Fenetres intempestives avec firefox

wattlar -  
 wattlar -
Bonjour,
des fenêtres intempestives s'ouvrent lorsque j'utilise firefox.
J'utilise windows XP. J'ai déjà eu ce problème il y a longtemps, vous m'avez aidé à le résoudre.
Mais ne sachant plus que faire, je poste de nouveau ce message.
J'ai bien installé antivir et scanné mon ordinateur mais cela n'a pas suffit.
Merci de votre aide.
Configuration: Windows XP
Firefox 3.5.2

22 réponses

  • 1
  • 2
  1. gen-hackman
     
    salut :

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

    ▶ Télécharge List&Kill'em et enregistre-le sur ton bureau

    Il ne necessite pas d'installation

    ▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶laisse travailler l'outil

    le rapport va s'afficher , une fois le scan fini

    ▶▶▶▶▶▶▶ ATTENTION : Efface ton adresse IP stp !!!!

    ici :

    [121]: KB973815 - Update
    [122]: KB973869 - Update
    [123]: XpsEPSC
    Carte(s) r‚seau: 4 carte(s) r‚seau install‚e(s).
    [01]: Bluetooth PAN Network Adapter
    Nom de la connexion : Connexion au r‚seau local 2
    tat : Support d‚connect‚
    [02]: Intel(R) PRO/1000 CT Network Connection
    Nom de la connexion : Connexion au r‚seau local
    DHCP activ‚ : Non
    Adresse(s) IP
    [01] : 192.168.0.11
    [03]: VirtualBox Host-Only Ethernet Adapter
    Nom de la connexion : VirtualBox Host-Only Network
    DHCP activ‚ : Non
    Adresse(s) IP
    [01] : 192.168.56.1
    [04]: VirtualBox Host-Only Ethernet Adapter
    Nom de la connexion : VirtualBox Host-Only Network #2
    DHCP activ‚ : Non
    Adresse(s) IP
    [01] : 192.168.217.1

    Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
    ========================= ====== ================ ======== ============
    System Idle Process 0 Console 0 16 Ko
    System 4 Console 0 244 Ko
    smss.exe 916 Console 0 400 Ko
    csrss.exe 972 Console 0 4ÿ456 Ko
    winlogon.exe 996 Console 0 3ÿ536 Ko

    ▶ colle le contenu dans ta prochaine réponse
    0
  2. wattlar
     
    voici le résultat
    List'em by g3n-h@ckm@n 1.0.2.8

    updated on 23.08.2009 ::::: 13.00

    Microsoft Windows XP [version 5.1.2600]

