Fenetres intempestives avec firefox

salut :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre-le sur ton bureau

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶▶▶▶▶▶▶ ATTENTION : Efface ton adresse IP stp !!!!

ici :

[121]: KB973815 - Update
[122]: KB973869 - Update
[123]: XpsEPSC
Carte(s) r‚seau: 4 carte(s) r‚seau install‚e(s).
[01]: Bluetooth PAN Network Adapter
Nom de la connexion : Connexion au r‚seau local 2
tat : Support d‚connect‚
[02]: Intel(R) PRO/1000 CT Network Connection
Nom de la connexion : Connexion au r‚seau local
DHCP activ‚ : Non
Adresse(s) IP
[01] : 192.168.0.11
[03]: VirtualBox Host-Only Ethernet Adapter
Nom de la connexion : VirtualBox Host-Only Network
DHCP activ‚ : Non
Adresse(s) IP
[01] : 192.168.56.1
[04]: VirtualBox Host-Only Ethernet Adapter
Nom de la connexion : VirtualBox Host-Only Network #2
DHCP activ‚ : Non
Adresse(s) IP
[01] : 192.168.217.1

Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 16 Ko
System 4 Console 0 244 Ko
smss.exe 916 Console 0 400 Ko
csrss.exe 972 Console 0 4ÿ456 Ko
winlogon.exe 996 Console 0 3ÿ536 Ko

▶ colle le contenu dans ta prochaine réponse

voici le résultat
List'em by g3n-h@ckm@n 1.0.2.8

updated on 23.08.2009 ::::: 13.00


Microsoft Windows XP [version 5.1.2600]


24/08/2009 10:19:57,09


Nom de l'h“te: PROPRIET-4FD0E0
Nom du systŠme d'exploitation: Microsoft Windows XP Professionnel
Version du systŠme: 5.1.2600 Service Pack 3 version 2600
Fabricant du systŠme d'exploitation: Microsoft Corporation
Configuration du systŠme d'exploitation: Station de travail autonome
Type de version du systŠme d'exploitation: Multiprocessor Free
Propri‚taire enregistr‚ÿ: PROPRIETAIRE
Organisation enregistr‚eÿ:
Identificateur de produit: 76413-OEM-0080571-69631
Date d'installation originale: 07/02/2008, 12:30:32
Dur‚e d'activit‚ systŠme: 0 jours, 1 heures, 50 minutes, 1 secondes
Fabricant du systŠme: MEDIONPC
ModŠle du systŠme: MS-7046
Type du systŠme: X86-based PC
Processeur(s): 1 processeur(s) install‚(s).
[01]: x86 Family 15 Model 3 Stepping 4 GenuineIntel ~3192 MHz
Version du BIOS: IntelR - 42302e31
R‚pertoire Windows: C:\WINDOWS
R‚pertoire systŠme: C:\WINDOWS\system32
P‚riph‚rique d'amor‡age: \Device\HarddiskVolume1
Option r‚gionale du systŠme: fr;Fran‡ais (France)
ParamŠtres r‚gionaux d'entr‚eÿ: fr;Fran‡ais (France)
Fuseau horaire: N/D
M‚moire physique totale: 1ÿ023 Mo
M‚moire physique disponible: 252 Mo
M‚moire virtuelle : taille maximale: 2ÿ048 Mo
