documents and settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2008-09-18 10:40 --------- d-----w c:\program files\MP4Converter
2008-09-17 07:50 --------- d-----w c:\program files\BitPim
2008-09-16 03:02 --------- d-----w c:\program files\Valve
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-04-19 19:17 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_12.27.57.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 00:23:05 25,214 ----a-r c:\windows\Installer\{6FE30813-AC60-40A3-BE53-F6713A1F3893}\controlPanelIcon.exe
+ 2008-11-06 15:48:39 25,214 ----a-r c:\windows\Installer\{6FE30813-AC60-40A3-BE53-F6713A1F3893}\controlPanelIcon.exe
+ 2008-11-06 19:17:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-10 200069]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"NuTCSetupEnviron"="c:\progra~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe" [2001-01-02 16384]
"nwiz"="nwiz.exe" [2006-04-26 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-06-06 394856]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 c:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 10:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2008-04-18 19:19 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:37 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-29 21:51 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\Polish\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\oracle\\ora92\\Apache\\Apache\\Apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-04-17 11264]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-30 152984]
R2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2001-01-02 277272]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\Apache\apache.exe [2002-04-18 4096]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-05-10 61952]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 tapvpn;TAP VPN Adapter;c:\windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S2 OracleOraHome92TNSListenerLISTENER1;OracleOraHome92TNSListenerLISTENER1;c:\oracle\ora92\BIN\TNSLSNR [ ]
S2 OracleorantAgent;OracleorantAgent;c:\oracle\product\10.1.0\Client1\bin\agntsrvc.exe [ ]
S2 OracleorantHTTPServer;OracleorantHTTPServer;c:\oracle\product\10.1.0\Client1\Apache\Apache\apache.exe [ ]
S2 OracleorantTNSListener;OracleorantTNSListener;c:\oracle\product\10.1.0\Client1\BIN\TNSLSNR [ ]
S2 OracleServiceORCL;OracleServiceORCL;c:\oracle\ora92\bin\ORACLE.EXE ORCL [ ]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-10-28 195752]
S3 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;c:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
S3 OracleOraHomewinClientCache80;OracleOraHomewinClientCache80;c:\oracle\BIN\ONRSD80.EXE [2004-02-27 101136]
S3 OracleorantClientCache;OracleorantClientCache;c:\oracle\product\10.1.0\Client1\BIN\ONRSD.EXE [ ]
S3 OracleorantPagingServer;OracleorantPagingServer;c:\oracle\product\10.1.0\Client1/bin/pagntsrv.exe [ ]
S3 OracleorantSNMPPeerEncapsulator;OracleorantSNMPPeerEncapsulator;c:\oracle\product\10.1.0\Client1\BIN\ENCSVC.EXE [ ]
S3 OracleorantSNMPPeerMasterAgent;OracleorantSNMPPeerMasterAgent;c:\oracle\product\10.1.0\Client1\BIN\AGNTSVC.EXE [ ]
S3 OracleServicethe_sid;OracleServicethe_sid;c:\oracle\ora92\bin\ORACLE.EXE the_sid [ ]
S3 OracleServicethesid;OracleServicethesid;c:\oracle\ora92\bin\ORACLE.EXE thesid [ ]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\ztemtusbser.sys [2008-07-22 104320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07bd38ba-122a-11dd-8453-00164187f1e1}]
\Shell\AutoRun\command - a9.com
\Shell\explore\Command - a9.com
\Shell\open\Command - a9.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b10c9f5-21a3-11dd-846e-0016367f2ab5}]
\Shell\AutoRun\command - 2fiji.com
\Shell\explore\Command - 2fiji.com
\Shell\open\Command - 2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18036bb-2e1f-11dd-8496-0016367f2ab5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18036bc-2e1f-11dd-8496-0016367f2ab5}]
\Shell\AutoRun\command - G:\jiwsxh39.exe
\Shell\explore\Command - G:\jiwsxh39.exe
\Shell\open\Command - G:\jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d180370f-2e1f-11dd-8496-0016367f2ab5}]
\Shell\AutoRun\command - F:\jiwsxh39.exe
\Shell\explore\Command - F:\jiwsxh39.exe
\Shell\open\Command - F:\jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0ee1c90-0e6d-11dd-973b-0016367f2ab5}]
\Shell\AutoRun\command - a9.com
\Shell\explore\Command - a9.com
\Shell\open\Command - a9.com
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ljz5ymlx.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ljz5ymlx.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\documents and settings\HP\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 22:37:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???xS??????R?@?????,?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92TNSListenerLISTENER1]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleorantPagingServer]
"ImagePath"="c:\oracle\product\10.1.0\Client1/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleorantTNSListener]
"ImagePath"="c:\oracle\product\10.1.0\Client1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\windows\system32\nview.dll
.
Completion time: 2008-11-06 22:39:49
ComboFix-quarantined-files.txt 2008-11-06 21:39:36
ComboFix2.txt 2008-11-06 18:37:07
ComboFix3.txt 2008-11-06 15:46:05
ComboFix4.txt 2008-11-06 13:19:59
ComboFix5.txt 2008-11-06 21:32:47

Pre-Run: 17,617,137,664 bytes free
Post-Run: 17,601,843,200 bytes free

243 --- E O F --- 2008-11-03 22:11:51
A voir également:

1 réponse

Réponse 1 / 1
zabrat Messages postés 14 Date d'inscription mercredi 4 juin 2008 Statut Membre Dernière intervention 20 novembre 2008 2
20 nov. 2008 à 00:06
waiting in vain......
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
code universel pour wifi
block -
BUL_BAN -

3 réponses
Code Free Wifi Secure : comment en récupérer
Coralie -
jee pee -

8 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses