Ce virus me pourri mon PC
Jean Pierre Galassi
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour
voilà ce qui s'affiche sur mon PC c:\WINDOWS\SYSTEM\WININET.DLL est contaminé par W32.Desktophijack
meme symantec ne me le sort pas
il faut que je vous disent que l'informatique et moi on est pas trop copain mais je tiens le coup je vais y arriver
sur vos réponse si il y en a faite simple pas comme les informaticiens du boulot
merci Jean Pierre
voilà ce qui s'affiche sur mon PC c:\WINDOWS\SYSTEM\WININET.DLL est contaminé par W32.Desktophijack
meme symantec ne me le sort pas
il faut que je vous disent que l'informatique et moi on est pas trop copain mais je tiens le coup je vais y arriver
sur vos réponse si il y en a faite simple pas comme les informaticiens du boulot
merci Jean Pierre
A voir également:
- Ce virus me pourri mon PC
- Mon pc est lent - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Plus de son sur mon pc - Guide
- Double ecran pc - Guide
7 réponses
Salut,
Tu as bien suivi les instructions de cette page?
http://www.symantec.fr/region/fr/techsupp/avcenter/venc/data/fr-w32.desktophijack.html#technicaldetails
Tu n'aurais pas oublié une clé du registre à supprimer?
Tu as bien suivi les instructions de cette page?
http://www.symantec.fr/region/fr/techsupp/avcenter/venc/data/fr-w32.desktophijack.html#technicaldetails
Tu n'aurais pas oublié une clé du registre à supprimer?
salut jp
1/
telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijack
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
Le bloc note va s'ouvrir, copie tout le contenu et colle le ici a la suite de ton message.
Si tu as du mal, regarde ceci:
http://pageperso.aol.fr/balltrap34/demohijack.htm
2/
telecharge smitfraudfix ici:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
dezippe le (clic droit > extraire tout)
double clic sur smitfraudfix.cmd
choisis l'option 1 (rechercher)
fais un copier/coller du résultat ici
a+
1/
telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijack
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
Le bloc note va s'ouvrir, copie tout le contenu et colle le ici a la suite de ton message.
Si tu as du mal, regarde ceci:
http://pageperso.aol.fr/balltrap34/demohijack.htm
2/
telecharge smitfraudfix ici:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
dezippe le (clic droit > extraire tout)
double clic sur smitfraudfix.cmd
choisis l'option 1 (rechercher)
fais un copier/coller du résultat ici
a+
Logfile of HijackThis v1.99.1
Scan saved at 18:50:38, on 04/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\WANADOO\CNXMON.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\WINDOWS\SYSTEM\MSMSGS.EXE
C:\WINDOWS\SYSTEM\COMBO.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\BDMCON.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
C:\PROGRAM FILES\WANADOO\WATCH.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\BUREAU\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender Free Edition\\bdinit.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {2D37B9E8-C14C-482C-B1CF-939C5440E179} (VTToolkit Control) - http://videomessages.wanadoo.fr/VTToolkit.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
Scan saved at 18:50:38, on 04/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\WANADOO\CNXMON.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\WINDOWS\SYSTEM\MSMSGS.EXE
C:\WINDOWS\SYSTEM\COMBO.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\BDMCON.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
C:\PROGRAM FILES\WANADOO\WATCH.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\BUREAU\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender Free Edition\\bdinit.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {2D37B9E8-C14C-482C-B1CF-939C5440E179} (VTToolkit Control) - http://videomessages.wanadoo.fr/VTToolkit.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
@ECHO OFF
REM Smitfraud Fix (balltrap, moe, S!Ri, Vazkor)
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip
set fixname=SmitFraudFix
set fixvers=v1.5
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support‚e.
echo Windows 2000 / XP requis !
echo.
pause
goto end
:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support‚e.
echo Windows 2000 / XP requis !
echo.
pause
goto exit
:NT
set syspath=%windir%\system32
goto test
:test
if not exist process.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier process.exe absent !
echo.
pause
goto exit
)
if not exist %syspath%\process.exe copy process.exe %syspath%
goto menu
:menu
color 17
cls
echo.
echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
echo º %fixname% %fixvers% º
echo ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹
echo º 1. Rapport - Recherche º
echo º 2. Fix º
echo º 3. Effacer les sites de confiance et sensibles º
echo º Q. Quitter º
echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
echo.
set ChoixMenu=''
set /p ChoixMenu=Entrez votre choix (1,2,3,Q) :
if '%ChoixMenu%'=='q' GOTO exit
if '%ChoixMenu%'=='Q' GOTO exit
if '%ChoixMenu%'=='1' GOTO search
if '%ChoixMenu%'=='2' GOTO fix
if '%ChoixMenu%'=='3' GOTO zonefix
goto menu
:search
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>rapport.txt
echo.
echo.>>rapport.txt
echo Rapport fait à %time% le %date%>>rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo Executé à partir de %CurDir%>>rapport.txt
IF ERRORLEVEL 1 (
echo Executé à partir de >>rapport.txt
cd >>rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version%>>rapport.txt
echo.>>rapport.txt
echo Recherche %HOMEDRIVE%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %HOMEDRIVE%\>>rapport.txt
echo.>>rapport.txt
pushd %HOMEDRIVE%\
if exist rapport2.txt del rapport2.txt
if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe PRESENT !>>rapport2.txt)
if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe PRESENT !>>rapport2.txt)
if exist r.exe (echo %HOMEDRIVE%\r.exe PRESENT !>>rapport2.txt)
if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe PRESENT !>>rapport2.txt)
if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp PRESENT !>>rapport2.txt)
if exist wp.exe (echo %HOMEDRIVE%\wp.exe PRESENT !>>rapport2.txt)
popd
if exist %HOMEDRIVE%\rapport2.txt move %HOMEDRIVE%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %windir%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%>>rapport.txt
echo.>>rapport.txt
pushd %windir%
if exist rapport2.txt del rapport2.txt
if exist desktop.html (echo %windir%\desktop.html PRESENT !>>rapport2.txt)
if exist popuper.exe (echo %windir%\popuper.exe PRESENT !>>rapport2.txt)
if exist screen.html (echo %windir%\screen.html PRESENT !>>rapport2.txt)
if exist sites.ini (echo %windir%\sites.ini PRESENT !>>rapport2.txt)
if exist uninstIU.exe (echo %windir%\uninstIU.exe PRESENT !>>rapport2.txt)
if exist windows.html (echo %windir%\windows.html PRESENT !>>rapport2.txt)
if exist zloader3.exe (echo %windir%\zloader3.exe PRESENT !>>rapport2.txt)
popd
if exist %windir%\rapport2.txt move %windir%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %windir%\system...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%\system>>rapport.txt
echo.>>rapport.txt
pushd %windir%\system
if exist rapport2.txt del rapport2.txt
if exist svchost.exe (echo %windir%\system\svchost.exe PRESENT!>>rapport2.txt)
popd
if exist %windir%\system\rapport2.txt move %windir%\system\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %windir%\Web...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%\Web>>rapport.txt
echo.>>rapport.txt
pushd %windir%\Web
if exist rapport2.txt del rapport2.txt
if exist desktop.html (echo %windir%\Web\desktop.html PRESENT!>>rapport2.txt)
if exist wallpaper.html (echo %windir%\Web\wallpaper.html PRESENT!>>rapport2.txt)
popd
if exist %windir%\Web\rapport2.txt move %windir%\Web\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %syspath%...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %syspath%>>rapport.txt
echo.>>rapport.txt
pushd %syspath%
if exist rapport2.txt del rapport2.txt
if exist gunist.exe (echo %syspath%\gunist.exe PRESENT !>>rapport2.txt)