M‚moire virtuelle : disponible: 2ÿ008 Mo
M‚moire virtuelle : en cours d'utilisation: 40 Mo
Emplacements des fichiers d'‚change: C:\pagefile.sys
Domaine: WORKGROUP
Serveur d'ouverture de session: \\PROPRIET-4FD0E0
Correctif(s): 136 Corrections install‚es.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: Q147222
[64]: KB930494 - QFE
[65]: SP3 - SP
[66]: KB928365 - Update
[67]: Q936181
[68]: Q954430
[69]: KB973540_WM9
[70]: KB936782_WMP10
[71]: KB925398_WMP64
[72]: KB923689
[73]: KB941569
[74]: KB968220-IE8 - Update
[75]: KB969897-IE8 - Update
[76]: KB972260-IE8 - Update
[77]: KB936929 - Service Pack
[78]: KB923561 - Update
[79]: KB938464 - Update
[80]: KB946648 - Update
[81]: KB950759 - Update
[82]: KB950760 - Update
[83]: KB950762 - Update
[84]: KB950974 - Update
[85]: KB951066 - Update
[86]: KB951072-v2 - Update
[87]: KB951376 - Update
[88]: KB951376-v2 - Update
[89]: KB951698 - Update
[90]: KB951748 - Update
[91]: KB951978 - Update
[92]: KB952004 - Update
[93]: KB952287 - Update
[94]: KB952954 - Update
[95]: KB953838 - Update
[96]: KB953839 - Update
[97]: KB954211 - Update
[98]: KB954459 - Update
[99]: KB954600 - Update
[100]: KB955069 - Update
[101]: KB955839 - Update
[102]: KB956390 - Update
[103]: KB956391 - Update
[104]: KB956572 - Update
[105]: KB956744 - Update
[106]: KB956802 - Update
[107]: KB956803 - Update
[108]: KB956841 - Update
[109]: KB957095 - Update
[110]: KB957097 - Update
[111]: KB958215 - Update
[112]: KB958644 - Update
[113]: KB958687 - Update
[114]: KB958690 - Update
[115]: KB959426 - Update
[116]: KB960225 - Update
[117]: KB960714 - Update
[118]: KB960715 - Update
[119]: KB960803 - Update
[120]: KB960859 - Update
[121]: KB961371 - Update
[122]: KB961373 - Update
[123]: KB961501 - Update
[124]: KB967715 - Update
[125]: KB968537 - Update
[126]: KB969898 - Update
[127]: KB970238 - Update
[128]: KB971557 - Update
[129]: KB971633 - Update
[130]: KB971657 - Update
[131]: KB973346 - Update
[132]: KB973354 - Update
[133]: KB973507 - Update
[134]: KB973815 - Update
[135]: KB973869 - Update
[136]: KB835221WXP - Update
Carte(s) r‚seau: 4 carte(s) r‚seau install‚e(s).
[01]: Carte r‚seau 1394
Nom de la connexion : Connexion 1394
DHCP activ‚ : Oui
Serveur DHCP : N/D
Adresse(s) IP
[02]: VIA Rhine III Fast Ethernet Adapter
Nom de la connexion : Connexion au r‚seau local
tat : Support d‚connect‚
[03]: Sagem XG703 USB 802.11g
Nom de la connexion : Connexion r‚seau sans fil
DHCP activ‚ : Oui
Serveur DHCP :
Adresse(s) IP

