Supprimer des trojan
Résolu
cora T
Messages postés
13
Date d'inscription
Statut
Membre
Dernière intervention
-
cora T Messages postés 13 Date d'inscription Statut Membre Dernière intervention -
cora T Messages postés 13 Date d'inscription Statut Membre Dernière intervention -
A voir également:
- Supprimer des trojan
- Supprimer rond bleu whatsapp - Guide
- Supprimer une page word - Guide
- Supprimer pub youtube - Accueil - Streaming
- Fichier impossible à supprimer - Guide
- Supprimer compte instagram - Guide
20 réponses
Bonjour,
--> Fais un scan avec RogueKiller puis poste le rapport.
https://www.commentcamarche.net/faq/30719-utiliser-roguekiller
--> Fais un scan avec RogueKiller puis poste le rapport.
https://www.commentcamarche.net/faq/30719-utiliser-roguekiller
voici le rapport :
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : cora [Droits d'admin]
Mode : Recherche -- Date : 10/04/2013 23:59:42
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (172.20.215.245:3128) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\L --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] fac6e3fdc200c86d78f1d4c13a4ac674
[BSP] f0a6909319c607c2e8c18ab59233ab1e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] e8760fac67a4b0e94139ef0bbb2a4539
[BSP] 904be9804ab1fbc2646d22b2353daa7b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_10042013_235942.txt >>
RKreport[1]_S_10042013_235942.txt
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : cora [Droits d'admin]
Mode : Recherche -- Date : 10/04/2013 23:59:42
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (172.20.215.245:3128) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\L --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] fac6e3fdc200c86d78f1d4c13a4ac674
[BSP] f0a6909319c607c2e8c18ab59233ab1e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] e8760fac67a4b0e94139ef0bbb2a4539
[BSP] 904be9804ab1fbc2646d22b2353daa7b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_10042013_235942.txt >>
RKreport[1]_S_10042013_235942.txt
voila, je ne sais pas si c'est normal mais le scan m'a fait redémarrer mon ordi et j'ai plusieurs dossier qui sont apparu sur mon bureau.
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : cora [Droits d'admin]
Mode : Recherche -- Date : 11/04/2013 00:25:25
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (172.20.215.245:3128) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\U --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] fac6e3fdc200c86d78f1d4c13a4ac674
[BSP] f0a6909319c607c2e8c18ab59233ab1e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] e8760fac67a4b0e94139ef0bbb2a4539
[BSP] 904be9804ab1fbc2646d22b2353daa7b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[4]_S_11042013_002525.txt >>
RKreport[1]_S_10042013_235942.txt ; RKreport[2]_S_11042013_001258.txt ; RKreport[3]_D_11042013_001411.txt ; RKreport[4]_S_11042013_002525.txt
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : cora [Droits d'admin]
Mode : Recherche -- Date : 11/04/2013 00:25:25
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (172.20.215.245:3128) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\U --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] fac6e3fdc200c86d78f1d4c13a4ac674
[BSP] f0a6909319c607c2e8c18ab59233ab1e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] e8760fac67a4b0e94139ef0bbb2a4539
[BSP] 904be9804ab1fbc2646d22b2353daa7b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[4]_S_11042013_002525.txt >>
RKreport[1]_S_10042013_235942.txt ; RKreport[2]_S_11042013_001258.txt ; RKreport[3]_D_11042013_001411.txt ; RKreport[4]_S_11042013_002525.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila
RogueKiller V8.5.4 _x64_ [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : cora [Droits d'admin]
Mode : Suppression -- Date : 11/04/2013 01:05:25
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (172.20.215.245:3128) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\U --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> SUPPRIMÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] fac6e3fdc200c86d78f1d4c13a4ac674
[BSP] f0a6909319c607c2e8c18ab59233ab1e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] e8760fac67a4b0e94139ef0bbb2a4539
[BSP] 904be9804ab1fbc2646d22b2353daa7b : Windows Vista MBR Code
Partition table:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : cora [Droits d'admin]
Mode : Suppression -- Date : 11/04/2013 01:05:25
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (172.20.215.245:3128) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e8ad807b-7e56-019f-558c-923c92d5d05c}\U --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> SUPPRIMÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] fac6e3fdc200c86d78f1d4c13a4ac674
[BSP] f0a6909319c607c2e8c18ab59233ab1e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] e8760fac67a4b0e94139ef0bbb2a4539
[BSP] 904be9804ab1fbc2646d22b2353daa7b : Windows Vista MBR Code
Partition table:
Ton antivirus détecte encore quelque chose ?
