alpha encore une fois

carlito7 · le 23 Sep 2009 21:13

bonjour voila je vois que je suis pas le seul mais moi aussi je me suis fait piégé par alpha ce programme de m****
je vous épargne toutes les explications sur hjt et tt je vous post directement les rapports pour vous éviter de vous faire perdre du temps juste pourriez vous me les analyser svp...
merci je post les rapports

danakil · le 23 Sep 2009 21:18

Salut !

Poste tes rapports.

carlito7 · le 23 Sep 2009 21:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:54, on 23/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32 askeng.exe
C:Program FilesNewTech InfosystemsPackard Bell MyBackupBackupManagerTray.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesPACKARD BELLPackard Bell PowerSave SolutionePowerTray.exe
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesVideoWebCameraVideoWebCamera.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe
C:Program FilesPACKARD BELLSetUpMyPCSmpSys.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesNorton Internet SecurityEngine16.7.2.11ccSvcHst.exe
C:UsersCarlitoAppDataLocalTempRtkBtMnt.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Windowssystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:WindowsSystem32mobsync.exe
C:Program FilesAlphaAVAlpha Antivirus.exe
C:Windowssystem32 undll32.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32DllHost.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_lj65
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_lj65
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_lj65
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_lj65
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program FilesNorton Internet SecurityEngine16.7.2.11coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program FilesNorton Internet SecurityEngine16.7.2.11IPSBHO.DLL
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:ProgramDataPartnerpartner.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:WindowsSystem32msnaoladdon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.2.4204.1700swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program FilesNorton Internet SecurityEngine16.7.2.11coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [BackupManagerTray] "C:Program FilesNewTech InfosystemsPackard Bell MyBackupBackupManagerTray.exe" -k
O4 - HKLM..Run: [Acer ePower Management] C:Program FilesPackard BellPackard Bell PowerSave SolutionePowerTrayLauncher.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
O4 - HKLM..Run: [VideoWebCamera] "C:Program FilesVideoWebCameraVideoWebCamera.exe" -a
O4 - HKLM..Run: [PLFSetI] C:Program FilesPLFSetI.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [RemoteControl8] "C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe"
O4 - HKLM..Run: [PDVD8LanguageShortcut] "C:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe"
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [SmpcSys] C:Program FilesPACKARD BELLSetUpMyPCSmpSys.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE RESEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:Program FilesNorton Internet SecurityEngine16.7.2.11coIEPlg.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:Program FilesPACKARD BELLPackard Bell PowerSave SolutionePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1ca355990113a10) (gupdate1ca355990113a10) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:Program FilesNorton Internet SecurityEngine16.7.2.11ccSvcHst.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsPackard Bell MyBackupIScheduleSvc.exe
O23 - Service: Partner Service - Google Inc. - C:ProgramDataPartnerpartner.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:Windowssystem32IoctlSvc.exe

--
End of file - 9050 bytes

voili voilou merci de m'aider

isabelle01 · le 23 Sep 2009 21:25

Bonsoir, moi aussi pareil depuis hier soir.. j'ai ce logiciel qui casse la tête. Voici mon rapport :
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2851
Windows 6.0.6001 Service Pack 1

23/09/2009 22:21
mbam-log-2009-09-23 (22-21-26).txt

Type de recherche: Examen rapide
Eléments examinés: 87964
Temps écoulé: 11 minute(s), 48 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
C:Program FilesAlphaAVAlpha Antivirus.exe (Rogue.AlphaAV) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:WindowsSystem32msnaoladdon.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOTCLSID{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREfcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunetjawfv (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USEREnvironmentavapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USEREnvironmentavuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:Program FilesAlphaAV (Rogue.AlphaAV) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:UsersIsabelleLocal SettingsApplication Dataciemyey_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Dataciemyey.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Datacqeqkiw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Datacqeqkiw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Datacqeqkiw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Dataetjawfv_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Dataetjawfv_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Dataetjawfv.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Dataetjawfv.exe (Adware.Navipromo.H) -> Delete on reboot.
C:UsersIsabelleLocal SettingsApplication Datameiecqc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Datameiecqc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:UsersIsabelleLocal SettingsApplication Datameiecqc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:UsersIsabelleAppDataLocaletjawfv.exe (Trojan.Agent.H) -> Delete on reboot.
C:WindowsSystem32msnaoladdon.dll (Trojan.FakeAlert) -> Delete on reboot.
C:UsersIsabelleAppDataLocalTempdrv4790394.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:Program FilesAlphaAVAlpha Antivirus.exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.

Je dois faire quoi ?

danakil · le 23 Sep 2009 21:33

isabelle01

STP clique sur ce lien :
http://www.pc-infopratique.com/forum-in ... -vf19.html
Ensuite sur le bouton "Nouveau Sujet" et crée ton propre topic. Même si ton problème est similaire à ce cas, il n'est pas dit que l'on utilisera les mêmes procédures de désinfection. Merci de ta compréhension.
Explique ton cas et poste le même rapport que tu viens d'afficher, j'y répondrai ou alors un autre d'entre nous :wink:

isabelle01 · le 23 Sep 2009 21:36

Merci, mais c'est bon ça a fonctionné. J'ai lancé le malwarebytes et j'ai redemarré l'ordi et c'est bon. Merci de votre aide tout de meme et bon courage.

carlito7 · le 23 Sep 2009 21:40

moi j'attends toujours de savoir quoi supprimé sur hijack

danakil · le 23 Sep 2009 21:40

OK carlito7 !

Poste moi le rapport de désinfection Mbam en suivant cette procédure :
http://www.pc-infopratique.com/forum-in ... 46564.html

Ton PC est aussi infecté par Trojan.BHO

On va déjà dégager le terrain avec Mbam et ensuite utiliser un autre tool se nommant SAS.
Pour être sûr qu'il n'y ait pas de mélange de rapports on va commencer par le premier avant de passer au suivant :wink:

danakil · le 23 Sep 2009 21:41

carlito7 a écrit:moi j'attends toujours de savoir quoi supprimé sur hijack

HijackThis ne suffira pas !

carlito7 · le 23 Sep 2009 21:42

ok ok ça arrive avec malware

c'est un peu plus long

Pac428 · le 23 Sep 2009 22:57

Oui, ça risque de prendre un bon moment Carlito, t'inquiètes

carlito7 · le 23 Sep 2009 22:58

je vois ça bon je vais aller me coucher je vous le met demain matin !!

Pac428 · le 23 Sep 2009 23:04

Oui, une bonne grosse heure à prévoir, belle nuit Carlito

carlito7 · le 24 Sep 2009 08:09

bonjour bonjour voila mon rapport:

*Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 6.0.6001 Service Pack 1

24/09/2009 08:43:36
mbam-log-2009-09-24 (08-43-36).txt

Type de recherche: Examen complet (C:|)
Eléments examinés: 212609
Temps écoulé: 1 hour(s), 23 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:WindowsSystem32msnaoladdon.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicespartner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet003Servicespartner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicespartner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTkt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USEREnvironmentavapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USEREnvironmentavuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:WindowsSystem32msnaoladdon.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:ProgramDataPartnerpartner.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:ProgramDataPartnerpartner.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:UsersCarlitoDownloadsSpeed-Downloading_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.

danakil · le 24 Sep 2009 08:19

OK !

Tu es sur la bonne voie.

Reposte moi STP un rapport HijackThis > Do a system scan and save a logfile afin que j'établisse les suites de la procédure de désinfection.

alpha encore une fois

alpha encore une fois

Sujets similaires

Qui est en ligne