if exist helper.exe (echo %syspath%\helper.exe PRESENT !>>rapport2.txt)
if exist hhk.dll (echo %syspath%\hhk.dll PRESENT !>>rapport2.txt)
if exist hookdump.exe (echo %syspath%\hookdump.exe PRESENT !>>rapport2.txt)
if exist hp????.tmp (echo %syspath%\hp????.tmp PRESENT !>>rapport2.txt)
if exist intel32.exe (echo %syspath%\intel32.exe PRESENT !>>rapport2.txt)
if exist intell32.exe (echo %syspath%\intell32.exe PRESENT !>>rapport2.txt)
if exist intmon.exe (echo %syspath%\intmon.exe PRESENT !>>rapport2.txt)
if exist intmonp.exe (echo %syspath%\intmonp.exe PRESENT !>>rapport2.txt)
if exist kernels32.exe (echo %syspath%\kernels32.exe PRESENT !>>rapport2.txt)
if exist msmsgs.exe (echo %syspath%\msmsgs.exe PRESENT !>>rapport2.txt)
if exist msole32.exe (echo %syspath%\msole32.exe PRESENT !>>rapport2.txt)
if exist ole32vbs.exe (echo %syspath%\ole32vbs.exe PRESENT !>>rapport2.txt)
if exist oleadm.dll (echo %syspath%\oleadm.dll PRESENT !>>rapport2.txt)
if exist oleadm32.dll (echo %syspath%\oleadm32.dll PRESENT !>>rapport2.txt)
if exist oleext.dll (echo %syspath%\oleext.dll PRESENT !>>rapport2.txt)
if exist oleext32.dll (echo %syspath%\oleext32.dll PRESENT !>>rapport2.txt)
if exist param32.dll (echo %syspath%\param32.dll PRESENT !>>rapport2.txt)
if exist perfcii.ini (echo %syspath%\perfcii.ini PRESENT !>>rapport2.txt)
if exist pop_up.dll (echo %syspath%\pop_up.dll PRESENT !>>rapport2.txt)
if exist runsrv32.dll (echo %syspath%\runsrv32.dll PRESENT !>>rapport2.txt)
if exist runsrv32.exe (echo %syspath%\runsrv32.exe PRESENT !>>rapport2.txt)
if exist searchdll.dll (echo %syspath%\searchdll.dll PRESENT !>>rapport2.txt)
if exist shnlog.exe (echo %syspath%\shnlog.exe PRESENT !>>rapport2.txt)
if exist srpcsrv32.dll (echo %syspath%\srpcsrv32.dll PRESENT !>>rapport2.txt)
if exist srpcsrv32.exe (echo %syspath%\srpcsrv32.exe PRESENT !>>rapport2.txt)
if exist svchosts.dll (echo %syspath%\svchosts.dll PRESENT !>>rapport2.txt)
if exist svcnt.exe (echo %syspath%\svcnt.exe PRESENT !>>rapport2.txt)
if exist txfdb32.dll (echo %syspath%\txfdb32.dll PRESENT !>>rapport2.txt)
if exist vxgame?.exe (echo %syspath%\vxgame?.exe PRESENT !>>rapport2.txt)
if exist vxgamet?.exe (echo %syspath%\vxgamet?.exe PRESENT !>>rapport2.txt)
if exist vxh8jkdq?.exe (echo %syspath%\vxh8jkdq?.exe PRESENT !>>rapport2.txt)
if exist w8673492.exe (echo %syspath%\w8673492.exe PRESENT !>>rapport2.txt)
if exist winnook.exe (echo %syspath%\winnook.exe PRESENT !>>rapport2.txt)
if exist wldr.dll (echo %syspath%\wldr.dll PRESENT !>>rapport2.txt)
if exist wp.bmp (echo %syspath%\wp.bmp PRESENT !>>rapport2.txt)
if exist wppp.html (echo %syspath%\wppp.html PRESENT !>>rapport2.txt)
popd
if exist %syspath%\rapport2.txt move %syspath%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %syspath%\LogFiles...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %syspath%\LogFiles>>rapport.txt
echo.>>rapport.txt
pushd %syspath%\LogFiles
if exist rapport2.txt del rapport2.txt
if exist A5281300.so (echo %syspath%\A5281300.so PRESENT !>>rapport2.txt)
if exist T54111925.so (echo %syspath%\T54111925.so PRESENT !>>rapport2.txt)
if exist H53131712.so (echo %syspath%\H53131712.so PRESENT !>>rapport2.txt)
if exist A54102200.so (echo %syspath%\A54102200.so PRESENT !>>rapport2.txt)
if exist S53252000.so (echo %syspath%\S53252000.so PRESENT !>>rapport2.txt)
if exist A04111925.so (echo %syspath%\A04111925.so PRESENT !>>rapport2.txt)
if exist M54111925.so (echo %syspath%\M54111925.so PRESENT !>>rapport2.txt)
if exist P54111925.so (echo %syspath%\P54111925.so PRESENT !>>rapport2.txt)
popd
if exist %syspath%\LogFiles\rapport2.txt move %syspath%\LogFiles\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %userprofile%\Application Data...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %userprofile%\Application Data>>rapport.txt
echo.>>rapport.txt
pushd %userprofile%\Application Data
if exist rapport2.txt del rapport2.txt
if exist Install.dat (echo %userprofile%\Application Data\Install.dat PRESENT !>>rapport2.txt)
popd
if exist %userprofile%\Application Data\rapport2.txt move %userprofile%\Application Data\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %ProgramFiles%...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %ProgramFiles%>>rapport.txt
echo.>>rapport.txt
if exist "%ProgramFiles%\AdwareDelete" echo %ProgramFiles%\AdwareDelete\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\AntivirusGold" echo %ProgramFiles%\AntivirusGold\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\Daily Weather Forecast" echo %ProgramFiles%\Daily Weather Forecast\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\PSGuard" echo %ProgramFiles%\PSGuard\ PRESENT!>>rapport.txt
if exist "%ProgramFiles%\Search Maid" echo %ProgramFiles%\Search Maid\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\Security IGuard" echo %ProgramFiles%\Security IGuard\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\SpySheriff" echo %ProgramFiles%\SpySheriff\PRESENT!>>rapport.txt
if exist "%ProgramFiles%\SpyKiller" echo %ProgramFiles%\SpyKiller\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\Virtual Maid" echo %ProgramFiles%\Virtual Maid\ PRESENT !>>rapport.txt
if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ PRESENT !>>rapport.txt
if exist %syspath%\intell32.exe goto DateFile
goto wininetscan
:DateFile
dir %syspath%\intell32.exe /4 /A /N /-C>result.txt
type result.txt | find /i "intell32.exe">result2.txt
for /f "tokens=1" %%a in (result2.txt) do set filedate=%%a
echo Recherche des fichiers cr‚‚s le %filedate%...
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche fichiers créés le %filedate%>>rapport.txt
echo !!! Attention, les fichiers qui suivent ne sont pas forcément infectés !!!>>rapport.txt
echo.>>rapport.txt
dir %HOMEDRIVE%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
for /f "tokens=4" %%a in (result.txt) do echo %HOMEDRIVE%\%%a>>rapport.txt
dir %windir%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
for /f "tokens=4" %%a in (result.txt) do echo %windir%\%%a>>rapport.txt
dir %syspath%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
for /f "tokens=4" %%a in (result.txt) do echo %syspath%\%%a>>rapport.txt
if exist result.txt del result.txt
if exist result2.txt del result2.txt
goto wininetscan
:wininetscan
findstr /m /I "OLEADM" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
findstr /m /I "OLEEXT" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
del result.txt
if exist infected.txt (
del infected.txt
echo.
echo.>>rapport.txt
echo %syspath%\wininet.dll infect‚ !
echo %syspath%\wininet.dll infecté !>>rapport.txt
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche wininet.dll de remplacement>>rapport.txt
echo.>>rapport.txt
dir %systemroot%\wininet.dll /a h /s>>rapport.txt
)
goto fin
:fix
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>rapport.txt
echo.
echo.>>rapport.txt
echo Rapport fait à %time% le %date%>>rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo Executé à partir de %CurDir%>>rapport.txt
IF ERRORLEVEL 1 (
echo Executé à partir de >>rapport.txt
cd >>rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version%>>rapport.txt
echo.>>rapport.txt
echo Arret des processus...
echo »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus>>rapport.txt
echo.>>rapport.txt
process -k AntivirusGold.exe>nul
process -k bsw.exe>nul
process -k gunist.exe>nul
process -k helper.exe>nul
process -k hookdump.exe>nul
process -k intel32.exe>nul
process -k intell32.exe>nul
process -k intmon.exe>nul
process -k intmonp.exe>nul
process -k kernels32.exe>nul
process -k msmsgs.exe>nul
process -k msole32.exe>nul
process -k ntdetecd.exe>nul
process -k ole32vbs.exe>nul
process -k ongi.exe>nul
process -k popuper.exe>nul
process -k r.exe>nul
process -k runsrv32.exe>nul
process -k shnlog.exe>nul
process -k svcnt.exe>nul
process -k spoolsrv32.exe>nul
process -k uninst.exe>nul
process -k uninstIU.exe>nul
process -k w8673492.exe>nul
process -k weather.exe>nul
process -k winnook.exe>nul
process -k winstall.exe>nul
process -k wp.exe>nul
process -k zloader3.exe>nul
echo.>>rapport.txt
echo Suppression des fichiers infect‚s...