--> Utilise l'option "PROXY RAZ" de RogueKiller.
--> Télécharge et enregistre OTL sur ton Bureau.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7/Win8, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Clique ici pour voir les réglages que tu dois effectuer.
--> Copie-colle le texte présent en gras ci-dessous dans la partie inférieure d'OTL "Personnalisation" :
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
--> Clique sur "Analyse".
--> A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt). Il y aura aussi un rapport nommé Extras.txt.
/!\ Ne les poste pas directement sur le forum (ils sont trop longs) /!\
--> Héberge OTL.txt et Extras.txt sur http://pjjoint.malekal.com et poste les liens qui mènent aux rapports dans ton prochain message.
--> Utilise l'option "PROXY RAZ" de RogueKiller.
--> Télécharge et enregistre OTL sur ton Bureau.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7/Win8, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Clique ici pour voir les réglages que tu dois effectuer.
--> Copie-colle le texte présent en gras ci-dessous dans la partie inférieure d'OTL "Personnalisation" :
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
--> Clique sur "Analyse".
--> A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt). Il y aura aussi un rapport nommé Extras.txt.
/!\ Ne les poste pas directement sur le forum (ils sont trop longs) /!\
--> Héberge OTL.txt et Extras.txt sur http://pjjoint.malekal.com et poste les liens qui mènent aux rapports dans ton prochain message.
Non mon antivirus ne s'affole plus. Et voici les liens des rapports :
https://pjjoint.malekal.com/files.php?id=20130411_12i10q15v8j7
https://pjjoint.malekal.com/files.php?id=20130411_u10y10r7j5k8
https://pjjoint.malekal.com/files.php?id=20130411_12i10q15v8j7
https://pjjoint.malekal.com/files.php?id=20130411_u10y10r7j5k8
On va s'occuper des adwares :
--> Télécharge et lance AdwCleaner (d'Xplode), choisis l'option "Suppression" et poste le rapport.
--> Télécharge et lance AdwCleaner (d'Xplode), choisis l'option "Suppression" et poste le rapport.
Menu Démarrer > Panneau de configuration > Désinstaller un programme.
Désinstalle DealBulldog Toolbar et Iadah Toolbar.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7/Win8, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte en gras présent ci-dessous :
:OTL
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}: "URL" = https://www.hugedomains.com/domain_profile.cfm?d=iadah&e=com{searchTerms}
[2013/02/21 11:17:17 | 000,000,000 | ---D | M] (Toolbar Iadah) -- C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com
O3 - HKLM\..\Toolbar: (Iadah Toolbar) - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files (x86)\DevNet\Toolbar\DevNet.dll (DevNet)
O2 - BHO: (MyaagniPPicc) - {E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C} - C:\ProgramData\MyaagniPPicc\5164711809630.dll ()
O2 - BHO: (MyaagniPPicc) - {49897722-466B-4B51-5EAF-196BF52A1688} - C:\ProgramData\MyaagniPPicc\5164731fedf6a.dll ()
[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MyaagniPPicc
[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyaagniPPicc
[2013/04/09 21:23:47 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net
[2013/04/09 21:15:11 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu
CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjhfidjmcmhjnldjfebheepejmiepbd\1\
CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\koldaehhcmnachmafllailgjihajhllg\1\
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww12.searchou.com
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}: "URL" = http://ww12.searchou.com{searchTerms}&id=4cb060d10000000000000ceee6cc9fb0&r=10
CHR - default_search_provider: search_url = http://ww12.searchou.com{searchTerms}&id=4cb060d10000000000000ceee6cc9fb0
CHR - homepage: http://ww12.searchou.com
:files
C:\Program Files (x86)\DevNet\Toolbar
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Toolbar]
[-HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IadahToolbar]
:commands
[emptytemp]
--> Puis clique sur le bouton Correction en haut de la fenêtre.