    24/08/2009 10:19:57,09

    Nom de l'h“te: PROPRIET-4FD0E0
    Nom du systŠme d'exploitation: Microsoft Windows XP Professionnel
    Version du systŠme: 5.1.2600 Service Pack 3 version 2600
    Fabricant du systŠme d'exploitation: Microsoft Corporation
    Configuration du systŠme d'exploitation: Station de travail autonome
    Type de version du systŠme d'exploitation: Multiprocessor Free
    Propri‚taire enregistr‚ÿ: PROPRIETAIRE
    Organisation enregistr‚eÿ:
    Identificateur de produit: 76413-OEM-0080571-69631
    Date d'installation originale: 07/02/2008, 12:30:32
    Dur‚e d'activit‚ systŠme: 0 jours, 1 heures, 50 minutes, 1 secondes
    Fabricant du systŠme: MEDIONPC
    ModŠle du systŠme: MS-7046
    Type du systŠme: X86-based PC
    Processeur(s): 1 processeur(s) install‚(s).
    [01]: x86 Family 15 Model 3 Stepping 4 GenuineIntel ~3192 MHz
    Version du BIOS: IntelR - 42302e31
    R‚pertoire Windows: C:\WINDOWS
    R‚pertoire systŠme: C:\WINDOWS\system32
    P‚riph‚rique d'amor‡age: \Device\HarddiskVolume1
    Option r‚gionale du systŠme: fr;Fran‡ais (France)
    ParamŠtres r‚gionaux d'entr‚eÿ: fr;Fran‡ais (France)
    Fuseau horaire: N/D
    M‚moire physique totale: 1ÿ023 Mo
    M‚moire physique disponible: 252 Mo
    M‚moire virtuelle : taille maximale: 2ÿ048 Mo
    M‚moire virtuelle : disponible: 2ÿ008 Mo
    M‚moire virtuelle : en cours d'utilisation: 40 Mo
    Emplacements des fichiers d'‚change: C:\pagefile.sys
    Domaine: WORKGROUP
    Serveur d'ouverture de session: \\PROPRIET-4FD0E0
    Correctif(s): 136 Corrections install‚es.
    [01]: File 1
    [02]: File 1
    [03]: File 1
    [04]: File 1
    [05]: File 1
    [06]: File 1
    [07]: File 1
    [08]: File 1
    [09]: File 1
    [10]: File 1
    [11]: File 1
    [12]: File 1
    [13]: File 1
    [14]: File 1
    [15]: File 1
    [16]: File 1
    [17]: File 1
    [18]: File 1
    [19]: File 1
    [20]: File 1
    [21]: File 1
    [22]: File 1
    [23]: File 1
    [24]: File 1
    [25]: File 1
    [26]: File 1
    [27]: File 1
    [28]: File 1
    [29]: File 1
    [30]: File 1
    [31]: File 1
    [32]: File 1
    [33]: File 1
    [34]: File 1
    [35]: File 1
    [36]: File 1
    [37]: File 1
    [38]: File 1
    [39]: File 1
    [40]: File 1
    [41]: File 1
    [42]: File 1
    [43]: File 1
    [44]: File 1
    [45]: File 1
    [46]: File 1
    [47]: File 1
    [48]: File 1
    [49]: File 1
    [50]: File 1
    [51]: File 1
    [52]: File 1
    [53]: File 1
    [54]: File 1
    [55]: File 1
    [56]: File 1
    [57]: File 1
    [58]: File 1
    [59]: File 1