echo »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés>>rapport.txt
echo.>>rapport.txt
pushd %HOMEDRIVE%\
if exist rapport2.txt del rapport2.txt
if exist bsw.exe (
attrib -r -s -h bsw.exe
del /a /f bsw.exe
if NOT exist bsw.exe echo %HOMEDRIVE%\bsw.exe supprimé>>rapport2.txt
if exist bsw.exe echo Problème suppression %HOMEDRIVE%\bsw.exe>>rapport2.txt
)
if exist ntdetecd.exe (
attrib -r -s -h ntdetecd.exe
del /a /f ntdetecd.exe
if NOT exist ntdetecd.exe echo %HOMEDRIVE%\ntdetecd.exe supprimé>>rapport2.txt
if exist ntdetecd.exe echo Problème suppression %HOMEDRIVE%\ntdetecd.exe>>rapport2.txt
)
if exist r.exe (
attrib -r -s -h r.exe
del /a /f r.exe
if NOT exist r.exe echo %HOMEDRIVE%\r.exe supprimé>>rapport2.txt
if exist r.exe echo Problème suppression %HOMEDRIVE%\r.exe>>rapport2.txt
)
if exist winstall.exe (
attrib -r -s -h winstall.exe
del /a /f winstall.exe
if NOT exist winstall.exe echo %HOMEDRIVE%\winstall.exe supprimé>>rapport2.txt
if exist winstall.exe echo Problème suppression %HOMEDRIVE%\winstall.exe>>rapport2.txt
)
if exist wp.bmp (
attrib -r -s -h wp.bmp
del /a /f wp.bmp
if NOT exist wp.bmp echo %HOMEDRIVE%\wp.bmp supprimé>>rapport2.txt
if exist wp.bmp echo Problème suppression %HOMEDRIVE%\wp.bmp>>rapport2.txt
)
if exist wp.exe (
attrib -r -s -h wp.exe
del /a /f wp.exe
if NOT exist wp.exe echo %HOMEDRIVE%\wp.exe supprimé>>rapport2.txt
if exist wp.exe echo Problème suppression %HOMEDRIVE%\wp.exe>>rapport2.txt
)
popd
if exist %HOMEDRIVE%\rapport2.txt move %HOMEDRIVE%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %windir%
if exist rapport2.txt del rapport2.txt
if exist desktop.html (
attrib -r -s -h desktop.html
del /a /f desktop.html
if NOT exist desktop.html echo %windir%\desktop.html supprimé>>rapport2.txt
if exist desktop.html echo Problème suppression %windir%\desktop.html>>rapport2.txt
)
if exist popuper.exe (
attrib -r -s -h popuper.exe
del /a /f popuper.exe
if NOT exist popuper.exe echo %windir%\popuper.exe supprimé>>rapport2.txt
if exist popuper.exe echo Problème suppression %windir%\popuper.exe>>rapport2.txt
)
if exist screen.html (
attrib -r -s -h screen.html
del /a /f screen.html
if NOT exist screen.html echo %windir%\screen.html supprimé>>rapport2.txt
if exist screen.html echo Problème suppression %windir%\screen.html>>rapport2.txt
)
if exist sites.ini (
attrib -r -s -h sites.ini
del /a /f sites.ini
if NOT exist sites.ini echo %windir%\sites.ini supprimé>>rapport2.txt
if exist sites.ini echo Problème suppression %windir%\sites.ini>>rapport2.txt
)
if exist uninstIU.exe (
attrib -r -s -h uninstIU.exe
del /a /f uninstIU.exe
if NOT exist uninstIU.exe echo %windir%\uninstIU.exe supprimé>>rapport2.txt
if exist uninstIU.exe echo Problème suppression %windir%\uninstIU.exe>>rapport2.txt
)
if exist windows.html (
attrib -r -s -h windows.html
del /a /f windows.html
if NOT exist windows.html echo %windir%\windows.html supprimé>>rapport2.txt
if exist uninstIU.exe echo Problème suppression %windir%\windows.html>>rapport2.txt
)
if exist zloader3.exe (
attrib -r -s -h zloader3.exe
del /a /f zloader3.exe
if NOT exist zloader3.exe echo %windir%\zloader3.exe supprimé>>rapport2.txt
if exist zloader3.exe echo Problème suppression %windir%\zloader3.exe>>rapport2.txt
)
popd
if exist %windir%\rapport2.txt move %windir%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %windir%\system
if exist svchost.exe (
attrib -r -s -h svchost.exe
del /a /f svchost.exe
if NOT exist svchost.exe echo %windir%\systemb\svchost.exe supprimé>>rapport2.txt
if exist svchost.exe echo Problème suppression %windir%\system\svchost.exe>>rapport2.txt
)
popd
if exist %windir%\system\rapport2.txt move %windir%\system\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %windir%\Web
if exist desktop.html (
attrib -r -s -h desktop.html
del /a /f desktop.html
if NOT exist desktop.html echo %windir%\Web\desktop.html supprimé>>rapport2.txt
if exist desktop.html echo Problème suppression %windir%\Web\desktop.html>>rapport2.txt
)
if exist wallpaper.html (
attrib -r -s -h wallpaper.html
del /a /f wallpaper.html
if NOT exist wallpaper.html echo %windir%\Web\wallpaper.html supprimé>>rapport2.txt
if exist wallpaper.html echo Problème suppression %windir%\Web\wallpaper.html>>rapport2.txt
)
popd
if exist %windir%\Web\rapport2.txt move %windir%\Web\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %syspath%
if exist rapport2.txt del rapport2.txt
if exist gunist.exe (
attrib -r -s -h gunist.exe
del /a /f gunist.exe
if NOT exist gunist.exe echo %syspath%\gunist.exe supprimé>>rapport2.txt
if exist gunist.exe echo Problème suppression %syspath%\gunist.exe>>rapport2.txt
)
if exist helper.exe (
attrib -r -s -h helper.exe
del /a /f helper.exe
if NOT exist helper.exe echo %syspath%\helper.exe supprimé>>rapport2.txt
if exist helper.exe echo Problème suppression %syspath%\helper.exe>>rapport2.txt
)
if exist hhk.dll (
attrib -r -s -h hhk.dll
del /a /f hhk.dll
if NOT exist hhk.dll echo %syspath%\hhk.dll supprimé>>rapport2.txt
if exist hhk.dll echo Problème suppression %syspath%\hhk.dll>>rapport2.txt
)
if exist hookdump.exe (
attrib -r -s -h hookdump.exe
del /a /f hookdump.exe
if NOT exist hookdump.exe echo %syspath%\hookdump.exe supprimé>>rapport2.txt
if exist hookdump.exe echo Problème suppression %syspath%\hookdump.exe>>rapport2.txt
)
if exist hp????.tmp (
attrib -r -s -h hp????.tmp
del /a /f hp????.tmp
if NOT exist hp*.tmp echo %syspath%\hp????.tmp supprimé>>rapport2.txt
if exist hp????.tmp echo Problème suppression %syspath%\hp????.tmp>>rapport2.txt
)
if exist intel32.exe (
attrib -r -s -h intel32.exe
del /a /f intel32.exe
if NOT exist intel32.exe echo %syspath%\intel32.exe supprimé>>rapport2.txt
if exist intel32.exe echo Problème suppression %syspath%\intel32.exe>>rapport2.txt
)
if exist intell32.exe (
attrib -r -s -h intell32.exe
del /a /f intell32.exe
if NOT exist intell32.exe echo %syspath%\intell32.exe supprimé>>rapport2.txt
if exist intell32.exe echo Problème suppression %syspath%\intell32.exe>>rapport2.txt
)
if exist intmon.exe (
attrib -r -s -h intmon.exe
del /a /f intmon.exe
if NOT exist intmon.exe echo %syspath%\intmon.exe supprimé>>rapport2.txt
if exist intmon.exe echo Problème suppression %syspath%\intmon.exe>>rapport2.txt
)
if exist intmonp.exe (
attrib -r -s -h intmonp.exe
del /a /f intmonp.exe
if NOT exist intmonp.exe echo %syspath%\intmonp.exe supprimé>>rapport2.txt
if exist intmonp.exe echo Problème suppression %syspath%\intmonp.exe >>rapport2.txt
)
if exist kernels32.exe (
attrib -r -s -h kernels32.exe
del /a /f kernels32.exe
if NOT exist kernels32.exe echo %syspath%\kernels32.exe supprimé>>rapport2.txt
if exist kernels32.exe echo Problème suppression %syspath%\kernels32.exe>>rapport2.txt
)
if exist msmsgs.exe (
attrib -r -s -h msmsgs.exe
del /a /f msmsgs.exe
if NOT exist msmsgs.exe echo %syspath%\msmsgs.exe supprimé>>rapport2.txt
if exist msmsgs.exe echo Problème suppression %syspath%\msmsgs.exe>>rapport2.txt
)
if exist msole32.exe (
attrib -r -s -h msole32.exe
del /a /f msole32.exe
if NOT exist msole32.exe echo %syspath%\msole32.exe supprimé>>rapport2.txt
if exist msole32.exe echo Problème suppression %syspath%\msole32.exe>>rapport2.txt
)
if exist ole32vbs.exe (
attrib -r -s -h ole32vbs.exe
del /a /f ole32vbs.exe