--> Laisse le programme travailler, redémarre une fois le fix terminé.
--> Poste le rapport qui s'affichera après redémarrage.
Désinstalle DealBulldog Toolbar et Iadah Toolbar.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7/Win8, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte en gras présent ci-dessous :
:OTL
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}: "URL" = https://www.hugedomains.com/domain_profile.cfm?d=iadah&e=com{searchTerms}
[2013/02/21 11:17:17 | 000,000,000 | ---D | M] (Toolbar Iadah) -- C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com
O3 - HKLM\..\Toolbar: (Iadah Toolbar) - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files (x86)\DevNet\Toolbar\DevNet.dll (DevNet)
O2 - BHO: (MyaagniPPicc) - {E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C} - C:\ProgramData\MyaagniPPicc\5164711809630.dll ()
O2 - BHO: (MyaagniPPicc) - {49897722-466B-4B51-5EAF-196BF52A1688} - C:\ProgramData\MyaagniPPicc\5164731fedf6a.dll ()
[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MyaagniPPicc
[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyaagniPPicc
[2013/04/09 21:23:47 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net
[2013/04/09 21:15:11 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu
CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjhfidjmcmhjnldjfebheepejmiepbd\1\
CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\koldaehhcmnachmafllailgjihajhllg\1\
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww12.searchou.com
IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}: "URL" = http://ww12.searchou.com{searchTerms}&id=4cb060d10000000000000ceee6cc9fb0&r=10
CHR - default_search_provider: search_url = http://ww12.searchou.com{searchTerms}&id=4cb060d10000000000000ceee6cc9fb0
CHR - homepage: http://ww12.searchou.com
:files
C:\Program Files (x86)\DevNet\Toolbar
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Toolbar]
[-HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IadahToolbar]
:commands
[emptytemp]
--> Puis clique sur le bouton Correction en haut de la fenêtre.
--> Laisse le programme travailler, redémarre une fois le fix terminé.
--> Poste le rapport qui s'affichera après redémarrage.
voila :
All processes killed
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}: "URL" = http://www.iadah.com/search-E-4?search&q={searchTerms}> in the current context!
Error: Unable to interpret <[2013/02/21 11:17:17 | 000,000,000 | ---D | M] (Toolbar Iadah) -- C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Iadah Toolbar) - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files (x86)\DevNet\Toolbar\DevNet.dll (DevNet)> in the current context!
Error: Unable to interpret <O2 - BHO: (MyaagniPPicc) - {E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C} - C:\ProgramData\MyaagniPPicc\5164711809630.dll ()> in the current context!
Error: Unable to interpret <O2 - BHO: (MyaagniPPicc) - {49897722-466B-4B51-5EAF-196BF52A1688} - C:\ProgramData\MyaagniPPicc\5164731fedf6a.dll ()> in the current context!
Error: Unable to interpret <[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MyaagniPPicc> in the current context!
Error: Unable to interpret <[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyaagniPPicc> in the current context!
Error: Unable to interpret <[2013/04/09 21:23:47 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net> in the current context!
Error: Unable to interpret <[2013/04/09 21:15:11 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu> in the current context!
Error: Unable to interpret <CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjhfidjmcmhjnldjfebheepejmiepbd\1\> in the current context!