    [60]: File 1
    [61]: File 1
    [62]: File 1
    [63]: Q147222
    [64]: KB930494 - QFE
    [65]: SP3 - SP
    [66]: KB928365 - Update
    [67]: Q936181
    [68]: Q954430
    [69]: KB973540_WM9
    [70]: KB936782_WMP10
    [71]: KB925398_WMP64
    [72]: KB923689
    [73]: KB941569
    [74]: KB968220-IE8 - Update
    [75]: KB969897-IE8 - Update
    [76]: KB972260-IE8 - Update
    [77]: KB936929 - Service Pack
    [78]: KB923561 - Update
    [79]: KB938464 - Update
    [80]: KB946648 - Update
    [81]: KB950759 - Update
    [82]: KB950760 - Update
    [83]: KB950762 - Update
    [84]: KB950974 - Update
    [85]: KB951066 - Update
    [86]: KB951072-v2 - Update
    [87]: KB951376 - Update
    [88]: KB951376-v2 - Update
    [89]: KB951698 - Update
    [90]: KB951748 - Update
    [91]: KB951978 - Update
    [92]: KB952004 - Update
    [93]: KB952287 - Update
    [94]: KB952954 - Update
    [95]: KB953838 - Update
    [96]: KB953839 - Update
    [97]: KB954211 - Update
    [98]: KB954459 - Update
    [99]: KB954600 - Update
    [100]: KB955069 - Update
    [101]: KB955839 - Update
    [102]: KB956390 - Update
    [103]: KB956391 - Update
    [104]: KB956572 - Update
    [105]: KB956744 - Update
    [106]: KB956802 - Update
    [107]: KB956803 - Update
    [108]: KB956841 - Update
    [109]: KB957095 - Update
    [110]: KB957097 - Update
    [111]: KB958215 - Update
    [112]: KB958644 - Update
    [113]: KB958687 - Update
    [114]: KB958690 - Update
    [115]: KB959426 - Update
    [116]: KB960225 - Update
    [117]: KB960714 - Update
    [118]: KB960715 - Update
    [119]: KB960803 - Update
    [120]: KB960859 - Update
    [121]: KB961371 - Update
    [122]: KB961373 - Update
    [123]: KB961501 - Update
    [124]: KB967715 - Update
    [125]: KB968537 - Update
    [126]: KB969898 - Update
    [127]: KB970238 - Update
    [128]: KB971557 - Update
    [129]: KB971633 - Update
    [130]: KB971657 - Update
    [131]: KB973346 - Update
    [132]: KB973354 - Update
    [133]: KB973507 - Update
    [134]: KB973815 - Update
    [135]: KB973869 - Update
    [136]: KB835221WXP - Update
    Carte(s) r‚seau: 4 carte(s) r‚seau install‚e(s).
    [01]: Carte r‚seau 1394
    Nom de la connexion : Connexion 1394
    DHCP activ‚ : Oui
    Serveur DHCP : N/D
    Adresse(s) IP
    [02]: VIA Rhine III Fast Ethernet Adapter
    Nom de la connexion : Connexion au r‚seau local
    tat : Support d‚connect‚
    [03]: Sagem XG703 USB 802.11g
    Nom de la connexion : Connexion r‚seau sans fil
    DHCP activ‚ : Oui
    Serveur DHCP :
    Adresse(s) IP