if NOT exist ole32vbs.exe echo %syspath%\ole32vbs.exe supprimé>>rapport2.txt
if exist ole32vbs.exe echo Problème suppression %syspath%\ole32vbs.exe>>rapport2.txt
)
if exist oleadm.dll (
attrib -r -s -h oleadm.dll
del /a /f oleadm.dll
if NOT exist oleadm.dll echo %syspath%\oleadm.dll supprimé>>rapport2.txt
if exist oleadm.dll echo Problème suppression %syspath%\oleadm.dll>>rapport2.txt
)
if exist oleadm32.dll (
attrib -r -s -h oleadm32.dll
del /a /f oleadm32.dll
if NOT exist oleadm32.dll echo %syspath%\oleadm32.dll supprimé>>rapport2.txt
if exist oleadm32.dll echo Problème suppression %syspath%\oleadm32.dll>>rapport2.txt
)
if exist oleext.dll (
attrib -r -s -h oleext.dll
del /a /f oleext.dll
if NOT exist oleext.dll echo %syspath%\oleext.dll supprimé>>rapport2.txt
if exist oleext.dll echo Problème suppression %syspath%\oleext.dll>>rapport2.txt
)
if exist oleext2.dll (
attrib -r -s -h oleext32.dll
del /a /f oleext32.dll
if NOT exist oleext32.dll echo %syspath%\oleext32.dll supprimé>>rapport2.txt
if exist oleext32.dll echo Problème suppression %syspath%\oleext32.dll>>rapport2.txt
)
if exist param32.dll (
attrib -r -s -h param32.dll
del /a /f param32.dll
if NOT exist param32.dll echo %syspath%\param32.dll supprimé>>rapport2.txt
if exist param32.dll echo Problème suppression %syspath%\param32.dll>>rapport2.txt
)
if exist perfcii.ini (
attrib -r -s -h perfcii.ini
del /a /f perfcii.ini
if NOT exist perfcii.ini echo %syspath%\perfcii.ini supprimé>>rapport2.txt
if exist perfcii.ini echo Problème suppression %syspath%\perfcii.ini>>rapport2.txt
)
if exist pop_up.dll (
attrib -r -s -h pop_up.dll
del /a /f pop_up.dll
if NOT exist pop_up.dll echo %syspath%\pop_up.dll supprimé>>rapport2.txt
if exist pop_up.dll echo Problème suppression %syspath%\pop_up.dll>>rapport2.txt
)
if exist runsrv32.dll (
attrib -r -s -h runsrv32.dll
del /a /f runsrv32.dll
if NOT exist runsrv32.dll echo %syspath%\runsrv32.dll supprimé>>rapport2.txt
if exist runsrv32.dll echo Problème suppression %syspath%\runsrv32.dll>>rapport2.txt
)
if exist runsrv32.exe (
attrib -r -s -h runsrv32.exe
del /a /f runsrv32.exe
if NOT exist runsrv32.exe echo %syspath%\runsrv32.exe supprimé>>rapport2.txt
if exist runsrv32.exe echo Problème suppression %syspath%\runsrv32.exe>>rapport2.txt
)
if exist searchdll.dll (
attrib -r -s -h searchdll.dll
del /a /f searchdll.dll
if NOT exist searchdll.dll echo %syspath%\searchdll.dll supprimé>>rapport2.txt
if exist searchdll.dll echo Problème suppression %syspath%\searchdll.dll>>rapport2.txt
)
if exist shnlog.exe (
attrib -r -s -h shnlog.exe
del /a /f shnlog.exe
if NOT exist shnlog.exe echo %syspath%\shnlog.exe supprimé>>rapport2.txt
if exist shnlog.exe echo Problème suppression %syspath%\shnlog.exe>>rapport2.txt
)
if exist spoolsrv32.exe (
attrib -r -s -h spoolsrv32.exe
del /a /f spoolsrv32.exe
if NOT exist spoolsrv32.exe echo %syspath%\spoolsrv32.exe supprimé>>rapport2.txt
if exist spoolsrv32.exe echo Problème suppression %syspath%\spoolsrv32.exe>>rapport2.txt
)
if exist srpcsrv32.dll (
attrib -r -s -h srpcsrv32.dll
del /a /f srpcsrv32.dll
if NOT exist srpcsrv32.dll echo %syspath%\srpcsrv32.dll supprimé>>rapport2.txt
if exist srpcsrv32.dll echo Problème suppression %syspath%\srpcsrv32.dll>>rapport2.txt
)
if exist srpcsrv32.exe (
attrib -r -s -h srpcsrv32.exe
del /a /f srpcsrv32.exe
if NOT exist srpcsrv32.exe echo %syspath%\srpcsrv32.exe supprimé>>rapport2.txt
if exist srpcsrv32.exe echo Problème suppression %syspath%\srpcsrv32.exe>>rapport2.txt
)
if exist svchosts.dll (
attrib -r -s -h svchosts.dll
del /a /f svchosts.dll
if NOT exist svchosts.dll echo %syspath%\svchosts.dll supprimé>>rapport2.txt
if exist svchosts.dll echo Problème suppression %syspath%\svchosts.dll>>rapport2.txt
)
if exist svcnt.exe (
attrib -r -s -h svcnt.exe
del /a /f svcnt.exe
if NOT exist svcnt.exe echo %syspath%\svcnt.exe supprimé>>rapport2.txt
if exist svcnt.exe echo Problème suppression %syspath%\svcnt.exe>>rapport2.txt
)
if exist txfdb32.dll (
attrib -r -s -h txfdb32.dll
del /a /f txfdb32.dll
if NOT exist txfdb32.dll echo %syspath%\txfdb32.dll supprimé>>rapport2.txt
if exist txfdb32.dll echo Problème suppression %syspath%\txfdb32.dll>>rapport2.txt
)
if exist vxgame?.exe (
attrib -r -s -h vxgame?.exe
del /a /f /q vxgame?.exe
if NOT exist vxgame?.exe echo %syspath%\vxgame?.exe supprimé>>rapport2.txt
if exist vxgame?.exe echo Problème suppression %syspath%\vxgame?.exe>>rapport2.txt
)
if exist vxgamet?.exe (
attrib -r -s -h vxgamet?.exe
del /a /f /q vxgamet?.exe
if NOT exist vxgamet?.exe echo %syspath%\vxgamet?.exe supprimé>>rapport2.txt
if exist vxgamet?.exe echo Problème suppression %syspath%\vxgamet?.exe>>rapport2.txt
)
if exist vxh8jkdq?.exe (
attrib -r -s -h vxh8jkdq?.exe
del /a /f /q vxh8jkdq?.exe
if NOT exist vxh8jkdq?.exe echo %syspath%\vxh8jkdq?.exe supprimé>>rapport2.txt
if exist vxh8jkdq?.exe echo Problème suppression %syspath%\vxh8jkdq?.exe>>rapport2.txt
)
if exist w8673492.exe (
attrib -r -s -h w8673492.exe
del /a /f w8673492.exe
if NOT exist w8673492.exe echo %syspath%\w8673492.exe supprimé>>rapport2.txt
if exist w8673492.exe echo Problème suppression %syspath%\w8673492.exe>>rapport2.txt
)
if exist winnook.exe (
attrib -r -s -h winnook.exe
del /a /f winnook.exe
if NOT exist winnook.exe echo %syspath%\winnook.exe supprimé>>rapport2.txt
if exist winnook.exe echo Problème suppression %syspath%\winnook.exe>>rapport2.txt
)
if exist wldr.dll (
attrib -r -s -h wldr.dll
del /a /f wldr.dll
if NOT exist wldr.dll echo %syspath%\wldr.dll supprimé>>rapport2.txt
if exist wldr.dll echo Problème suppression %syspath%\wldr.dll>>rapport2.txt
)
if exist wp.bmp (
attrib -r -s -h wp.bmp
del /a /f wp.bmp
if NOT exist wp.bmp echo %syspath%\wp.bmp supprimé>>rapport2.txt
if exist wp.bmp echo Problème suppression %syspath%\wp.bmp>>rapport2.txt
)
if exist wppp.html (
attrib -r -s -h wppp.html
del /a /f wppp.html
if NOT exist wppp.html echo %syspath%\wppp.html supprimé>>rapport2.txt
if exist wppp.html echo Problème suppression %syspath%\wppp.html>>rapport2.txt
)
popd
if exist %syspath%\rapport2.txt move %syspath%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %syspath%\LogFiles
if exist rapport2.txt del rapport2.txt
if exist A5281300.so (
attrib -r -s -h A5281300.so
del /a /f A5281300.so
if NOT exist A5281300.so echo %syspath%\LogFiles\A5281300.so supprimé>>rapport2.txt
if exist A5281300.so echo Problème suppression %syspath%\LogFiles\A5281300.so>>rapport2.txt
)
if exist T54111925.so (
attrib -r -s -h T54111925.so
del /a /f T54111925.so
if NOT exist T54111925.so echo %syspath%\LogFiles\T54111925.so supprimé>>rapport2.txt
if exist T54111925.so echo Problème suppression %syspath%\LogFiles\T54111925.so>>rapport2.txt
)
if exist H53131712.so (
attrib -r -s -h H53131712.so
del /a /f H53131712.so
if NOT exist H53131712.so echo %syspath%\LogFiles\H53131712.so supprimé>>rapport2.txt
if exist H53131712.so echo Problème suppression %syspath%\LogFiles\H53131712.so>>rapport2.txt
)
if exist A54102200.so (
attrib -r -s -h A54102200.so
del /a /f A54102200.so
if NOT exist A54102200.so echo %syspath%\LogFiles\A54102200.so supprimé>>rapport2.txt
if exist A54102200.so echo Problème suppression %syspath%\LogFiles\A54102200.so>>rapport2.txt
)
if exist S53252000.so (