Error: Unable to interpret <CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\koldaehhcmnachmafllailgjihajhllg\1\> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?id=4cb060d10000000000000ceee6cc9fb0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}: "URL" = http://searchou.com/?q={searchTerms}&id=4cb060d10000000000000ceee6cc9fb0&r=10> in the current context!
Error: Unable to interpret <CHR - default_search_provider: search_url = http://searchou.com/?q={searchTerms}&id=4cb060d10000000000000ceee6cc9fb0> in the current context!
Error: Unable to interpret <CHR - homepage: http://ww12.searchou.com in the current context!
========== FILES ==========
File\Folder C:\Program Files (x86)\DevNet\Toolbar not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IadahToolbar\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cora
->Temp folder emptied: 17425929 bytes
->Temporary Internet Files folder emptied: 33011 bytes
->Java cache emptied: 90419 bytes
->FireFox cache emptied: 69969229 bytes
->Flash cache emptied: 185704 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95739 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67843 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 84,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_215704
Files\Folders moved on Reboot...
C:\Users\cora\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}: "URL" = http://www.iadah.com/search-E-4?search&q={searchTerms}> in the current context!
Error: Unable to interpret <[2013/02/21 11:17:17 | 000,000,000 | ---D | M] (Toolbar Iadah) -- C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Iadah Toolbar) - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files (x86)\DevNet\Toolbar\DevNet.dll (DevNet)> in the current context!
Error: Unable to interpret <O2 - BHO: (MyaagniPPicc) - {E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C} - C:\ProgramData\MyaagniPPicc\5164711809630.dll ()> in the current context!
Error: Unable to interpret <O2 - BHO: (MyaagniPPicc) - {49897722-466B-4B51-5EAF-196BF52A1688} - C:\ProgramData\MyaagniPPicc\5164731fedf6a.dll ()> in the current context!
Error: Unable to interpret <[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MyaagniPPicc> in the current context!
Error: Unable to interpret <[2013/04/09 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyaagniPPicc> in the current context!
Error: Unable to interpret <[2013/04/09 21:23:47 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net> in the current context!
Error: Unable to interpret <[2013/04/09 21:15:11 | 000,000,000 | ---D | M] (MyaagniPPicc) -- C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu> in the current context!
Error: Unable to interpret <CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjhfidjmcmhjnldjfebheepejmiepbd\1\> in the current context!
Error: Unable to interpret <CHR - Extension: MyaagniPPicc = C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\koldaehhcmnachmafllailgjihajhllg\1\> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?id=4cb060d10000000000000ceee6cc9fb0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\..\SearchScopes\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}: "URL" = http://searchou.com/?q={searchTerms}&id=4cb060d10000000000000ceee6cc9fb0&r=10> in the current context!
Error: Unable to interpret <CHR - default_search_provider: search_url = http://searchou.com/?q={searchTerms}&id=4cb060d10000000000000ceee6cc9fb0> in the current context!
Error: Unable to interpret <CHR - homepage: http://ww12.searchou.com in the current context!
========== FILES ==========
File\Folder C:\Program Files (x86)\DevNet\Toolbar not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IadahToolbar\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cora
->Temp folder emptied: 17425929 bytes
->Temporary Internet Files folder emptied: 33011 bytes
->Java cache emptied: 90419 bytes
->FireFox cache emptied: 69969229 bytes
->Flash cache emptied: 185704 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95739 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67843 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 84,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_215704
Files\Folders moved on Reboot...
C:\Users\cora\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
oups, oui désolé, voila le nouveau rapport :
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}\ not found.
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\Software\Microsoft\Internet Explorer\SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39}\ not found.
File C:\Program Files (x86)\DevNet\Toolbar\DevNet.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C}\ deleted successfully.
C:\ProgramData\MyaagniPPicc\5164711809630.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49897722-466B-4B51-5EAF-196BF52A1688}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49897722-466B-4B51-5EAF-196BF52A1688}\ deleted successfully.
