Braviax Infection, besoins d'aide svp!!
Forum Sécurité - Virus : Braviax Infection, besoins d'aide svp!!
Bonjours à Tous,
Je me bat depuis ce matin avec une BELLE MERDE !
Toute les 5 secondes j'ai un faux Pop Up qui se déclenche, disant que je suis infecté .. et j'ai regardé dans les processus actif, "braviax.exe" est en cour.
J'ai téléchargé Combofix (sUBs) et voici le rapport complet:
ComboFix 08-07-31.02 - 2008-08-01 10:29:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18. [GMT 2:00]
Endroit: C:\Documents and Settings\RAZAT Maurice\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\RAZAT Maurice\Application Data\inst.exe
C:\WINDOWS\system32\braviax.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 11:21 . 2008-07-31 11:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-31 11:21 . 2008-07-31 11:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 11:12 . 2008-07-31 11:12 18,944 --a------ C:\WINDOWS\system32\aoltoolbar.dll
2008-07-31 11:12 . 2008-07-31 11:12 18,944 --a------ C:\WINDOWS\system32\aol_toolbar.dll
2008-07-27 12:06 . 2008-07-19 11:40 478,513 --------- C:\WINDOWS\hpoins21.dat.temp
2008-07-27 12:06 . 2007-05-15 12:10 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-07-27 10:49 . 2008-07-27 10:49 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-07-27 10:49 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-27 10:48 . 2008-07-27 10:48 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-07-27 10:48 . 2008-07-27 10:48 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-26 10:54 . 2008-07-26 10:58 <REP> d-------- C:\Program Files\Talisman 2
2008-07-26 10:52 . 2008-07-26 10:52 <REP> d-------- C:\Program Files\Sophos
2008-07-19 11:40 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-19 11:40 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-19 11:39 . 2008-07-19 11:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-19 11:39 . 2008-07-19 11:40 478,513 --------- C:\WINDOWS\hpoins21.dat
2008-07-19 11:39 . 2007-05-02 12:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-07-19 11:39 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-07-19 11:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-19 11:39 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-19 11:39 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-07-19 11:39 . 2007-05-15 12:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-07-19 11:38 . 2007-05-02 10:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-07-19 11:38 . 2007-05-02 11:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-07-19 11:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-07-19 11:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-07-19 11:38 . 2007-05-02 11:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-07-19 11:38 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-19 11:38 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-17 10:54 . 2008-07-17 10:54 <REP> d-------- C:\Program Files\Sun
2008-07-16 14:43 . 2008-07-16 14:43 311,322 --a------ C:\WINDOWS\CSSBScript - Version Full Uninstaller.exe
2008-07-15 19:44 . 2008-07-15 19:44 <REP> d-------- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-07-15 19:02 . 2008-07-16 12:20 <REP> d---s---- C:\Program Files\HLSW
2008-07-15 19:02 . 2008-07-16 12:19 <REP> d-------- C:\Documents and Settings\RAZAT Maurice\Application Data\HLSW
2008-07-13 19:04 . 2008-07-13 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-13 17:44 . 2008-07-13 17:44 <REP> d-------- C:\Program Files\VSO
2008-07-13 17:44 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-13 17:44 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-13 17:44 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-13 17:34 . 2008-07-13 17:56 <REP> d-------- C:\Program Files\Super_DVD_Creator_9.5
2008-07-13 17:27 . 2008-07-13 19:25 <REP> d-------- C:\Documents and Settings\RAZAT Maurice\Application Data\Vso
2008-07-13 17:27 . 2008-07-13 17:44 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-13 17:27 . 2008-07-13 17:44 47,360 --a------ C:\Documents and Settings\RAZAT Maurice\Application Data\pcouffin.sys
2008-07-12 09:28 . 2008-07-12 09:28 <REP> d-------- C:\Program Files\Neuf
2008-07-12 09:28 . 2008-07-15 15:50 <REP> d-------- C:\Documents and Settings\Favoris\Neuf
2008-07-07 11:10 . 2008-07-07 11:10 <REP> d-------- C:\WINDOWS\Sun
2008-07-04 21:08 . 2008-07-17 10:54 <REP> d-------- C:\Program Files\Java
2008-07-04 21:08 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 21:07 . 2008-07-04 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-04 15:42 . 2008-07-04 15:42 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-07-04 15:42 . 2008-07-04 15:42 <REP> d-------- C:\Documents and Settings\RAZAT Maurice\Application Data\teamspeak2
2008-07-04 15:42 . 2008-07-04 15:42 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 09:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 16:34 --------- d-----w C:\Documents and Settings\RAZAT Maurice\Application Data\uTorrent
2008-07-16 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 09:36 --------- d-----w C:\Program Files\Steam
2008-07-01 08:25 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-06-21 08:11 --------- d-----w C:\Program Files\uTorrent
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 10:49 --------- d-----w C:\Documents and Settings\RAZAT Maurice\Application Data\FileZilla
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 17:37 --------- d-----w C:\Documents and Settings\RAZAT Maurice\Application Data\U3
2008-05-25 20:21 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam"="D:\PacSteamT\Steam.exe" [2008-07-16 12:12 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-10-13 17:04 994096]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-25 22:21 949376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 17:04]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2008-04-23 21:24]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 13:27]
S3 vhack;vhack;C:\Documents and Settings\RAZAT Maurice\Bureau\Nouveau dossier (2)\vhack.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5752d8d3-0b3f-11dd-8c91-0015af647080}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5752d8d4-0b3f-11dd-8c91-0015af647080}]
\Shell\AutoRun\command - N:\setupSNK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B9DEFC9A-5872-0B6E-A60D-E019087133D0}]
C:\DOCUME~1\RAZATM~1\LOCALS~1\Temp\IXP000.TMP\exode.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-braviax - C:\WINDOWS\system32\braviax.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\RAZAT Maurice\Application Data\Mozilla\Firefox\Profiles\odtu0iju.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 10:32:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\RAZATM~1\LOCALS~1\Temp\mc26.tmp"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-01 10:35:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 08:35:40
Pre-Run: 97,803,972,608 octets libres
Post-Run: 98,673,188,864 octets libres
183
Si vous pouvez m'aider ....... j'ai pas envi de devoir tout formater 
Message édité par JAH_NC le 01-08-2008 à 10:56:48
Personne ne peut m'aider .. ? 
