Pub audio intempestive [Résolu]

tu respectes bien ca ?

si tu as Vista ou windows 7 => clic droit "executer en tant que...."

Oups désolé mon erreur ! Voici le rapport :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named Bonjour Service was found to stop!
Service\Driver key Bonjour Service not found.
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0 removed from extensions.enabledItems
Folder C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\l6ak3tfm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== FILES ==========
File\Folder C:\Users\Damien\AppData\Local\Lcoholi.dat not found.
File\Folder C:\Users\Damien\AppData\Local\Jdoga.bin not found.
File\Folder C:\Users\Damien\AppData\Local\c1v7b2004pcko3q46sg5by81ek78o4q not found.
File\Folder C:\ProgramData\c1v7b2004pcko3q46sg5by81ek78o4q not found.
File\Folder C:\Users\Damien\AppData\Roaming\2jkdpgsol2cgwggfizkvywk2mtbv13k2 not found.
File\Folder C:\Users\Damien\AppData\Roaming\Ilyqe not found.
File\Folder C:\Users\Damien\AppData\Roaming\k3v1xeeccx33ueskxuuhis31sqy2fil2 not found.
File\Folder C:\Users\Damien\AppData\Roaming\szpsctfq2hiprennffquyz3jhudvs2b2 not found.
File\Folder C:\Users\Damien\AppData\Roaming\Tuikde not found.
File\Folder C:\Users\Damien\AppData\Roaming\ZqWare not found.
Unable to delete ADS C:\Program Files\SuperBook Poker:MID .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Damien
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 206541380 bytes
->Java cache emptied: 2091454 bytes
->FireFox cache emptied: 54013977 bytes
->Apple Safari cache emptied: 77992960 bytes
->Flash cache emptied: 7097416 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56548 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 133775 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 654348 bytes

Total Files Cleaned = 332,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06012011_023033

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

refais un otl normal ?
......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....

oui j'ai refais en mode admin ca a marcher et j'ai obtenu ce rapport

ok refais un scan normal que je voie si tout a bien ete viré

OTL:
http://www.cijoint.fr/cjlink.php?file=cj201106/cij6U3kVBJ.txt


EXTRAS:
http://www.cijoint.fr/cjlink.php?file=cj201106/cijr5tn9jd.txt

pourquoi tu as ouvert la quarantaine zippée de usbfix ?

ce n"est pas moi je ne sais meme pas comment faire ça

fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


▶ Télécharge ici :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

je ferais ca demain j'en peux plus je tombe de fatigue. merci beaucoup beaucoup pout ton temps et ta générosité. C'est vraiment cool ! bonne nuit

ok normalement ca devrait etre bon suite à ce scan , on finira par un super-ménage ;)
......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....

re voici le scan :

http://www.cijoint.fr/cjlink.php?file=cj201106/cijuZ9hnTw.txt

refais un deernier OTL pour verif stp

OTL :

http://www.cijoint.fr/cjlink.php?file=cj201106/cijXjGZodK.txt


EXTRAS :

http://www.cijoint.fr/cjlink.php?file=cj201106/cijzX1i2oi.txt

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\Windows\System32\RemoveDevice.dll
C:\Windows\System32\sugg1l3.dll

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.

====================================

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Services
Bonjour Service
esgiguard
HSXHWAZL

:OTL
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"QuickTime Task"=-

:Files
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winner Poker.lnk

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

Alors pour RemoveDevice.dll :

http://www.virustotal.com/file-scan/reanalysis.html?id=c71b86eb287862a31155c802403249dbff5a189cd6143a2173aa3bd19f2f31c9-1306938138

pour sugg1l3.dll

http://www.virustotal.com/file-scan/reanalysis.html?id=016401231a05a73530672f3933fecd076342c14860d44cc3600b1dd90b80bb8f-1306938278

je fais otl maintenant

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
Service HSXHWAZL stopped successfully!
Service HSXHWAZL deleted successfully!
========== OTL ==========
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: "" removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
========== FILES ==========
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winner Poker.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Damien
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 97345523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 4161536 bytes
->Flash cache emptied: 1086 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 30217678 bytes

Total Files Cleaned = 126,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06012011_153528

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

tu peux cliquer sur reanalyze sur les fichiers de virus totzal

voila pour sugg

http://www.virustotal.com/file-scan/report.html?id=016401231a05a73530672f3933fecd076342c14860d44cc3600b1dd90b80bb8f-1306938278

Et removedevice

http://www.virustotal.com/file-scan/report.html?id=c71b86eb287862a31155c802403249dbff5a189cd6143a2173aa3bd19f2f31c9-1306938138