[04]: Cisco Systems VPN Adapter
Nom de la connexion : Connexion au r‚seau local 3

Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 16 Ko
System 4 Console 0 56 Ko
smss.exe 828 Console 0 40 Ko
csrss.exe 1272 Console 0 2ÿ568 Ko
winlogon.exe 1300 Console 0 2ÿ164 Ko
services.exe 1344 Console 0 1ÿ676 Ko
lsass.exe 1356 Console 0 1ÿ944 Ko
ati2evxx.exe 1544 Console 0 196 Ko
svchost.exe 1564 Console 0 1ÿ892 Ko
svchost.exe 1620 Console 0 1ÿ828 Ko
svchost.exe 1684 Console 0 17ÿ900 Ko
svchost.exe 1836 Console 0 1ÿ344 Ko
svchost.exe 1952 Console 0 4ÿ036 Ko
aawservice.exe 516 Console 0 220 Ko
ati2evxx.exe 632 Console 0 412 Ko
explorer.exe 692 Console 0 13ÿ156 Ko
ehtray.exe 1108 Console 0 368 Ko
atiptaxx.exe 1116 Console 0 440 Ko
rundll32.exe 1132 Console 0 456 Ko
Dit.exe 1140 Console 0 240 Ko
AGRSMMSG.exe 1156 Console 0 380 Ko
vVX3000.exe 1200 Console 0 512 Ko
OpWareSE4.exe 1220 Console 0 220 Ko
ExaleadDesktop.exe 1752 Console 0 3ÿ152 Ko
realsched.exe 1784 Console 0 248 Ko
iTunesHelper.exe 1804 Console 0 772 Ko
spoolsv.exe 184 Console 0 904 Ko
jusched.exe 1464 Console 0 64 Ko
sched.exe 260 Console 0 688 Ko
avgnt.exe 292 Console 0 2ÿ344 Ko
ctfmon.exe 352 Console 0 660 Ko
msmsgs.exe 400 Console 0 556 Ko
ISUSPM.exe 424 Console 0 1ÿ772 Ko
mtcipd.exe 452 Console 0 35ÿ920 Ko
svchost.exe 2044 Console 0 576 Ko
avguard.exe 500 Console 0 7ÿ892 Ko
AppleMobileDeviceService. 532 Console 0 200 Ko
mDNSResponder.exe 856 Console 0 228 Ko
Crypserv.exe 896 Console 0 200 Ko
cvpnd.exe 1088 Console 0 844 Ko
ehRecvr.exe 1736 Console 0 280 Ko
ehSched.exe 1672 Console 0 200 Ko
jqs.exe 640 Console 0 1ÿ296 Ko
MSCamS32.exe 584 Console 0 200 Ko
svchost.exe 964 Console 0 1ÿ292 Ko
ExaleadDesktop.exe 1260 Console 0 14ÿ380 Ko
iPodService.exe 3736 Console 0 784 Ko
dllhost.exe 240 Console 0 756 Ko
alg.exe 2192 Console 0 96 Ko
ehmsas.exe 144 Console 0 68 Ko
ExaleadDesktop.exe 1744 Console 0 76ÿ636 Ko
ExaleadDesktop.exe 3304 Console 0 896 Ko
ExaleadDesktop.exe 3592 Console 0 1ÿ080 Ko
ExaleadDesktop.exe 2876 Console 0 248 Ko
thunderbird.exe 1348 Console 0 33ÿ072 Ko
firefox.exe 2812 Console 0 75ÿ812 Ko
javaw.exe 3816 Console 0 2ÿ360 Ko
swriter.exe 476 Console 0 52 Ko
soffice.exe 2848 Console 0 40 Ko
soffice.bin 2564 Console 0 29ÿ584 Ko
AcroRd32.exe 432 Console 0 37ÿ920 Ko
javaw.exe 3828 Console 0 65ÿ944 Ko
wscntfy.exe 3660 Console 0 2ÿ816 Ko
svchost.exe 3252 Console 0 3ÿ528 Ko
List_Killem.exe 3452 Console 0 5ÿ152 Ko
cmd.exe 928 Console 0 1ÿ748 Ko
wmiprvse.exe 1728 Console 0 8ÿ300 Ko
wmiprvse.exe 2260 Console 0 4ÿ940 Ko
tasklist.exe 3064 Console 0 4ÿ716 Ko