    [04]: Cisco Systems VPN Adapter
    Nom de la connexion : Connexion au r‚seau local 3

    Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
    ========================= ====== ================ ======== ============
    System Idle Process 0 Console 0 16 Ko
    System 4 Console 0 56 Ko
    smss.exe 828 Console 0 40 Ko
    csrss.exe 1272 Console 0 2ÿ568 Ko
    winlogon.exe 1300 Console 0 2ÿ164 Ko
    services.exe 1344 Console 0 1ÿ676 Ko
    lsass.exe 1356 Console 0 1ÿ944 Ko
    ati2evxx.exe 1544 Console 0 196 Ko
    svchost.exe 1564 Console 0 1ÿ892 Ko
    svchost.exe 1620 Console 0 1ÿ828 Ko
    svchost.exe 1684 Console 0 17ÿ900 Ko
    svchost.exe 1836 Console 0 1ÿ344 Ko
    svchost.exe 1952 Console 0 4ÿ036 Ko
    aawservice.exe 516 Console 0 220 Ko
    ati2evxx.exe 632 Console 0 412 Ko
    explorer.exe 692 Console 0 13ÿ156 Ko
    ehtray.exe 1108 Console 0 368 Ko
    atiptaxx.exe 1116 Console 0 440 Ko
    rundll32.exe 1132 Console 0 456 Ko
    Dit.exe 1140 Console 0 240 Ko
    AGRSMMSG.exe 1156 Console 0 380 Ko
    vVX3000.exe 1200 Console 0 512 Ko
    OpWareSE4.exe 1220 Console 0 220 Ko
    ExaleadDesktop.exe 1752 Console 0 3ÿ152 Ko
    realsched.exe 1784 Console 0 248 Ko
    iTunesHelper.exe 1804 Console 0 772 Ko
    spoolsv.exe 184 Console 0 904 Ko
    jusched.exe 1464 Console 0 64 Ko
    sched.exe 260 Console 0 688 Ko
    avgnt.exe 292 Console 0 2ÿ344 Ko
    ctfmon.exe 352 Console 0 660 Ko
    msmsgs.exe 400 Console 0 556 Ko
    ISUSPM.exe 424 Console 0 1ÿ772 Ko
    mtcipd.exe 452 Console 0 35ÿ920 Ko
    svchost.exe 2044 Console 0 576 Ko
    avguard.exe 500 Console 0 7ÿ892 Ko
    AppleMobileDeviceService. 532 Console 0 200 Ko
    mDNSResponder.exe 856 Console 0 228 Ko
    Crypserv.exe 896 Console 0 200 Ko
    cvpnd.exe 1088 Console 0 844 Ko
    ehRecvr.exe 1736 Console 0 280 Ko
    ehSched.exe 1672 Console 0 200 Ko
    jqs.exe 640 Console 0 1ÿ296 Ko
    MSCamS32.exe 584 Console 0 200 Ko
    svchost.exe 964 Console 0 1ÿ292 Ko
    ExaleadDesktop.exe 1260 Console 0 14ÿ380 Ko
    iPodService.exe 3736 Console 0 784 Ko
    dllhost.exe 240 Console 0 756 Ko
    alg.exe 2192 Console 0 96 Ko
    ehmsas.exe 144 Console 0 68 Ko
    ExaleadDesktop.exe 1744 Console 0 76ÿ636 Ko
    ExaleadDesktop.exe 3304 Console 0 896 Ko
    ExaleadDesktop.exe 3592 Console 0 1ÿ080 Ko
    ExaleadDesktop.exe 2876 Console 0 248 Ko
    thunderbird.exe 1348 Console 0 33ÿ072 Ko
    firefox.exe 2812 Console 0 75ÿ812 Ko
    javaw.exe 3816 Console 0 2ÿ360 Ko
    swriter.exe 476 Console 0 52 Ko
    soffice.exe 2848 Console 0 40 Ko
    soffice.bin 2564 Console 0 29ÿ584 Ko
    AcroRd32.exe 432 Console 0 37ÿ920 Ko
    javaw.exe 3828 Console 0 65ÿ944 Ko
    wscntfy.exe 3660 Console 0 2ÿ816 Ko
    svchost.exe 3252 Console 0 3ÿ528 Ko
    List_Killem.exe 3452 Console 0 5ÿ152 Ko
    cmd.exe 928 Console 0 1ÿ748 Ko
    wmiprvse.exe 1728 Console 0 8ÿ300 Ko
    wmiprvse.exe 2260 Console 0 4ÿ940 Ko
    tasklist.exe 3064 Console 0 4ÿ716 Ko

    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\WINDOWS\System32\prnjobs.vbs"
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_nav.dat
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_navps.dat
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp11.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp13.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp15.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp19.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1A.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1B.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1C.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1D.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1E.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1F.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp20.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp25.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp26.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp28.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp2D.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp34.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3A.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3B.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3E.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp42.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp44.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp4B.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp5.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp54.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp87.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpA0.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpC0.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpD.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpE.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpF.tmp

