Malware Doctor : Comment le Supprimer ?

Question

Bonjour a tous,
Voila en attendant d'avoir mon propre ordinateur je surf sur celui de mon père,
Seulement celui ci est sous le controle de Malware Doctor et j'ai beau avoir quelques connaissances je n'arrive pas a m'en débarasser..

Pouvez vous m'aider ?
Merci d'avance.

Destrio5 · Accepted Answer

Ok ;)

La manip' va se dérouler en mode sans échec, tu peux par exemple imprimer la procédure.

--> Télécharge Dr.Web CureIt! sur ton Bureau.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

--> Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
--> Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
--> Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
--> Choisis l'onglet Scanner, et décoche Analyse heuristique.
--> De retour à la fenêtre principale : choisis Analyse complète.
--> Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
--> Clique Oui pour Tout si un fichier est détecté.
--> A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.
--> Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
--> Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
--> Ferme Dr.Web CureIt!
--> Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
--> Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident.

Utilisateur anonyme · Answer

Bonjour Metalb0y@06
Demarres en mode sans echecs: Tapotes sur F8 (ou F5) au demarrage, en meme temps que le logo de ton PC, dans la fenetre noire, tu choisis mode sans echecs, appuyes deux fois sur entree, session administrateur, soit tu trouves le dossier de Malware Doctor  qui doit etre dans programmes files, double clic sur un Uninstall.exe, soit tu vas dans ajout et suppression de programmes du panneau de configuration. Verifies qu'il n'y ai pas une protection residente d'activee.
Sinon tu as Revo Uninstaller qui le fait aussi, en desactivant la protection residente.
A+

Metalb0y@06 · Answer

Merci Beaucoup, je vais essayer =)
Je vous tiens au courant du résultat.

Encore merci.

W3D · Answer

Ou tu y vas à la  "barbare" tu vas dans programes files et supprime directement le dossier.  C'est comme ca que j'ai virer un contrôle parentale. Apres plus aucune trace du logiciel si ce n'est dans la base de registre qu'il faut nettoyer apres ;)

Metalb0y@06 · Answer

J'ai bien essayé tout cela mais le logiciel est introuvable nule part, pourtant il est bien présent et me pourris la vie T.T !
J'ai lu sur un autre forum que cest un virus mais je ne le trouve pas..

W3D · Answer

Tu as essayer 

Rechercher==>malware doctor

et regarde le chemin d'accès

Utilisateur anonyme · Answer

RE
Telecharges HijackThis sur le bureau, tu le lances, clic sur " do a scann systeme and save log file ", a la fin, le bloc notes doit s'ouvrir, tu fais un copier/coller de ce rapport dans un prochain message ci dessous.
A+

Metalb0y@06 · Answer

Voici le Rapport HijackThis, merci beaucoup de m'aider =)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:57, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32eader_s.exe
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\691447002.exe
C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\services.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\a9nnur.exe
C:\Documents and Settings\Propriétaireeader_s.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\a9nnur.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\MRWWWT5S\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {094d97a8-d307-4722-8139-c4333ffab7f0} - C:\WINDOWS\system32lptjjrh.dll
O2 - BHO: (no name) - {c67bb928-5ca4-44ff-a883-1f76ea697466} - c:\windows\system32\cvaijfs.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll (file missing)
O3 - Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32eader_s.exe
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\691447002.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\a9nnur.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Propriétaireeader_s.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\691447002.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\a9nnur.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus SX400 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S20.tmp" /EF "HKCU" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofileeader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail	estabd.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Propriétaire\Application Data\Dealio\kb127es\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F74FF3-4728-4C5E-8211-15AA37A7F190}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB7EF537-7B31-40BF-A3D4-B7ED5543D200}: NameServer = 213.174.139.72,192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: bfgavhd - C:\WINDOWS\SYSTEM32\bfgavhd.dll
O20 - Winlogon Notify: niqdkylq - C:\WINDOWS\SYSTEM32\cvaijfs.dll
O23 - Service: ashevtsvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: avast!antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: bevtservice - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: sopidkc  Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Mises à jour automatiques wuauservSpooler (wuauservspooler) - Unknown owner - C:\WINDOWS\system32\1037r.exe