Infections :
==========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\WINDOWS\System32\prnjobs.vbs"
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_navps.dat
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp11.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp13.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp15.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp19.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1A.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1B.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1C.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1D.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1E.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1F.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp20.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp25.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp26.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp28.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp2D.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp34.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3A.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3B.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3E.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp42.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp44.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp4B.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp5.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp54.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp87.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpA0.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpC0.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpD.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpE.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpF.tmp

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

ACRORD32.EXE-356875A2.pf
ACRORD32INFO.EXE-24548733.pf
AGENT.EXE-06FC5CDE.pf
ALG.EXE-0F138680.pf
ANOOKI~1.SCR-1C9A0C6E.pf
ASHCNSNT.EXE-19622FE1.pf
ASHMAISV.EXE-12E27032.pf
ASHPOPWZ.EXE-11BDDCD9.pf
ASHWEBSV.EXE-0548EF0A.pf
ASWRUNDLL.EXE-08172F61.pf
AVAST.SETUP-032170A8.pf
AVCENTER.EXE-1A970FA0.pf
AVCONFIG.EXE-1ECA67AD.pf
AVGNT.EXE-200FEF40.pf
AVGUARD.EXE-27095CE7.pf
AVIRA_ANTIVIR_PERSONAL_FREE.E-2706D8D7.pf
AVNOTIFY.EXE-05ED5FD8.pf
AVSCAN.EXE-07FC469C.pf
AVWSC.EXE-0283F9DD.pf
CMD.EXE-087B4001.pf
CONTROL.EXE-013DBFB5.pf
CRASHREP.EXE-247CEE6D.pf
DLLHOST.EXE-5353C76C.pf
DUMPREP.EXE-1B46F901.pf
DWWIN.EXE-30875ADC.pf
EHMSAS.EXE-181DA6C9.pf
EXALEADDESKTOP.EXE-3B98BE83.pf
EXPLORER.EXE-082F38A9.pf
FACT.EXE-281ED643.pf
FIREFOX.EXE-28641590.pf
FREEMIND.EXE-2A52ABD6.pf
FREEPLANE.EXE-10AD91E6.pf
GRPCONV.EXE-111CD845.pf
HELPCTR.EXE-3862B6F5.pf
HELPER.EXE-0F70C40E.pf
HELPSVC.EXE-2878DDA2.pf
IMAPI.EXE-0BF740A4.pf
IMULE.EXE-03723B2C.pf
IMULE.EXE-227F589B.pf
INSTALL.EXE-0322994D.pf
IPODSERVICE.EXE-3192DE38.pf
ISUSPM.EXE-30816766.pf
JAVA.EXE-0C263507.pf
JAVAW.EXE-1DA9F6E6.pf
JAVAW.EXE-2DC32ABC.pf
JAVAWS.EXE-021AC9A9.pf
JQS.EXE-1D781F77.pf
JQSNOTIFY.EXE-24AE4A36.pf
Layout.ini
LIST_KILLEM.EXE-02158BD5.pf
LOGONUI.EXE-0AF22957.pf
MODE.COM-31685BAE.pf
MSCAMS32.EXE-0322BB5E.pf
MSFEEDSSYNC.EXE-25E13438.pf
MSIEXEC.EXE-2F8A8CAE.pf
NTOSBOOT-B00DFAAD.pf
OMNIPAGE.EXE-0E90EA97.pf
OPA11.EXE-1163907E.pf
PRESETUP.EXE-1F0FC270.pf
REALPLAY.EXE-1BF219BD.pf
REG.EXE-0D2A95F7.pf
REGSVR32.EXE-25EEFE2F.pf
RUNDLL32.EXE-13DA0E71.pf
RUNDLL32.EXE-1831A4F3.pf
RUNDLL32.EXE-193C2242.pf
RUNDLL32.EXE-2576181F.pf
RUNDLL32.EXE-26C2C861.pf
RUNDLL32.EXE-2B0C8029.pf
RUNDLL32.EXE-2CBA7525.pf
RUNDLL32.EXE-2CF006FF.pf
RUNDLL32.EXE-3412AE4C.pf
RUNDLL32.EXE-3741A838.pf
RUNDLL32.EXE-38D9A97E.pf
RUNDLL32.EXE-3BF04885.pf
RUNDLL32.EXE-3D97474F.pf
RUNDLL32.EXE-3F22660F.pf
RUNDLL32.EXE-451FC2C0.pf
RUNONCE.EXE-2803F297.pf
SCALC.EXE-066871DC.pf
SCHED.EXE-030F29E1.pf
SETUP.EXE-074020D1.pf
SOFFICE.BIN-01E25E9C.pf
SOFFICE.EXE-358D937C.pf
SVCHOST.EXE-3530F672.pf
SWRITER.EXE-38A9F6BD.pf
SYSTEMINFO.EXE-32ED1FAB.pf
TASKLIST.EXE-10D94B23.pf
TASKMGR.EXE-20256C55.pf
THUNDERBIRD.EXE-38CA75D9.pf
TWAINCLIENT.EXE-06F2A72F.pf
UPDATE.EXE-2577D203.pf
UPDATE.EXE-35504437.pf
UPDATER.EXE-15BCD904.pf
VCREDIST_X86.EXE-202EB851.pf
VERCLSID.EXE-3667BD89.pf
WMIAPSRV.EXE-1E2270A5.pf
WMIPRVSE.EXE-28F301A9.pf
WSCNTFY.EXE-1B24F5EB.pf
WUAUCLT.EXE-399A8E72.pf
XOCR32B.EXE-29FA92AC.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Merci de votre aide

Redemarre en mode sans echec

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse

Kill'em by g3n-h@ckm@n 1.0.2.8

updated on 23.08.2009 ::::: 13.00


Microsoft Windows XP [version 5.1.2600]


24/08/2009 10:54:19,14

Fichiers analysés :
=================


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\WINDOWS\System32\prnjobs.vbs"
"C:\WINDOWS\system32\prntvpt.dll"
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mtcipd_navps.dat
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp11.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp13.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp15.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp19.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1A.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1B.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1C.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1D.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1E.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp1F.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp20.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp25.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp26.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp28.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp2D.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp34.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3A.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3B.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp3E.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp42.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp44.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp4B.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp5.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp54.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp87.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpA0.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpC0.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpD.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpE.tmp
C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmpF.tmp


¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

IE8-Setup-Full-MSN-XP.exe.Kill'em
jre-6u13-windows-i586-p-iftw.exe.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
mtcipd.exe.Kill'em
mtcipd_nav.dat.Kill'em
mtcipd_navps.dat.Kill'em
prnjobs.vbs.Kill'em
prntvpt.dll.Kill'em
qmgr0.dat.Kill'em
qmgr1.dat.Kill'em
tmp11.tmp.Kill'em
tmp13.tmp.Kill'em
tmp15.tmp.Kill'em
tmp19.tmp.Kill'em
tmp1A.tmp.Kill'em
tmp1B.tmp.Kill'em
tmp1C.tmp.Kill'em
tmp1D.tmp.Kill'em
tmp1E.tmp.Kill'em
tmp1F.tmp.Kill'em
tmp20.tmp.Kill'em
tmp25.tmp.Kill'em
tmp26.tmp.Kill'em
tmp28.tmp.Kill'em
tmp2D.tmp.Kill'em
tmp34.tmp.Kill'em
tmp3A.tmp.Kill'em
tmp3B.tmp.Kill'em
tmp3E.tmp.Kill'em
tmp42.tmp.Kill'em
tmp44.tmp.Kill'em
tmp4B.tmp.Kill'em
tmp5.tmp.Kill'em
tmp54.tmp.Kill'em
tmp87.tmp.Kill'em
tmpA0.tmp.Kill'em
tmpC0.tmp.Kill'em
tmpD.tmp.Kill'em
tmpE.tmp.Kill'em
tmpF.tmp.Kill'em

¤¤¤¤¤¤¤¤¤¤ Verification :



Infections :
==========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :


¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

Layout.ini
NTOSBOOT-B00DFAAD.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
VOilà voilà !

Télécharge Navilog1 depuis-ce lien

▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.

▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

>>>>> Le fix peut durer une dizaine de minutes ;)

▶ Appuie sur une touche le bloc note va s'ouvrir.

▶ Copie-colle le rapport ici.

mauvaise manip de ma part.
J'ai redémarrer l'ordinateur avant de copier le rapport.
Dois-je lancer navilog de nouveau ?

nin il doit etre dans C:\ fixnavi.txt il me semble

j'ai un fichier cleannavi.txt dont voici le contenu !
Fix Navipromo version 4.0.1 commencé le 24/08/2009 12:05:36,01

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrateur ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:57 Go)
D:\ (Local Disk) - NTFS - Total:154 Go (Free:102 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)


Recherche executée en mode normal

Est-ce cela ?

oui mais il en manque un bout

malheureusement, j'ai copié tout ce que contient le fichier.
Je relance navilog ??

en mode sans echec

voici le résultat :
Fix Navipromo version 4.0.1 commencé le 24/08/2009 14:40:25,26

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrateur ( Administrator )
BOOT : Fail-safe boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:57 Go)
D:\ (Local Disk) - NTFS - Total:154 Go (Free:102 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)


Recherche executée en mode sans échec


[b]Aucune Infection Navipromo/Egdaccess trouvé/b



*** Scan terminé 24/08/2009 14:41:39,45 ***
?

Télécharge OTL de OLDTimer

▶ enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

ou celui-ci : https://www.cjoint.com/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".

Voici les liens pour les deux fichiers demandés
http://www.cijoint.fr/cjlink.php?file=cj200908/cijYUWFGz3.txt
et
http://www.cijoint.fr/cjlink.php?file=cj200908/cijfNsa5uf.txt
voilà voilà

passe par cjoint.com pour les deposer stp , cijoint.fr a des soucis en ce moment

https://www.cjoint.com/?iypC4UeCOP
et
https://www.cjoint.com/?iypEb75AoK
C'est ok ?

▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:services
Bonjour Service

:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Cmaudio] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\ipp - No CLSID value found


:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"iTunesHelper"=-
"QuickTime Task"=-
"SSBkgdUpdate"=-
"TkBellExe"=-


:files
C:\WINDOWS\System32\pmsbfn32.dll
C:\Documents and Settings\Administrateur\Application Data\exe
C:\Documents and Settings\Administrateur\Application Data\fltk.org
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

:commands
[emptytemp]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.

Ce rapport là ?
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pmsbfn32.dll
C:\WINDOWS\System32\pmsbfn32.dll NOT unregistered.
C:\WINDOWS\System32\pmsbfn32.dll moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org\chrome\skin moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org\chrome\content moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org\chrome moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions\exeex@exelearning.org moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\extensions moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile\Cache moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\linux-profile moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe\idevices moved successfully.
C:\Documents and Settings\Administrateur\Application Data\exe moved successfully.
C:\Documents and Settings\Administrateur\Application Data\fltk.org moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 9771299 bytes
->Temporary Internet Files folder emptied: 109962150 bytes
->Java cache emptied: 49386677 bytes
->FireFox cache emptied: 141206401 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 195902775 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1240390 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 925153546 bytes

Total Files Cleaned = 1366,43 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08242009_154811

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ok refais ce que je t ai demandé au post13







je garde ca pour moi :

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Voici les deux fichiers demandés au post 13
https://www.cjoint.com/?iyqO7wxr30
et
https://www.cjoint.com/?iyqP2tbz5y