attrib -r -s -h S53252000.so
del /a /f S53252000.so
if NOT exist S53252000.so echo %syspath%\LogFiles\S53252000.so supprimé>>rapport2.txt
if exist S53252000.so echo Problème suppression %syspath%\LogFiles\S53252000.so>>rapport2.txt
)
if exist A04111925.so (
attrib -r -s -h A04111925.so
del /a /f A04111925.so
if NOT exist A04111925.so echo %syspath%\LogFiles\A04111925.so supprimé>>rapport2.txt
if exist A04111925.so echo Problème suppression %syspath%\LogFiles\A04111925.so>>rapport2.txt
)
if exist M54111925.so (
attrib -r -s -h M54111925.so
del /a /f M54111925.so
if NOT exist M54111925.so echo %syspath%\LogFiles\M54111925.so supprimé>>rapport2.txt
if exist M54111925.so echo Problème suppression %syspath%\LogFiles\M54111925.so>>rapport2.txt
)
if exist P54111925.so (
attrib -r -s -h P54111925.so
del /a /f P54111925.so
if NOT exist P54111925.so echo %syspath%\LogFiles\P54111925.so supprimé>>rapport2.txt
if exist P54111925.so echo Problème suppression %syspath%\LogFiles\P54111925.so>>rapport2.txt
)
popd
if exist %syspath%\LogFiles\rapport2.txt move %syspath%\LogFiles\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %userprofile%\Application Data
if exist rapport2.txt del rapport2.txt
if exist Install.dat (
attrib -r -s -h Install.dat
del /a /f Install.dat
if NOT exist Install.dat echo %userprofile%\Application Data\Install.dat supprimé>>rapport2.txt
if exist Install.dat echo Problème suppression %userprofile%\Application Data\Install.dat>>rapport2.txt
)
popd
if exist %userprofile%\Application Data\rapport2.txt move %userprofile%\Application Data\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
if exist "%ProgramFiles%\AdwareDelete" (
RD /s /q "%ProgramFiles%\AdwareDelete"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\AdwareDelete\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\AntivirusGold" (
RD /s /q "%ProgramFiles%\AntivirusGold"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\AntivirusGold\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Daily Weather Forecast" (
RD /s /q "%ProgramFiles%\Daily Weather Forecast"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Daily Weather Forecast\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\PSGuard" (
RD /s /q "%ProgramFiles%\PSGuard"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\PSGuard\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Search Maid" (
RD /s /q "%ProgramFiles%\Search Maid"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Search Maid\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Security IGuard" (
RD /s /q "%ProgramFiles%\Security IGuard"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Security IGuard\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\SpySheriff" (
RD /s /q "%ProgramFiles%\SpySheriff"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\SpySheriff\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\SpyKiller" (
RD /s /q "%ProgramFiles%\SpyKiller"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\SpyKiller\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Virtual Maid" (
RD /s /q "%ProgramFiles%\Virtual Maid"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Virtual Maid\ supprimé>>rapport.txt
)
if exist "%HOMEDRIVE%\spywarevanisher-free" (
RD /s /q "%HOMEDRIVE%\spywarevanisher-free"
IF NOT ERRORLEVEL 1 echo %HOMEDRIVE%\spywarevanisher-free\ supprimé>>rapport.txt
)
:QuestionRegistre
echo.
echo Nettoyage du registre
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre>>rapport.txt
set ChoixRegistre=''
set /p ChoixRegistre=Voulez-vous nettoyer le registre ? (o/n)
if '%ChoixRegistre%'=='n' GOTO nonet
if '%ChoixRegistre%'=='o' GOTO net
goto QuestionRegistre
:net
echo.>>rapport.txt
echo REGEDIT4>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{020b1227-417d-4682-9ac3-61f43cb5b6b1}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{125494b2-acad-414c-98b9-452f3ef7703a}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{408f660a-9465-44a3-b557-8709dfd992bc}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{8ee6bf73-b370-4d13-9126-eb0071178f2e}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{9bb7e700-4e48-476d-b75c-6f47606be988}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{d6d64cdf-0363-4261-b723-29a3af365e1d}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\VMHomepage]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\VMHomepage.1]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\VMHomepage]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\VMHomepage.1]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>cleanup.reg
echo "Wallpaper"=->>cleanup.reg
echo "WallpaperStyle"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Control Panel\Colors]>>cleanup.reg
echo "Background"="0 78 152">>cleanup.reg
echo "WallpaperStyle"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]>>cleanup.reg
echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo "Search Bar"="http://search.msn.com/spbasic.htm">>cleanup.reg
echo "Use Custom Search URL"= dword:00000000>>cleanup.reg
echo "Use Search Asst"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]>>cleanup.reg
echo ""="http://home.microsoft.com/access/autosearch.asp?p=%%s">>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]>>cleanup.reg
echo "NoChangingWallPaper"=->>cleanup.reg
echo "NoComponents"=->>cleanup.reg
echo "NoAddingComponents"=->>cleanup.reg
echo "NoDeletingComponents"=->>cleanup.reg
echo "NoEditingComponents"=->>cleanup.reg
echo "NoHTMLWallpaper"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>cleanup.reg
echo "NoViewContextMenu"=->>cleanup.reg
echo "NoSaveSettings"=->>cleanup.reg
echo "NoActiveDesktopChanges"=->>cleanup.reg
echo "ForceActiveDesktopOn"=->>cleanup.reg
echo "NoActiveDesktop"=->>cleanup.reg
echo "NoThemesTab"=->>cleanup.reg
echo "ClassicShell"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]>>cleanup.reg
echo "NoDispAppearancePage"=->>cleanup.reg
echo "Wallpaper"=->>cleanup.reg
echo "WallpaperStyle"=->>cleanup.reg
echo "NoDispBackgroundPage"=->>cleanup.reg
echo "NoDispCpl"=->>cleanup.reg
echo "NoDispScrSavPage"=->>cleanup.reg
echo "NoDispSettingsPage"=->>cleanup.reg
echo "NoVisualStyleChoice"=->>cleanup.reg
echo "NoColorChoice"=->>cleanup.reg
echo "NoSizeChoice"=->>cleanup.reg
echo "DisableTaskMgr"=->>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{081669BA-EFC4-48C2-A8F4-874052D02553}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1D27320E-2DA2-41E2-A103-B5FD9D6A798B}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B599C57E-113A-4488-A5E9-BC552C4F1152}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D56A1203-1452-EBA1-7294-EE3377770000}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Classes\CLSID\{3F245C2A-1558-3CCA-04A8-7AA23B60E40F}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]>>cleanup.reg
echo.>>cleanup.reg
REM echo [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}]>>cleanup.reg
REM echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]>>cleanup.reg
echo "{3F245C2A-1558-3CCA-04A8-7AA23B60E40F}"=->>cleanup.reg
echo "{D56A1203-1452-EBA1-7294-EE3377770000}"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]>>cleanup.reg
echo "msmsgs.exe"=->>cleanup.reg
echo "popuper.exe"=->>cleanup.reg
echo "shnlog.exe"=->>cleanup.reg
