Antimalware doctor
Résolu
chris1203
Messages postés
19
Date d'inscription
Statut
Membre
Dernière intervention
-
SikDoctor Messages postés 2 Date d'inscription Statut Membre Dernière intervention -
SikDoctor Messages postés 2 Date d'inscription Statut Membre Dernière intervention -
Bonjour à tous,
J'ai eu hier la mauvaise surprise d'avoir sur mon pc sans rien avoir installé Antimalware doctor. Après avoir parcouru des forums, j'ai fait un scan complet avec Malwarebytes'. Après la mise en quarantaine de tout ce qui était infecté et un redémarrage du pc, j'ai supprimé ce qui était en quarantaine. Ai-je mal fait ? Je viens de découvrir sur votre forum que la manipulation pour se débarasser de ce "virus" n'était pas fini, mais je suis réellement novice en informatique.
Je me permets de coller le rapport de Malwarebytes'. Pouvez-vous me renseigner sur la marche à suivre à présent. Je précise que je viens (dans le doute) de relancer un scan complet avec ce logiciel, pour le moment, rien ne semble infecté.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6067
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
15/03/2011 21:55:18
mbam-log-2011-03-15 (21-55-17).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 313014
Temps écoulé: 1 heure(s), 20 minute(s), 53 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 73
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1908 -> Unloaded process successfully.
c:\Users\christelle\AppData\Roaming\aba2dc4132b0b8674b1acee1efca2f27\ansi70sepmod.exe (Trojan.FakeAlert) -> 1496 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\program files\search settings\searchsettings.dll (PUP.Dealio) -> Delete on reboot.
c:\program files\search settings\searchsettingsres409.dll (PUP.Dealio) -> Delete on reboot.
c:\Users\christelle\AppData\Local\wishs0.dll (Trojan.Agent.U) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{24BBB29A-FB7B-425B-822D-15D0B861E99B} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar3.TBSB09293.1 (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar3.TBSB09293 (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ansi70sepmod.exe (Trojan.FakeAlert) -> Value: ansi70sepmod.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.DLL (PUP.Dealio) -> Value: SEARCHSETTINGS.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ghizakohodo (Trojan.Agent.U) -> Value: Ghizakohodo -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.63 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.71 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.79 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Roaming\aba2dc4132b0b8674b1acee1efca2f27\ansi70sepmod.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\search settings\searchsettings.dll (PUP.Dealio) -> Delete on reboot.
c:\program files\search settings\searchsettingsres409.dll (PUP.Dealio) -> Delete on reboot.
c:\program files\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.71\shoppingreport.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\setup1120034408.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\setup7041432.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\err.log6666811 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\esxwrmcano.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\2CAD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\2CCE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\2FC9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\45BB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\620F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\D74F.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\esx6CCD.tmp (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\esx6F6D.tmp (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\wishs0.dll (Trojan.Agent.U) -> Delete on reboot.
c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
Merci encore d'avance.
J'ai eu hier la mauvaise surprise d'avoir sur mon pc sans rien avoir installé Antimalware doctor. Après avoir parcouru des forums, j'ai fait un scan complet avec Malwarebytes'. Après la mise en quarantaine de tout ce qui était infecté et un redémarrage du pc, j'ai supprimé ce qui était en quarantaine. Ai-je mal fait ? Je viens de découvrir sur votre forum que la manipulation pour se débarasser de ce "virus" n'était pas fini, mais je suis réellement novice en informatique.