Utilisateur anonyme · Answer

RE
Telecharges Malwarebytes' Anti-Malware lances le, fais la mise a jour, et un examen complet, a la fin, tu clic sur afficher les resultats et supprimer tout, redemarres si c'est demande. Retournes dans malwarebytes, recuperes le rapport et tu le postes ci dessous.
A+

Metalb0y@06 · Answer

Voila, j'ai lancé malwarebytes et le rapport est ci dessous :



Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 3

27/05/2009 23:25:45
mbam-log-2009-05-27 (23-25-45).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 294363
Temps écoulé: 51 minute(s), 52 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 115
Valeur(s) du Registre infectée(s): 13
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 78

Processus mémoire infecté(s):
C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32eader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32lptjjrh.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{094d97a8-d307-4722-8139-c4333ffab7f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{094d97a8-d307-4722-8139-c4333ffab7f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{094d97a8-d307-4722-8139-c4333ffab7f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcm1394 (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcm1394 (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pcm1394 (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\pcm1394 (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcm1394 (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
avw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsegmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
od32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsegedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsegtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
od32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
iu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
avigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AshEvtSvc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast!Antivirus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uidenhiufgsduiazghs (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runeader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.guarddog2009.com/start/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\121973 (Trojan.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\Guillaume.LEFRANC-TAR4KNB\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\218538 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32lptjjrh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\services.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\a9nnur.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\guillaume.lefranc-tar4knb\local settings	emporary internet files\Content.IE5\1E544A1M\abb[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\guillaume.lefranc-tar4knb\local settings	emporary internet files\Content.IE5\250LIIB8\doc[1].html (Trojan.Spamtool) -> Quarantined and deleted successfully.
c:\documents and settings\guillaume.lefranc-tar4knb\local settings	emporary internet files\Content.IE5\RHETB1I8\main1[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings\Temp\VRT25.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings\Temp\VRT26.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings\Temp\VRT5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings\Temp\VRT6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings\Temp\VRT8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings\Temp\VRT9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\8GGKKT42\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\GFLDSRWI\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\GFLDSRWI\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\GFLDSRWI\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\GO3EVEWZ\w[1].bin (Backdoor.Refpron) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\GO3EVEWZ\w[2].bin (Backdoor.Refpron) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\MFT7YSLM\w[1].bin (Backdoor.Refpron) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\MFT7YSLM\w[2].bin (Backdoor.Refpron) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\MFT7YSLM\w[3].bin (Backdoor.Refpron) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.autorite nt\local settings	emporary internet files\Content.IE5\MFT7YSLM\w[4].bin (Backdoor.Refpron) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\winss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\grb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msncache.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pcm1394.sys (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\local settings	emporary internet files\Content.IE5\4HU9C242\doc[1].html (Trojann.Rlsloup) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\local settings	emporary internet files\Content.IE5\KI9UKE09\abb[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\local settings	emporary internet files\Content.IE5\WE8APUGQ\bb021908[1].exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\VRT7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\guillaume.lefranc-tar4knb\application data\ptidle\ptidle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\ThunMail	estabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
c:\program files\ThunMail	estabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32eader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dpcxool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Propriétaireeader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	pszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	psaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtukd32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\691447002.exe (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Guillaume.LEFRANC-TAR4KNB\Localdir\winlogo.exe (Worm.Archive) -> Quarantined and deleted successfully.
c:\documents and settings\Propriétaire\Localdir\winlogo.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ferryl.cbv (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inqby.sr (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fairy.an (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dolman.zt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ashl.nq (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mqcd.dbt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AshEvtSvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kungsfoaxtfgbf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\kungsfowfufwsg.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Destrio5 · Answer

Bonjour,

Le PC est infecté par Virut, c'est une grosse cochonnerie.

Metalb0y@06 · Answer

Merci beaucoup de m'aider, c'est vraiment l'enfer dans cet odinateur, excusez moi de vous prendre du temps!
J'ai essayé de telecharger le logiciel en vain, la page Web ne s'affiche pas, pas meme par google ou quoi..

