Bonjour, j'ai attrapé ce virus.
Sous vos conseils j'ai fait un sacn avec malwarebytes je vous met le rapport
Merci de vos réponses
Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.orgVersion de la base de données: 4039
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
26/04/2010 20:20:41
mbam-log-2010-04-26 (20-20-41).txt
Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 245817
Temps écoulé: 1 heure(s), 16 minute(s), 24 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
C:\Users\amugler\AppData\Roaming\827A9A0400E033807ECF63CDE5B536F6\newupdate1142C.exe (Malware.Packer.Gen) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Users\amugler\AppData\Local\tprdsh.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nrakevevuko (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\amugler\AppData\Local\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\amugler\AppData\Local\tprdsh.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\amugler\AppData\Roaming\827A9A0400E033807ECF63CDE5B536F6\newupdate1142C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TE99JTA\newupdate1142C[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYR8L7F\stp04cbd[1].exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXY511UH\stp1f8ff[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Temp\Cjb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Temp\stp04cbd.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Temp\stp1f8ff.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
E:\KEY CHANGER\Keyfinder v1.51.exe (Application.FindKey) -> Delete on reboot.
C:\Users\amugler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Temp\Cjd.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\amugler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\amugler\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\root\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\amugler\AppData\Local\Temp\orcenxsamw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