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

    ACRORD32.EXE-356875A2.pf
    ACRORD32INFO.EXE-24548733.pf
    AGENT.EXE-06FC5CDE.pf
    ALG.EXE-0F138680.pf
    ANOOKI~1.SCR-1C9A0C6E.pf
    ASHCNSNT.EXE-19622FE1.pf
    ASHMAISV.EXE-12E27032.pf
    ASHPOPWZ.EXE-11BDDCD9.pf
    ASHWEBSV.EXE-0548EF0A.pf
    ASWRUNDLL.EXE-08172F61.pf
    AVAST.SETUP-032170A8.pf
    AVCENTER.EXE-1A970FA0.pf
    AVCONFIG.EXE-1ECA67AD.pf
    AVGNT.EXE-200FEF40.pf
    AVGUARD.EXE-27095CE7.pf
    AVIRA_ANTIVIR_PERSONAL_FREE.E-2706D8D7.pf
    AVNOTIFY.EXE-05ED5FD8.pf
    AVSCAN.EXE-07FC469C.pf
    AVWSC.EXE-0283F9DD.pf
    CMD.EXE-087B4001.pf
    CONTROL.EXE-013DBFB5.pf
    CRASHREP.EXE-247CEE6D.pf
    DLLHOST.EXE-5353C76C.pf
    DUMPREP.EXE-1B46F901.pf
    DWWIN.EXE-30875ADC.pf
    EHMSAS.EXE-181DA6C9.pf
    EXALEADDESKTOP.EXE-3B98BE83.pf
    EXPLORER.EXE-082F38A9.pf
    FACT.EXE-281ED643.pf
    FIREFOX.EXE-28641590.pf
    FREEMIND.EXE-2A52ABD6.pf
    FREEPLANE.EXE-10AD91E6.pf
    GRPCONV.EXE-111CD845.pf
    HELPCTR.EXE-3862B6F5.pf
    HELPER.EXE-0F70C40E.pf
    HELPSVC.EXE-2878DDA2.pf
    IMAPI.EXE-0BF740A4.pf
    IMULE.EXE-03723B2C.pf
    IMULE.EXE-227F589B.pf
    INSTALL.EXE-0322994D.pf
    IPODSERVICE.EXE-3192DE38.pf
    ISUSPM.EXE-30816766.pf
    JAVA.EXE-0C263507.pf
    JAVAW.EXE-1DA9F6E6.pf
    JAVAW.EXE-2DC32ABC.pf
    JAVAWS.EXE-021AC9A9.pf
    JQS.EXE-1D781F77.pf
    JQSNOTIFY.EXE-24AE4A36.pf
    Layout.ini
    LIST_KILLEM.EXE-02158BD5.pf
    LOGONUI.EXE-0AF22957.pf
    MODE.COM-31685BAE.pf
    MSCAMS32.EXE-0322BB5E.pf
    MSFEEDSSYNC.EXE-25E13438.pf
    MSIEXEC.EXE-2F8A8CAE.pf
    NTOSBOOT-B00DFAAD.pf
    OMNIPAGE.EXE-0E90EA97.pf
    OPA11.EXE-1163907E.pf
    PRESETUP.EXE-1F0FC270.pf
    REALPLAY.EXE-1BF219BD.pf
    REG.EXE-0D2A95F7.pf
    REGSVR32.EXE-25EEFE2F.pf
    RUNDLL32.EXE-13DA0E71.pf
    RUNDLL32.EXE-1831A4F3.pf
    RUNDLL32.EXE-193C2242.pf
    RUNDLL32.EXE-2576181F.pf
    RUNDLL32.EXE-26C2C861.pf
    RUNDLL32.EXE-2B0C8029.pf
    RUNDLL32.EXE-2CBA7525.pf
    RUNDLL32.EXE-2CF006FF.pf
    RUNDLL32.EXE-3412AE4C.pf
    RUNDLL32.EXE-3741A838.pf
    RUNDLL32.EXE-38D9A97E.pf
    RUNDLL32.EXE-3BF04885.pf
    RUNDLL32.EXE-3D97474F.pf
    RUNDLL32.EXE-3F22660F.pf
    RUNDLL32.EXE-451FC2C0.pf
    RUNONCE.EXE-2803F297.pf
    SCALC.EXE-066871DC.pf
    SCHED.EXE-030F29E1.pf
    SETUP.EXE-074020D1.pf
    SOFFICE.BIN-01E25E9C.pf
    SOFFICE.EXE-358D937C.pf
    SVCHOST.EXE-3530F672.pf
    SWRITER.EXE-38A9F6BD.pf
    SYSTEMINFO.EXE-32ED1FAB.pf
    TASKLIST.EXE-10D94B23.pf
    TASKMGR.EXE-20256C55.pf
    THUNDERBIRD.EXE-38CA75D9.pf
    TWAINCLIENT.EXE-06F2A72F.pf
    UPDATE.EXE-2577D203.pf
    UPDATE.EXE-35504437.pf
    UPDATER.EXE-15BCD904.pf
    VCREDIST_X86.EXE-202EB851.pf
    VERCLSID.EXE-3667BD89.pf
    WMIAPSRV.EXE-1E2270A5.pf
    WMIPRVSE.EXE-28F301A9.pf
    WSCNTFY.EXE-1B24F5EB.pf
    WUAUCLT.EXE-399A8E72.pf
    XOCR32B.EXE-29FA92AC.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Merci de votre aide
    0
  3. gen-hackman
     