Destrio5 · Answer

http://destrio5.free.fr/Telechargement_CCM/drweb-cureit.exe

popcorner · Answer

bonjour à vous 

je connais le me probleme que vous avec ce p#@#@n de malware doctor .. pas moyen de le désinstaller (pas présent dans le panneau de conf / prog files) et aucun antivirus ne parvient à le dégager ..

si qqun a un bon tuto pour le supprimer c'est parfait .

merci d'avance

cedric56 · Answer

Bonjour, j'ai suivi vos conseil et voilà ce que Docteur web me donne en rapport: 

Processus en mémoire: C:\WINDOWS\system32\svchost.exe:572;;BackDoor.Tdss.565;Eradiqué.; 
imapi.sys;C:\WINDOWS\system32\drivers;BackDoor.Tdss.2459;Sera désinfecté après redémarrage de l'ordinateur; 
jar_cache1860620600800795169.tmp;C:\DOCUME~1\CDRICT~1\LOCALS~1\Temp;Trojan.DownLoad1.29373;Irréparable.Quarantaine.; 
1exo4.exe;C:\Documents and Settings\...\Mes documents\algo;Trojan.KillFiles.1488;Irréparable.Quarantaine.; 
stress reducers.exe;C:\Documents and Settings\...\Mes documents\STAGE FEDE\FABRICE\annexe;Joke.Puncher;Irréparable.Quarantaine.; 
asam.exe;c:\documents and settings\...\local settings\application data;Trojan.Fakealert.16183;Irréparable.Quarantaine.; 
imapi.sys;c:\windows\system32\drivers;BackDoor.Tdss.2459;Désinfecté.; 
4ba43fd3.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ba43fd3.qua;Trojan.DownLoad1.29373;; 
4ba43fd3.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Conteneur comporte des objets infectés;Quarantaine.; 
syssvc.exe;C:\Documents and Settings\...\Local Settings\Application Data;Trojan.Fakealert.16183;Irréparable.Quarantaine.; 
oaewxmncrs.tmp/ezwi1810.exe\___.dll;C:\Documents and Settings\...\Local Settings\Temp\oaewxmncrs.tmp/ezwi1810.exe;Adware.Benega.1703;; 
ezwi1810.exe;C:\Documents and Settings\...\Local Settings\Temp;Conteneur comporte des objets infectés;; 
oaewxmncrs.tmp/vowi510.exe\data003;C:\Documents and Settings\...\Local Settings\Temp\oaewxmncrs.tmp/vowi510.exe;Adware.Siggen.5908;; 
vowi510.exe;C:\Documents and Settings\...\Local Settings\Temp;Conteneur comporte des objets infectés;; 
oaewxmncrs.tmp;C:\Documents and Settings\...\Local Settings\Temp;L'archive contient des éléments infectés;Quarantaine.; 
stress reducers.exe;C:\Documents and Settings\...\Mes documents\STAGE FEDE\FABRICE\annexe;Joke.Puncher;Chemin invalide pour le fichier ; 
kkemu[1].htm;C:\Documents and Settings\...\Temporary Internet Files\Content.IE5\PRBP5JER;Trojan.Packed.20024 - erreur de lecture;Supprimé.; 
hypwhc[1].htm;C:\Documents and Settings\...\Temporary Internet Files\Content.IE5\YBUDGPKM;Trojan.DownLoader1.6098;Supprimé.; 
A0088008.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP877;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0088140.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP879;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0088341.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP882;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0088410.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP884;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0088703.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP889;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0088919.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP895;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0089053.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP897;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0090582.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP920;Trojan.Wintrim.44;Irréparable.Quarantaine.; 
A0094166.sys;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP951;Trojan.NtRootKit.6929;Supprimé.; 
A0094191.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP951;Trojan.Fakealert.16183;Irréparable.Quarantaine.; 
A0094203.exe;C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP951;Trojan.Fakealert.16183;Irréparable.Quarantaine.; 
pack.epk\data001;C:\WINDOWS\pack.epk;Dialer.Egroup.468;; 
pack.epk;C:\WINDOWS;Conteneur comporte des objets infectés;Quarantaine.; 
imapi.sys;C:\WINDOWS\system32\drivers;BackDoor.Tdss.2459;Désinfecté.; 


