Virus page publicitaire qui s'ouvre

Question

Bonjour,

Le dernier coup que j'avais eu un virus sur mon ordi, j'avais téléchargé Lime wire et je me suis ramassé avec un virus. J'ai retélécharger Limewire sur ce site et j'ai essayé de downloader de la musique et je me ramasse encore avec un virus et des fenêtre qui ouvre et j'ai toujours la même fenêtre à l'ouverture de mon internet explorer. La page est www.findstuff.biz/home.html et même si j'ai fait anti-malmalware et CCCleaner, cette page reste ecore là. 

Voici le rapport de Anti- Mallaware: 

Malwarebytes' Anti-Malware 1.37 
Version de la base de données: 2209 
Windows 5.1.2600 Service Pack 3 

14/07/2009 13:34:09 
mbam-log-2009-07-14 (13-34-09).txt 

Type de recherche: Examen complet (C:\|E:\|) 
Eléments examinés: 166529 
Temps écoulé: 34 minute(s), 54 second(s) 

Processus mémoire infecté(s): 0 
Module(s) mémoire infecté(s): 0 
Clé(s) du Registre infectée(s): 4 
Valeur(s) du Registre infectée(s): 0 
Elément(s) de données du Registre infecté(s): 0 
Dossier(s) infecté(s): 2 
Fichier(s) infecté(s): 3 

Processus mémoire infecté(s): 
(Aucun élément nuisible détecté) 

Module(s) mémoire infecté(s): 
(Aucun élément nuisible détecté) 

Clé(s) du Registre infectée(s): 
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda7­4} (Trojan.BHO) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. 

Valeur(s) du Registre infectée(s): 
(Aucun élément nuisible détecté) 

Elément(s) de données du Registre infecté(s): 
(Aucun élément nuisible détecté) 

Dossier(s) infecté(s): 
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully. 
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. 

Fichier(s) infecté(s): 
c:\program files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully. 
c:\program files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully. 
c:\program files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully. 

et CCCleaner 

Windows Registry Editor Version 5.00 


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] 
"C:\WINDOWS\system32\msxml3a.dll"=dword:00000001 

[HKEY_CLASSES_ROOT\idcfile] 
@="" 

[HKEY_CLASSES_ROOT\WMPCD] 

[HKEY_CLASSES_ROOT\acrobat\DefaultIcon] 
@="C:\Program Files\Adobe\Reader 9.0\Acrobat\AcroRd32.exe" 

[HKEY_CLASSES_ROOT\JavaPlugin.FamilyVersionSupport] 

[HKEY_CLASSES_ROOT\JavaPlugin.FamilyVersionSupport\CLSID] 
@="{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" 

[HKEY_CLASSES_ROOT\LimeWire\DefaultIcon] 
@="C:\Program Files\LimeWire\LimeWire.exe,1" 

[HKEY_CLASSES_ROOT\LimeWire\shell\open] 

[HKEY_CLASSES_ROOT\LimeWire\shell\open\command] 
@="\"C:\Program Files\LimeWire\LimeWire.exe\" \"%1\"" 

[HKEY_CLASSES_ROOT\magnet\DefaultIcon] 
@="\"C:\Program Files\LimeWire\LimeWire.exe\",0" 

[HKEY_CLASSES_ROOT\magnet\shell\open] 

[HKEY_CLASSES_ROOT\magnet\shell\open\command] 
@="\"C:\Program Files\LimeWire\LimeWire.exe\" \"%1\"" 

[HKEY_CLASSES_ROOT\MailFileAtt] 
@="" 

[HKEY_CLASSES_ROOT\MailFileAtt\CLSID] 
@="{00020D05-0000-0000-C000-000000000046}" 

[HKEY_CLASSES_ROOT\mapifvbx.object] 
@="MAPIForm object" 

[HKEY_CLASSES_ROOT\mapifvbx.object\Clsid] 
@="{41116C00-8B90-101B-96CD-00AA003B14FC}" 

[HKEY_CLASSES_ROOT\mapifvbx.object.1] 
@="MAPIForm object (V 1.0)" 

[HKEY_CLASSES_ROOT\mapifvbx.object.1\Clsid] 
@="{41116C00-8B90-101B-96CD-00AA003B14FC}" 

[HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}] 
@="BabConnector Class" 

[HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}\InprocServer32] 
@="C:\Program Files\Babylon\Babylon-Pro\Agent\BDesktopAgent.dll" 
"ThreadingModel"="Apartment" 

[HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}\ProgID] 
@="BDesktopAgent.BabConnector.1" 

[HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}\Programmable] 

[HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}\TypeLib] 
@="{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}" 

[HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}\VersionIndependentProgID] 
@="BDesktopAgent.BabConnector" 

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}] 
@="ISearch" 

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid] 
@="{00020424-0000-0000-C000-000000000046}" 

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid32] 
@="{00020424-0000-0000-C000-000000000046}" 