    Redemarre en mode sans echec

    ▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Destruction

    laisse travailler l'outil

    apres les verifications , un rapport va s'ouvrir.

    ▶ ferme-le.

    un deuxieme rapport va s'ouvrir ,

    ▶ colle son contenu dans ta reponse
    0
  4. wattlar
     
    Kill'em by g3n-h@ckm@n 1.0.2.8

    updated on 23.08.2009 ::::: 13.00

    Microsoft Windows XP [version 5.1.2600]

    24/08/2009 10:54:19,14

    Fichiers analysés :
    =================

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\WINDOWS\System32\prnjobs.vbs"
    "C:\WINDOWS\system32\prntvpt.dll"
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_nav.dat
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_navps.dat
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp11.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp13.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp15.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp19.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1A.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1B.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1C.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1D.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1E.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1F.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp20.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp25.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp26.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp28.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp2D.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp34.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3A.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3B.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3E.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp42.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp44.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp4B.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp5.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp54.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp87.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpA0.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpC0.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpD.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpE.tmp
    C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpF.tmp

    ¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

    Quarantaine :

    IE8-Setup-Full-MSN-XP.exe.Kill'em
    jre-6u13-windows-i586-p-iftw.exe.Kill'em
    jre-6u15-windows-i586-iftw.exe.Kill'em
    mtcipd.exe.Kill'em
    mtcipd_nav.dat.Kill'em
    mtcipd_navps.dat.Kill'em
    prnjobs.vbs.Kill'em
    prntvpt.dll.Kill'em
    qmgr0.dat.Kill'em
    qmgr1.dat.Kill'em
    tmp11.tmp.Kill'em
    tmp13.tmp.Kill'em
    tmp15.tmp.Kill'em
    tmp19.tmp.Kill'em
    tmp1A.tmp.Kill'em
    tmp1B.tmp.Kill'em
    tmp1C.tmp.Kill'em
    tmp1D.tmp.Kill'em
    tmp1E.tmp.Kill'em
    tmp1F.tmp.Kill'em
    tmp20.tmp.Kill'em
    tmp25.tmp.Kill'em
    tmp26.tmp.Kill'em
    tmp28.tmp.Kill'em
    tmp2D.tmp.Kill'em
    tmp34.tmp.Kill'em
    tmp3A.tmp.Kill'em
    tmp3B.tmp.Kill'em
    tmp3E.tmp.Kill'em
    tmp42.tmp.Kill'em
    tmp44.tmp.Kill'em
    tmp4B.tmp.Kill'em
    tmp5.tmp.Kill'em
    tmp54.tmp.Kill'em
    tmp87.tmp.Kill'em
    tmpA0.tmp.Kill'em
    tmpC0.tmp.Kill'em
    tmpD.tmp.Kill'em
    tmpE.tmp.Kill'em
    tmpF.tmp.Kill'em

    ¤¤¤¤¤¤¤¤¤¤ Verification :

    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

    Layout.ini
    NTOSBOOT-B00DFAAD.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    VOilà voilà !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    Télécharge Navilog1 depuis-ce lien

    ▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    ▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.

    Une fois l'installation terminée, le fix s'exécutera automatiquement.

    ▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***

    >>>>> Le fix peut durer une dizaine de minutes ;)

    ▶ Appuie sur une touche le bloc note va s'ouvrir.

    ▶ Copie-colle le rapport ici.