echo "notepad.exe"=->>cleanup.reg
echo "notepad2.exe"=->>cleanup.reg
echo "winlogon.exe"=->>cleanup.reg
echo "paint.exe"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]>>cleanup.reg
echo "Intel system tool"=->>cleanup.reg
echo "SNInstall"=->>cleanup.reg
echo "SpySheriff"=->>cleanup.reg
echo "SpyKiller"=->>cleanup.reg
echo "WindowsFY"=->>cleanup.reg
echo "WindowsFZ"=->>cleanup.reg
echo "Windows installer"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>cleanup.reg
echo "Svr32 spool service"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>cleanup.reg
echo "intel32.exe"=->>cleanup.reg
echo "intell32.exe"=->>cleanup.reg
echo "Intel system tool"=->>cleanup.reg
echo "Daily Weather Forecast"=->>cleanup.reg
echo "Fast Start"=->>cleanup.reg
echo "MSN Messenger"=->>cleanup.reg
echo "PSGuard"=->>cleanup.reg
echo "PSGuard spyware remover"=->>cleanup.reg
echo "RegSvr32"=->>cleanup.reg
echo "System"=->>cleanup.reg
echo "WindowsFZ"=->>cleanup.reg
echo "WindowsUpdate"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>cleanup.reg
echo "Svr32 spool service"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]>>cleanup.reg
echo "SystemTools"=->>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\SOFTWARE\SpySheriff]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDelete]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]>>cleanup.reg
echo "WallpaperFileTime"=->>cleanup.reg
echo "WallpaperLocalFileTime"=->>cleanup.reg
echo.>>cleanup.reg>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>cleanup.reg
echo "NoViewContextMenu"=->>cleanup.reg
echo.>>cleanup.reg>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]>>cleanup.reg
echo "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]>>cleanup.reg
echo "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm">>cleanup.reg
echo "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm">>cleanup.reg
echo "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app paths\antivirusgold.exe]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\BlueScreen W@rning]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\antivirusgold]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\Daily Weather Forecast]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet update]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Connection Update and HomeP KB234087]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSGuard]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyKiller]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\r]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]>>cleanup.reg
echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo "Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm">>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]>>cleanup.reg
echo "AllowProtectedRenames"=->>cleanup.reg
echo "PendingFileRenameOperations"=->>cleanup.reg
if exist shell.txt del shell.txt
if exist shell2.txt del shell2.txt
regedit /E shell.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
type shell.txt | find /i "Shell">shell2.txt
type shell2.txt | find /i "Explorer.exe">shell.txt
type shell.txt | find /i "Explorer.exe, msmsgs.exe">shell2.txt
if exist shell.txt del shell.txt
for /f "tokens=* delims=" %%a in (shell2.txt) do echo %%a>shell.txt
if exist shell.txt (
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>cleanup.reg
echo "Shell"="Explorer.exe">>cleanup.reg
del shell.txt
)
if exist shell2.txt del shell2.txt
if exist shell.txt del shell.txt
if exist shell2.txt del shell2.txt
regedit /E shell.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
type shell.txt | find /i "Shell">shell2.txt
type shell2.txt | find /i "Explorer.exe">shell.txt
type shell.txt | find /i "kernels32.exe">shell2.txt
if exist shell.txt del shell.txt
for /f "tokens=* delims=" %%a in (shell2.txt) do echo %%a>shell.txt
if exist shell.txt (
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>cleanup.reg
echo "Shell"="Explorer.exe">>cleanup.reg
del shell.txt
)
if exist shell2.txt del shell2.txt
if exist cleanup.reg (
regedit /s cleanup.reg
del cleanup.reg
echo.
echo Nettoyage termin‚.
echo Nettoyage terminé.>>rapport.txt
) ELSE (
echo *** Erreur : cleanup.reg non trouv‚ ***
echo *** Erreur : cleanup.reg non trouvé ***>>rapport.txt
)
goto scanwininet
:nonet
echo.
echo Nettoyage du registre non souhait‚.
echo.>>rapport.txt
echo Nettoyage du registre non souhaité.>>rapport.txt
goto scanwininet
:scanwininet
findstr /m /I "OLEADM" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
findstr /m /I "OLEEXT" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
del result.txt
if exist infected.txt goto search
if NOT exist infected.txt goto fin
:search
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Recheche wininet.dll>>rapport.txt
echo.
echo.>>rapport.txt
echo %syspath%\wininet.dll infect‚ !
echo %syspath%\wininet.dll infecté !>>rapport.txt
del infected.txt
echo.
echo.>>rapport.txt
echo Recherche d'une copie de secours (backup) de wininet.dll...
echo Recherche d'une copie de secours (backup) de wininet.dll...>>rapport.txt
if exist result.txt del result.txt
if exist result2.txt del result2.txt
dir %systemroot%\wininet.dll /a h /s>result.txt
type result.txt>>rapport.txt
type result.txt | find /i "%windir%">result2.txt
type result2.txt | find /i /V "system">result.txt
type result2.txt | find /i "dllcache">>result.txt
type result.txt | find /i /V "Uninstall">result2.txt
type result2.txt | find /i /V "Software">result.txt
if exist result2.txt del result2.txt
for /f "tokens=3" %%a in (result.txt) do echo %%a>>result2.txt
if exist result.txt del result.txt
if not exist result2.txt goto notfound
echo Set objFSO = CreateObject("Scripting.FileSystemObject")>CheckVersion.vbs
echo Wscript.Echo objFSO.GetFileVersion(wscript.arguments(0))>>CheckVersion.vbs
for /F "delims=" %%G in ('cscript //I //nologo CheckVersion.vbs %syspath%\wininet.dll') do set InfectVerNo=%%G
goto do_count
:do_count
set count=0
for /f "tokens=*" %%a in (result2.txt) do (call :do_add %%a)
goto get_vers
:do_add
set /a count+=1
set wininetpath=%1
goto :eof
:get_vers
set /a count2=0
for /F "delims=" %%G in ('cscript //I //nologo CheckVersion.vbs %wininetpath%\wininet.dll') do set VerNo=%%G
if %InfectVerNo%==%VerNo% goto QuestionWininet
if exist result.txt del result.txt
for /f "tokens=*" %%a in (result2.txt) do (call :do_add2 %%a)
goto compare
:do_add2
set /a count2+=1
if NOT %count2%==%count% echo %1>>result.txt
goto :eof
:compare
type result.txt>result2.txt
if not exist result.txt goto notfound
del result.txt
goto do_count
:QuestionWininet
echo.>>rapport.txt
echo Fichier de remplacement trouv‚:
echo Fichier trouv‚ : %wininetpath%\wininet.dll
echo Version System : %InfectVerNo%
echo Version BackUp : %VerNo%
echo Fichier trouvé : %wininetpath%\wininet.dll>>rapport.txt
echo Version System : %InfectVerNo%>>rapport.txt
echo Version BackUp : %VerNo%>>rapport.txt
echo.
echo.>>rapport.txt
set ChoixWininet=''
set /p ChoixWininet=Corriger le fichier infect‚ ? (o/n)
if '%ChoixWininet%'=='n' GOTO noreplace
if '%ChoixWininet%'=='o' GOTO replace
goto QuestionWininet
:noreplace
echo.
echo Correction du fichier non souhait‚e.
echo Correction du fichier non souhaitée.>>rapport.txt
goto fin
:replace
echo.