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib] 
"Version"="1.0" 
@="{47A7A4B0-2723-41BA-865E-EBBB7081A602}" 

[HKEY_CLASSES_ROOT\Interface\{63FE02EF-8F25-4A3E-B14A-F58911A98530}] 
@="IRBEventsXML" 

[HKEY_CLASSES_ROOT\Interface\{63FE02EF-8F25-4A3E-B14A-F58911A98530}\ProxyStubClsid] 
@="{00020424-0000-0000-C000-000000000046}" 

[HKEY_CLASSES_ROOT\Interface\{63FE02EF-8F25-4A3E-B14A-F58911A98530}\ProxyStubClsid32] 
@="{00020424-0000-0000-C000-000000000046}" 

[HKEY_CLASSES_ROOT\Interface\{63FE02EF-8F25-4A3E-B14A-F58911A98530}\TypeLib] 
@="{81E7325C-962B-4828-89F4-58D0555DC2A8}" 
"Version"="1.0" 

[HKEY_CLASSES_ROOT\Applications\uTorrent.exe\shell\open] 

[HKEY_CLASSES_ROOT\Applications\uTorrent.exe\shell\open\command] 
@="\"C:\Program Files\uTorrent\uTorrent.exe\" \"%1\"" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe] 
@="C:\Program Files\Trend Micro\HijackThis\hijackthis.exe" 
"Path"="C:\Program Files\Trend Micro\HijackThis" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help] 
"nwind9.cnt"="C:\Documents and Settings\All Users\Bureau\Office10\Samples\" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help] 
"nwind9.hlp"="C:\Documents and Settings\All Users\Bureau\Office10\Samples\" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help] 
"nwindcs9.cnt"="C:\Documents and Settings\All Users\Bureau\Office10\Samples\" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help] 
"nwindcs9.hlp"="C:\Documents and Settings\All Users\Bureau\Office10\Samples\" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help] 
"fpmmcglo.hlp"="C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\50\bin\1036\" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie7] 
"DisplayName"="Windows Internet Explorer 7" 
"UninstallString"="\"C:\WINDOWS\ie7\spuninst\spuninst.exe\"" 
"TSAware"=dword:00000001 
"NoModify"=dword:00000001 
"InstallDate"="20090303" 
"Publisher"="Microsoft Corporation" 
"NoRepair"=dword:00000001 
"HelpLink"="https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US" 
"URLInfoAbout"="https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US" 
"DisplayVersion"="20070813.185237" 
"DisplayIcon"="C:\Program Files\Internet Explorer\iexplore.exe" 
"HiddenByIE8Setup"=dword:00000001 
"SystemComponent"=dword:00000001 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon] 
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,60,7d,06,00,00,00,00,0a,24,2d,\ 
87,9d,e6,c9,01,05,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\ 
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,42,00,61,00,62,00,79,\ 
00,6c,00,6f,00,6e,00,5c,00,42,00,61,00,62,00,79,00,6c,00,6f,00,6e,00,2d,00,\ 
50,00,72,00,6f,00,5c,00,55,00,74,00,69,00,6c,00,73,00,5c,00,4d,00,79,00,42,\ 
00,61,00,62,00,79,00,6c,00,6f,00,6e,00,49,00,45,00,2e,00,65,00,78,00,65,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00 
"Changed"=dword:00000000 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HijackThis] 
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,40,0c,00,00,00,00,00,50,e7,50,\ 
87,9d,e6,c9,01,05,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\ 
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,54,00,72,00,65,00,6e,\ 
00,64,00,20,00,4d,00,69,00,63,00,72,00,6f,00,5c,00,48,00,69,00,6a,00,61,00,\ 
63,00,6b,00,54,00,68,00,69,00,73,00,5c,00,48,00,69,00,6a,00,61,00,63,00,6b,\ 
00,54,00,68,00,69,00,73,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00 
"Changed"=dword:00000000 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC76BA86-7AD7-1036-7B44-A90000000001}] 
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,3c,80,0e,00,00,00,00,a0,b5,8e,\ 
52,2f,c9,c9,01,00,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\ 
57,00,53,00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,\ 
00,7b,00,41,00,43,00,37,00,36,00,42,00,41,00,38,00,36,00,2d,00,37,00,41,00,\ 
44,00,37,00,2d,00,31,00,30,00,33,00,36,00,2d,00,37,00,42,00,34,00,34,00,2d,\ 
00,41,00,39,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,31,00,\ 
7d,00,5c,00,53,00,43,00,5f,00,52,00,65,00,61,00,64,00,65,00,72,00,2e,00,65,\ 
00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00 
"Changed"=dword:00000000 

[HKEY_CURRENT_USER\Software\AskBarDis] 

[HKEY_LOCAL_MACHINE\Software\TrendMicro] 