Je me permets de coller le rapport de Malwarebytes'. Pouvez-vous me renseigner sur la marche à suivre à présent. Je précise que je viens (dans le doute) de relancer un scan complet avec ce logiciel, pour le moment, rien ne semble infecté.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6067
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
15/03/2011 21:55:18
mbam-log-2011-03-15 (21-55-17).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 313014
Temps écoulé: 1 heure(s), 20 minute(s), 53 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 73
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1908 -> Unloaded process successfully.
c:\Users\christelle\AppData\Roaming\aba2dc4132b0b8674b1acee1efca2f27\ansi70sepmod.exe (Trojan.FakeAlert) -> 1496 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\program files\search settings\searchsettings.dll (PUP.Dealio) -> Delete on reboot.
c:\program files\search settings\searchsettingsres409.dll (PUP.Dealio) -> Delete on reboot.
c:\Users\christelle\AppData\Local\wishs0.dll (Trojan.Agent.U) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{24BBB29A-FB7B-425B-822D-15D0B861E99B} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar3.TBSB09293.1 (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar3.TBSB09293 (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} (Adware.Mostofate) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ansi70sepmod.exe (Trojan.FakeAlert) -> Value: ansi70sepmod.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.DLL (PUP.Dealio) -> Value: SEARCHSETTINGS.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ghizakohodo (Trojan.Agent.U) -> Value: Ghizakohodo -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.63 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.71 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.79 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Roaming\aba2dc4132b0b8674b1acee1efca2f27\ansi70sepmod.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\search settings\searchsettings.dll (PUP.Dealio) -> Delete on reboot.
c:\program files\search settings\searchsettingsres409.dll (PUP.Dealio) -> Delete on reboot.
c:\program files\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.6.71\shoppingreport.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\setup1120034408.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\setup7041432.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\err.log6666811 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\esxwrmcano.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\2CAD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\2CCE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\2FC9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\45BB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\620F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\Temp\D74F.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\esx6CCD.tmp (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\esx6F6D.tmp (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\christelle\AppData\Local\wishs0.dll (Trojan.Agent.U) -> Delete on reboot.
c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
Merci encore d'avance.
A voir également:
- Antimalware doctor
- Pc doctor - Télécharger - Optimisation
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Disk doctor - Télécharger - Récupération de données
- Obd car doctor free - Télécharger - Vie quotidienne
- Picture doctor - Télécharger - Récupération de données
22 réponses
Bonjour j'ai le même virus qui est venu tout fleurette sur mon PC , sauf que a chaque analyse avec ZHP , il plante (l'ordinateur doit subir un reset) vers la fin.
J'avais prealablement une analyse antivirus(avec Mcfee) qui a trouver 3 virus.
Si on peux m'aider ^^
Merci
EDIT: Désoler j'ai regler mon probleme , j'ai juste supprimer la source du virus a savoir :ansi70sepmod.exe
Il était dans C:/User/moi/appdata/Roaming<-(Fichier cacher a afficher)/(c'était un nom compliquer et sans rapport pas retenu mais c'est du style 5454SFDSDS5 , verifier avant de supprimer ce qu'il y a dedans^^)
J'avais prealablement une analyse antivirus(avec Mcfee) qui a trouver 3 virus.
Si on peux m'aider ^^
Merci
EDIT: Désoler j'ai regler mon probleme , j'ai juste supprimer la source du virus a savoir :ansi70sepmod.exe
Il était dans C:/User/moi/appdata/Roaming<-(Fichier cacher a afficher)/(c'était un nom compliquer et sans rapport pas retenu mais c'est du style 5454SFDSDS5 , verifier avant de supprimer ce qu'il y a dedans^^)
Bonsoir,
Si tu as réussi à le faire partir, c'est cool, car il est super embêtant (pour pas dire autre chose) ce virus... toutefois, attention, car moi, quand je suis arrivée sur le forum, Malwarebytes' l'avait déjà mis en quarantaine, mais il restait des traces. Si tu as besoin d'aide, il faut peut être crée un nouveau poste (car celui-ci est résolu), et un helper te prendra en charge et te sera d'une aide précieuse pour récupérer un pc opérationnel.
Si tu as réussi à le faire partir, c'est cool, car il est super embêtant (pour pas dire autre chose) ce virus... toutefois, attention, car moi, quand je suis arrivée sur le forum, Malwarebytes' l'avait déjà mis en quarantaine, mais il restait des traces. Si tu as besoin d'aide, il faut peut être crée un nouveau poste (car celui-ci est résolu), et un helper te prendra en charge et te sera d'une aide précieuse pour récupérer un pc opérationnel.