echo Remplacement wininet.dll (reboot necessaire)
echo Remplacement wininet.dll (reboot necessaire)>>rapport.txt
attrib -r -h -s %syspath%\wininet.dll
ren %syspath%\wininet.dll wininet.old
attrib -r -h -s %wininetpath%\wininet.dll
copy %wininetpath%\wininet.dll %syspath%
attrib +s %syspath%\wininet.dll
attrib +s %wininetpath%\wininet.dll
goto reboot
:notfound
echo Fichier de remplacement wininet.dll non trouv‚.
echo Fichier de remplacement wininet.dll non trouvé.>>rapport.txt
goto fin
:reboot
if exist smitfraudfix1.reg del smitfraudfix1.reg
echo REGEDIT4>>smitfraudfix1.reg
echo.>>smitfraudfix1.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>smitfraudfix1.reg
echo "smitfraudfix"="%systemdrive%\\fixclean.cmd">>smitfraudfix1.reg
regedit.exe /s smitfraudfix1.reg
if exist smitfraudfix1.reg del smitfraudfix1.reg
if exist %systemdrive%\fixclean.cmd del %systemdrive%\fixclean.cmd
if exist %systemdrive%\smitfraudfix2.reg del %systemdrive%\smitfraudfix2.reg
echo @echo off>>%systemdrive%\fixclean.cmd
echo.>>%systemdrive%\fixclean.cmd
echo attrib -r -h -s %systemroot%\system32\wininet.old>>%systemdrive%\fixclean.cmd
echo del /q %systemroot%\system32\wininet.old>>%systemdrive%\fixclean.cmd
echo if exist "%systemroot%\system32\oleadm.dll" (>>%systemdrive%\fixclean.cmd
echo attrib -r -h -s %systemroot%\system32\oleadm.dll>>%systemdrive%\fixclean.cmd
echo del /q %systemroot%\system32\oleadm.dll>>%systemdrive%\fixclean.cmd
echo )>>%systemdrive%\fixclean.cmd
echo if exist "%systemroot%\system32\oleext.dll" (>>%systemdrive%\fixclean.cmd
echo attrib -r -h -s %systemroot%\system32\oleext.dll>>%systemdrive%\fixclean.cmd
echo del /q %systemroot%\system32\oleext.dll>>%systemdrive%\fixclean.cmd
echo )>>%systemdrive%\fixclean.cmd
echo.>>%systemdrive%\fixclean.cmd
echo regedit.exe /s %systemdrive%\smitfraudfix2.reg>>%systemdrive%\fixclean.cmd
echo.>>%systemdrive%\fixclean.cmd
echo if exist %systemdrive%\smitfraudfix2.reg del %systemdrive%\smitfraudfix2.reg>>%systemdrive%\fixclean.cmd
echo if exist %systemdrive%\fixclean.cmd del %systemdrive%\fixclean.cmd>>%systemdrive%\fixclean.cmd
echo REGEDIT4>>%systemdrive%\smitfraudfix2.reg
echo.>>%systemdrive%\smitfraudfix2.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>%systemdrive%\smitfraudfix2.reg
echo "smitfraudfix"=->>%systemdrive%\smitfraudfix2.reg
goto fin
:zonefix
cls
set Choix_Zone=''
echo %fixname% %fixvers%
echo.
set /p Choix_Zone=R‚initialiser la liste des sites de confiance et sensibles ? (o/n)
if '%Choix_Zone%'=='n' GOTO menu
if '%Choix_Zone%'=='o' GOTO zonefix2
goto zonefix
:zonefix2
echo Copie de sauvegarde...
if not exist backups mkdir backups
regedit /e backups\HKCU_Domains.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
regedit /e backups\HKCU_Ranges.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
regedit /e backups\HKLM_Domains.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
regedit /e backups\HKLM_Ranges.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
echo REGEDIT4>zone.reg
echo.>>zone.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo.
if exist zone.reg (
regedit /s zone.reg
del zone.reg
echo Sites de confiance et sensibles effac‚s.
) ELSE (
echo *** Erreur : zone.reg non trouv‚ ***
)
echo.
pause
goto menu
:fin
echo.
echo fin
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport>>rapport.txt
echo.>>rapport.txt
if exist CheckVersion.vbs del CheckVersion.vbs
if exist result2.t
REM Smitfraud Fix (balltrap, moe, S!Ri, Vazkor)
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip
set fixname=SmitFraudFix
set fixvers=v1.5
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support‚e.
echo Windows 2000 / XP requis !
echo.
pause
goto end
:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support‚e.
echo Windows 2000 / XP requis !
echo.
pause
goto exit
:NT
set syspath=%windir%\system32
goto test
:test
if not exist process.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier process.exe absent !
echo.
pause
goto exit
)
if not exist %syspath%\process.exe copy process.exe %syspath%
goto menu
:menu
color 17
cls
echo.
echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
echo º %fixname% %fixvers% º
echo ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹
echo º 1. Rapport - Recherche º
echo º 2. Fix º
echo º 3. Effacer les sites de confiance et sensibles º
echo º Q. Quitter º
echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
echo.
set ChoixMenu=''
set /p ChoixMenu=Entrez votre choix (1,2,3,Q) :
if '%ChoixMenu%'=='q' GOTO exit
if '%ChoixMenu%'=='Q' GOTO exit
if '%ChoixMenu%'=='1' GOTO search
if '%ChoixMenu%'=='2' GOTO fix
if '%ChoixMenu%'=='3' GOTO zonefix
goto menu
:search
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>rapport.txt
echo.
echo.>>rapport.txt
echo Rapport fait à %time% le %date%>>rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo Executé à partir de %CurDir%>>rapport.txt
IF ERRORLEVEL 1 (
echo Executé à partir de >>rapport.txt
cd >>rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version%>>rapport.txt
echo.>>rapport.txt
echo Recherche %HOMEDRIVE%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %HOMEDRIVE%\>>rapport.txt
echo.>>rapport.txt
pushd %HOMEDRIVE%\
if exist rapport2.txt del rapport2.txt
if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe PRESENT !>>rapport2.txt)
if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe PRESENT !>>rapport2.txt)
if exist r.exe (echo %HOMEDRIVE%\r.exe PRESENT !>>rapport2.txt)
if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe PRESENT !>>rapport2.txt)
if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp PRESENT !>>rapport2.txt)
if exist wp.exe (echo %HOMEDRIVE%\wp.exe PRESENT !>>rapport2.txt)
popd
if exist %HOMEDRIVE%\rapport2.txt move %HOMEDRIVE%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %windir%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%>>rapport.txt
echo.>>rapport.txt
pushd %windir%
if exist rapport2.txt del rapport2.txt
if exist desktop.html (echo %windir%\desktop.html PRESENT !>>rapport2.txt)
if exist popuper.exe (echo %windir%\popuper.exe PRESENT !>>rapport2.txt)
if exist screen.html (echo %windir%\screen.html PRESENT !>>rapport2.txt)
if exist sites.ini (echo %windir%\sites.ini PRESENT !>>rapport2.txt)
if exist uninstIU.exe (echo %windir%\uninstIU.exe PRESENT !>>rapport2.txt)
if exist windows.html (echo %windir%\windows.html PRESENT !>>rapport2.txt)
if exist zloader3.exe (echo %windir%\zloader3.exe PRESENT !>>rapport2.txt)
popd
if exist %windir%\rapport2.txt move %windir%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %windir%\system...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%\system>>rapport.txt
echo.>>rapport.txt
pushd %windir%\system
if exist rapport2.txt del rapport2.txt
if exist svchost.exe (echo %windir%\system\svchost.exe PRESENT!>>rapport2.txt)
popd
if exist %windir%\system\rapport2.txt move %windir%\system\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %windir%\Web...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%\Web>>rapport.txt
echo.>>rapport.txt
pushd %windir%\Web
if exist rapport2.txt del rapport2.txt
if exist desktop.html (echo %windir%\Web\desktop.html PRESENT!>>rapport2.txt)
if exist wallpaper.html (echo %windir%\Web\wallpaper.html PRESENT!>>rapport2.txt)
popd
if exist %windir%\Web\rapport2.txt move %windir%\Web\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %syspath%...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %syspath%>>rapport.txt
echo.>>rapport.txt
pushd %syspath%
if exist rapport2.txt del rapport2.txt