Merci de m'aider, 
Cédric

fififlo01 · Answer

Bonjour,
j'ai une méthode plus simple, peut-être pas très orthodoxe, mais cette saleté ne m'embête plus: lorsqu'il se lance, je ne clique sur rien mais j'utilise le gestionnaire (ctrl+alt+suppr) pour le fermer. Lorsque le gestionnaire dit que ce programme ne répond pas, je choisi "terminer maintenant". Après cette manip, il y a envoi du rapport d'erreur à microsoft et là, je note précisement le nom du programme car il en change souvent (pour moi c'était badoversion707001000lux ) Avec ce nom, je lance une recherche et lorsque je sais où est le dossier, je le supprime simplement. Le programme badoversion707001000lux est toujours dans les options de démarrage, mais il ne pointe plus sur rien, donc il ne se lance plus et n'apparait plus et ne m'embête plus (et quand je dis embêter, je reste poli)
voila, ce n'est peut être qu'un simple bidouillage, mais pour moi ça a fonctionné.
Cordialement

claz · Answer

Yop Yop voila mon rapport d'erreur camarades merci de votre future aide ^^

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4970

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28/10/2010 05:58:02
mbam-log-2010-10-28 (05-58-02).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Elément(s) analysé(s): 233203
Temps écoulé: 1 heure(s), 19 minute(s), 56 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Usersose\AppData\Local\Volaroy.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{08aa0598-6a23-4364-9bf4-6d5f57f42993} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0e8c398-dabe-4ce1-b4d9-ed43b64923f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c7f127df-8877-4e1e-a196-fbbecbc5bc6d} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2615f050-9c18-4267-b711-8e3687dc0145} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ca295d63-514a-4ed0-9b5f-640890f2366b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cb0d9d8c-535e-4352-ba8f-65c3c8676612} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{064c57b4-b9ec-425f-b9b3-bceffeea74d9} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qbakakokupu (Trojan.Hiloti.Gen) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hotbar@hotbar.com (Adware.Hotbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\Bin\2.5.0 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\cs\antiphishing (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Usersose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):


C:\Usersose\AppData\Local\Volaroy.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
C:\Usersose\AppData\Local\Temp\30E5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Usersose\AppData\Local\Temp\arnowxsecm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Usersose\AppData\Local\Temp	rz5055.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Usersose\AppData\Local\Temp	rz7BD8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\396C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\3C0D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\cs\antiphishing\antiphishing.html (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\cs\antiphishing\phishAlert.gif (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\cs\antiphishing\x.gif (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\cs\antiphishing\xActive.gif (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper Help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Usersose\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Usersose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Usersose\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Usersose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Girl30 · Answer

Bonjour,

J'ai eu le même problème dans la soirée malware doctor qui s'est incrusté dans mon ordinateur alors que je venais tout juste de le prêter à mon petit frère ce faux anti virus s'est installé et impossible de le supprime.

J'ai fais de nombreuses manipulations sans résultats pour au final télécharger malwarebytes' Anti-Malware et réussir à le désinstaller en quelques minutes. 

J'espère avoir aidé pour tous ceux qui comme moi en début de soirée ne s'en sortent pas.

PS: j'ai vista..

Bonne chance à tous.

saînne · Answer

salut,pour moi apres 10min que malware doc me bloquait mon ordi, j'ai lu les commentaires;telecharger malwarebytes,1 scane avec pleins de fichiers infectés (48) ensuite supprimer le tout et je vous dit merci et pour les personnes a qui cela arrive n'ayez pas peur de suivre les conseils donnés sur ce site,gracias.

Malware Doctor : Comment le Supprimer ?

19 réponses

Votre réponse

Discussions similaires

Newsletters