C:\ProgramData\MyaagniPPicc\5164731fedf6a.dll moved successfully.
C:\ProgramData\MyaagniPPicc folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyaagniPPicc folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net\content folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu\content folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu folder moved successfully.
C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjhfidjmcmhjnldjfebheepejmiepbd\1 folder moved successfully.
C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\koldaehhcmnachmafllailgjihajhllg\1 folder moved successfully.
HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
File\Folder C:\Program Files (x86)\DevNet\Toolbar not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IadahToolbar\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cora
->Temp folder emptied: 1927 bytes
->Temporary Internet Files folder emptied: 33212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7201584 bytes
->Flash cache emptied: 492 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8666398404 bytes
Total Files Cleaned = 8 272,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_223706
Files\Folders moved on Reboot...
C:\Users\cora\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C3AC0E4-C7A7-401B-8328-5CF227FAE434}\ not found.
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\Software\Microsoft\Internet Explorer\SearchScopes\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3d17ef2-8118-4fa3-afea-bb2e18a69054}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@iadah.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39}\ not found.
File C:\Program Files (x86)\DevNet\Toolbar\DevNet.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E92EBB48-C671-FB71-7CEB-8D6F9D1CFA5C}\ deleted successfully.
C:\ProgramData\MyaagniPPicc\5164711809630.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49897722-466B-4B51-5EAF-196BF52A1688}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49897722-466B-4B51-5EAF-196BF52A1688}\ deleted successfully.
C:\ProgramData\MyaagniPPicc\5164731fedf6a.dll moved successfully.
C:\ProgramData\MyaagniPPicc folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyaagniPPicc folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net\content folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\smihao_hk@axwdo-.net folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu\content folder moved successfully.
C:\Users\cora\AppData\Roaming\mozilla\Firefox\Profiles\bm5ee7k7.default\extensions\ueeatab@eeooai.edu folder moved successfully.
C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjhfidjmcmhjnldjfebheepejmiepbd\1 folder moved successfully.
C:\Users\cora\AppData\Local\Google\Chrome\User Data\Default\Extensions\koldaehhcmnachmafllailgjihajhllg\1 folder moved successfully.
HKU\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47A5B2F0-D65A-40EC-AC54-A41FA313AB53}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
File\Folder C:\Program Files (x86)\DevNet\Toolbar not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-1165991473-1374937355-1872009684-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IadahToolbar\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cora
->Temp folder emptied: 1927 bytes
->Temporary Internet Files folder emptied: 33212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7201584 bytes
->Flash cache emptied: 492 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8666398404 bytes
Total Files Cleaned = 8 272,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_223706
Files\Folders moved on Reboot...
C:\Users\cora\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Pour finir :
1/
---> Télécharge et installe CCleaner.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers temporaires de Windows datant de plus de 24 heures.
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
2/
---> Télécharge DelFix sur ton Bureau puis lance-le.
* Coche Purger la restauration système et laisse Supprimer les outils de désinfection coché.
* Clique sur Exécuter.
* Le rapport est copié dans le presse-papier, clique droit dans ton prochain message et choisis Coller.
==Prévention==
Désinstalle Java(TM) 6 Update 38.
Un dossier sur la prévention et sécurité sur Internet est disponible ici (A lire avec Adobe Reader).
1/
---> Télécharge et installe CCleaner.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers temporaires de Windows datant de plus de 24 heures.
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
2/
---> Télécharge DelFix sur ton Bureau puis lance-le.
* Coche Purger la restauration système et laisse Supprimer les outils de désinfection coché.
* Clique sur Exécuter.
* Le rapport est copié dans le presse-papier, clique droit dans ton prochain message et choisis Coller.
==Prévention==
Désinstalle Java(TM) 6 Update 38.
Un dossier sur la prévention et sécurité sur Internet est disponible ici (A lire avec Adobe Reader).