[HKEY_LOCAL_MACHINE\Software\Yahoo] 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis] 
"Order"=hex:08,00,00,00,02,00,00,00,8a,00,00,00,01,00,00,00,01,00,00,00,7e,\ 
00,00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,\ 
32,00,d2,06,00,00,c1,3a,33,7a,20,00,48,49,4a,41,43,4b,7e,31,2e,4c,4e,4b,00,\ 
00,34,00,03,00,04,00,ef,be,c1,3a,33,7a,c3,3a,8a,a2,14,00,00,00,48,00,69,00,\ 
6a,00,61,00,63,00,6b,00,54,00,68,00,69,00,73,00,2e,00,6c,00,6e,00,6b,00,00,\ 
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\LimeWire] 
"Order"=hex:08,00,00,00,02,00,00,00,98,01,00,00,01,00,00,00,03,00,00,00,8a,\ 
00,00,00,00,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,\ 
32,00,40,06,00,00,ed,3a,64,bd,20,00,42,55,59,4c,49,4d,7e,31,2e,4c,4e,4b,00,\ 
00,40,00,03,00,04,00,ef,be,ed,3a,64,bd,ee,3a,81,20,14,00,00,00,42,00,75,00,\ 
79,00,20,00,4c,00,69,00,6d,00,65,00,57,00,69,00,72,00,65,00,20,00,50,00,52,\ 
00,4f,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\ 
00,00,1c,00,00,00,00,00,00,00,00,00,86,00,00,00,01,00,00,00,78,00,00,00,41,\ 
75,67,4d,02,00,00,00,01,00,00,00,66,00,32,00,36,06,00,00,ed,3a,64,bd,20,00,\ 
4c,49,4d,45,57,49,7e,31,2e,4c,4e,4b,00,00,3c,00,03,00,04,00,ef,be,ed,3a,64,\ 
bd,ee,3a,81,20,14,00,00,00,4c,00,69,00,6d,00,65,00,57,00,69,00,72,00,65,00,\ 
20,00,35,00,2e,00,31,00,2e,00,34,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,\ 
00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7c,00,00,00,\ 
02,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,00,6d,\ 
05,00,00,ed,3a,64,bd,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,32,00,\ 
03,00,04,00,ef,be,ed,3a,64,bd,ee,3a,81,20,14,00,00,00,55,00,6e,00,69,00,6e,\ 
00,73,00,74,00,61,00,6c,00,6c,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\ 
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Program Files\LimeWire\LimeWire.exe"="LimeWire" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KH4SW3U6\PLAY_MP3[1].exe"="PLAY_MP3[1]" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\9Z39NKU9\SETUP[1].exe"="SETUP[1]" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KH4SW3U6\utorrent[1].exe"="µTorrent" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Program Files\uTorrent\uTorrent.exe"="µTorrent" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uttD7.tmp.exe"="Ask Toolbar Setup " 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O0NSS.tmp\uttD7.tmp.tmp"="Setup/Uninstall" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RL43SAJQ\PLAY_MP3[1].exe"="PLAY_MP3[1]" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RL43SAJQ\SETUP[1].exe"="SETUP[1]" 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] 
"C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\B04URJVN\SETUP[1].exe"="SETUP[1]" 

[HKEY_CLASSES_ROOT\BDesktopAgent.BabConnector] 
@="BabConnector Class" 

[HKEY_CLASSES_ROOT\BDesktopAgent.BabConnector\CLSID] 
@="{C430996F-4AA8-4AA8-81DE-F54432CD5786}" 

[HKEY_CLASSES_ROOT\BDesktopAgent.BabConnector\CurVer] 
@="BDesktopAgent.BabConnector.1" 

[HKEY_CLASSES_ROOT\BDesktopAgent.BabConnector.1] 
@="BabConnector Class" 

[HKEY_CLASSES_ROOT\BDesktopAgent.BabConnector.1\CLSID] 
@="{C430996F-4AA8-4AA8-81DE-F54432CD5786}" 

[HKEY_CLASSES_ROOT\Applications\uTorrent.exe] 

[HKEY_CLASSES_ROOT\Applications\uTorrent.exe\shell] 
@="open" 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ie7] 
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,48,bf,99,\ 
db,39,9c,c9,01,11,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\ 
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,74,00,65,\ 
00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,\ 
72,00,5c,00,69,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,\ 
00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00 
"Changed"=dword:00000000 

Merci!!

Narco!4 · Answer

Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

Narco!4 · Answer

suit ces manips ;)

Narco!4 · Answer

# Etape 1/ Télécharge :
ToolsCleaner! (A.Rothstein & Dj QUIOU) sur ton Bureau.

# Etape 2/
- Double-clique sur ToolsCleaner2.exe pour le lancer.
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options Facultatives.
- Clique sur Quitter pour obtenir le rapport C:\TCleaner.txt
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

# Etape 3/
Poste un rapport Nod32 (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

Narco!4 · Answer

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Narco!4 · Answer

Poste un rapport  https://www.micro-astuce.com/securite/NanoScan-Panda.php NanoScan

Virus page publicitaire qui s'ouvre

5 réponses

Votre réponse

Discussions similaires

Newsletters