    0
  7. wattlar
     
    mauvaise manip de ma part.
    J'ai redémarrer l'ordinateur avant de copier le rapport.
    Dois-je lancer navilog de nouveau ?
    0
  8. gen-hackman
     
    nin il doit etre dans C:\ fixnavi.txt il me semble
    0
  9. wattlar
     
    j'ai un fichier cleannavi.txt dont voici le contenu !
    Fix Navipromo version 4.0.1 commencé le 24/08/2009 12:05:36,01

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Administrateur ( Administrator )
    BOOT : Normal boot

    Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:78 Go (Free:57 Go)
    D:\ (Local Disk) - NTFS - Total:154 Go (Free:102 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)

    Recherche executée en mode normal

    Est-ce cela ?
    0
  10. wattlar
     
    malheureusement, j'ai copié tout ce que contient le fichier.
    Je relance navilog ??
    0
  11. wattlar
     
    voici le résultat :
    Fix Navipromo version 4.0.1 commencé le 24/08/2009 14:40:25,26

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Administrateur ( Administrator )
    BOOT : Fail-safe boot

    Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:78 Go (Free:57 Go)
    D:\ (Local Disk) - NTFS - Total:154 Go (Free:102 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)

    Recherche executée en mode sans échec

    [b]Aucune Infection Navipromo/Egdaccess trouvé/b

    *** Scan terminé 24/08/2009 14:41:39,45 ***
    ?
    0
  12. gen-hackman
     
    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant scan all users

    ▶ règle-le sur "60 Days"

    ▶ dans la colonne de gauche , mets tout sur all

    ▶Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ou celui-ci : https://www.cjoint.com/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    Tu feras la meme chose avec le "Extra.txt".
    0
  13. wattlar
     
    Voici les liens pour les deux fichiers demandés
    http://www.cijoint.fr/cjlink.php?file=cj200908/cijYUWFGz3.txt
    et
    http://www.cijoint.fr/cjlink.php?file=cj200908/cijfNsa5uf.txt
    voilà voilà
    0
  14. gen-hackman
     
    passe par cjoint.com pour les deposer stp , cijoint.fr a des soucis en ce moment
    0
  15. gen-hackman
     
    ▶ Double clic sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :

    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :services
    Bonjour Service

    :OTL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\Run: [Cmaudio] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\ipp - No CLSID value found

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "iTunesHelper"=-
    "QuickTime Task"=-
    "SSBkgdUpdate"=-
    "TkBellExe"=-

    :files
    C:\WINDOWS\System32\pmsbfn32.dll
    C:\Documents and Settings\Administrateur\Application Data\exe
    C:\Documents and Settings\Administrateur\Application Data\fltk.org
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

    :commands
    [emptytemp]
    [reboot]


    ▶ Clique sur RunFix pour lancer la suppression.

    ▶ Poste le rapport.
    0
  16. wattlar
     
    Ce rapport là ?
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
    File Protocol\Handler\ipp - No CLSID value found not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\WINDOWS\System32\pmsbfn32.dll
    C:\WINDOWS\System32\pmsbfn32.dll NOT unregistered.
    C:\WINDOWS\System32\pmsbfn32.dll moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org\chrome\skin moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org\chrome\content moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org\chrome moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\Cache moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe\idevices moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\exe moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\fltk.org moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 9771299 bytes
    ->Temporary Internet Files folder emptied: 109962150 bytes
    ->Java cache emptied: 49386677 bytes
    ->FireFox cache emptied: 141206401 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 115616 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 195902775 bytes

    %systemdrive% .tmp files removed: 0 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 1240390 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 925153546 bytes

    Total Files Cleaned = 1366,43 mb

    OTL by OldTimer - Version 3.0.10.7 log created on 08242009_154811

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    0
  17. gen-hackman
     
    ok refais ce que je t ai demandé au post13

    je garde ca pour moi :

    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    0
  • 1
  • 2