if exist gunist.exe (echo %syspath%\gunist.exe PRESENT !>>rapport2.txt)
if exist helper.exe (echo %syspath%\helper.exe PRESENT !>>rapport2.txt)
if exist hhk.dll (echo %syspath%\hhk.dll PRESENT !>>rapport2.txt)
if exist hookdump.exe (echo %syspath%\hookdump.exe PRESENT !>>rapport2.txt)
if exist hp????.tmp (echo %syspath%\hp????.tmp PRESENT !>>rapport2.txt)
if exist intel32.exe (echo %syspath%\intel32.exe PRESENT !>>rapport2.txt)
if exist intell32.exe (echo %syspath%\intell32.exe PRESENT !>>rapport2.txt)
if exist intmon.exe (echo %syspath%\intmon.exe PRESENT !>>rapport2.txt)
if exist intmonp.exe (echo %syspath%\intmonp.exe PRESENT !>>rapport2.txt)
if exist kernels32.exe (echo %syspath%\kernels32.exe PRESENT !>>rapport2.txt)
if exist msmsgs.exe (echo %syspath%\msmsgs.exe PRESENT !>>rapport2.txt)
if exist msole32.exe (echo %syspath%\msole32.exe PRESENT !>>rapport2.txt)
if exist ole32vbs.exe (echo %syspath%\ole32vbs.exe PRESENT !>>rapport2.txt)
if exist oleadm.dll (echo %syspath%\oleadm.dll PRESENT !>>rapport2.txt)
if exist oleadm32.dll (echo %syspath%\oleadm32.dll PRESENT !>>rapport2.txt)
if exist oleext.dll (echo %syspath%\oleext.dll PRESENT !>>rapport2.txt)
if exist oleext32.dll (echo %syspath%\oleext32.dll PRESENT !>>rapport2.txt)
if exist param32.dll (echo %syspath%\param32.dll PRESENT !>>rapport2.txt)
if exist perfcii.ini (echo %syspath%\perfcii.ini PRESENT !>>rapport2.txt)
if exist pop_up.dll (echo %syspath%\pop_up.dll PRESENT !>>rapport2.txt)
if exist runsrv32.dll (echo %syspath%\runsrv32.dll PRESENT !>>rapport2.txt)
if exist runsrv32.exe (echo %syspath%\runsrv32.exe PRESENT !>>rapport2.txt)
if exist searchdll.dll (echo %syspath%\searchdll.dll PRESENT !>>rapport2.txt)
if exist shnlog.exe (echo %syspath%\shnlog.exe PRESENT !>>rapport2.txt)
if exist srpcsrv32.dll (echo %syspath%\srpcsrv32.dll PRESENT !>>rapport2.txt)
if exist srpcsrv32.exe (echo %syspath%\srpcsrv32.exe PRESENT !>>rapport2.txt)
if exist svchosts.dll (echo %syspath%\svchosts.dll PRESENT !>>rapport2.txt)
if exist svcnt.exe (echo %syspath%\svcnt.exe PRESENT !>>rapport2.txt)
if exist txfdb32.dll (echo %syspath%\txfdb32.dll PRESENT !>>rapport2.txt)
if exist vxgame?.exe (echo %syspath%\vxgame?.exe PRESENT !>>rapport2.txt)
if exist vxgamet?.exe (echo %syspath%\vxgamet?.exe PRESENT !>>rapport2.txt)
if exist vxh8jkdq?.exe (echo %syspath%\vxh8jkdq?.exe PRESENT !>>rapport2.txt)
if exist w8673492.exe (echo %syspath%\w8673492.exe PRESENT !>>rapport2.txt)
if exist winnook.exe (echo %syspath%\winnook.exe PRESENT !>>rapport2.txt)
if exist wldr.dll (echo %syspath%\wldr.dll PRESENT !>>rapport2.txt)
if exist wp.bmp (echo %syspath%\wp.bmp PRESENT !>>rapport2.txt)
if exist wppp.html (echo %syspath%\wppp.html PRESENT !>>rapport2.txt)
popd
if exist %syspath%\rapport2.txt move %syspath%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %syspath%\LogFiles...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %syspath%\LogFiles>>rapport.txt
echo.>>rapport.txt
pushd %syspath%\LogFiles
if exist rapport2.txt del rapport2.txt
if exist A5281300.so (echo %syspath%\A5281300.so PRESENT !>>rapport2.txt)
if exist T54111925.so (echo %syspath%\T54111925.so PRESENT !>>rapport2.txt)
if exist H53131712.so (echo %syspath%\H53131712.so PRESENT !>>rapport2.txt)
if exist A54102200.so (echo %syspath%\A54102200.so PRESENT !>>rapport2.txt)
if exist S53252000.so (echo %syspath%\S53252000.so PRESENT !>>rapport2.txt)
if exist A04111925.so (echo %syspath%\A04111925.so PRESENT !>>rapport2.txt)
if exist M54111925.so (echo %syspath%\M54111925.so PRESENT !>>rapport2.txt)
if exist P54111925.so (echo %syspath%\P54111925.so PRESENT !>>rapport2.txt)
popd
if exist %syspath%\LogFiles\rapport2.txt move %syspath%\LogFiles\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %userprofile%\Application Data...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %userprofile%\Application Data>>rapport.txt
echo.>>rapport.txt
pushd %userprofile%\Application Data
if exist rapport2.txt del rapport2.txt
if exist Install.dat (echo %userprofile%\Application Data\Install.dat PRESENT !>>rapport2.txt)
popd
if exist %userprofile%\Application Data\rapport2.txt move %userprofile%\Application Data\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
echo Recherche %ProgramFiles%...
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %ProgramFiles%>>rapport.txt
echo.>>rapport.txt
if exist "%ProgramFiles%\AdwareDelete" echo %ProgramFiles%\AdwareDelete\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\AntivirusGold" echo %ProgramFiles%\AntivirusGold\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\Daily Weather Forecast" echo %ProgramFiles%\Daily Weather Forecast\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\PSGuard" echo %ProgramFiles%\PSGuard\ PRESENT!>>rapport.txt
if exist "%ProgramFiles%\Search Maid" echo %ProgramFiles%\Search Maid\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\Security IGuard" echo %ProgramFiles%\Security IGuard\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\SpySheriff" echo %ProgramFiles%\SpySheriff\PRESENT!>>rapport.txt
if exist "%ProgramFiles%\SpyKiller" echo %ProgramFiles%\SpyKiller\ PRESENT !>>rapport.txt
if exist "%ProgramFiles%\Virtual Maid" echo %ProgramFiles%\Virtual Maid\ PRESENT !>>rapport.txt
if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ PRESENT !>>rapport.txt
if exist %syspath%\intell32.exe goto DateFile
goto wininetscan
:DateFile
dir %syspath%\intell32.exe /4 /A /N /-C>result.txt
type result.txt | find /i "intell32.exe">result2.txt
for /f "tokens=1" %%a in (result2.txt) do set filedate=%%a
echo Recherche des fichiers cr‚‚s le %filedate%...
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche fichiers créés le %filedate%>>rapport.txt
echo !!! Attention, les fichiers qui suivent ne sont pas forcément infectés !!!>>rapport.txt
echo.>>rapport.txt
dir %HOMEDRIVE%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
for /f "tokens=4" %%a in (result.txt) do echo %HOMEDRIVE%\%%a>>rapport.txt
dir %windir%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
for /f "tokens=4" %%a in (result.txt) do echo %windir%\%%a>>rapport.txt
dir %syspath%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
for /f "tokens=4" %%a in (result.txt) do echo %syspath%\%%a>>rapport.txt
if exist result.txt del result.txt
if exist result2.txt del result2.txt
goto wininetscan
:wininetscan
findstr /m /I "OLEADM" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
findstr /m /I "OLEEXT" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
del result.txt
if exist infected.txt (
del infected.txt
echo.
echo.>>rapport.txt
echo %syspath%\wininet.dll infect‚ !
echo %syspath%\wininet.dll infecté !>>rapport.txt
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche wininet.dll de remplacement>>rapport.txt
echo.>>rapport.txt
dir %systemroot%\wininet.dll /a h /s>>rapport.txt
)
goto fin
:fix
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>rapport.txt
echo.
echo.>>rapport.txt
echo Rapport fait à %time% le %date%>>rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo Executé à partir de %CurDir%>>rapport.txt
IF ERRORLEVEL 1 (
echo Executé à partir de >>rapport.txt
cd >>rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version%>>rapport.txt
echo.>>rapport.txt
echo Arret des processus...
echo »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus>>rapport.txt
echo.>>rapport.txt
process -k AntivirusGold.exe>nul
process -k bsw.exe>nul
process -k gunist.exe>nul
process -k helper.exe>nul
process -k hookdump.exe>nul
process -k intel32.exe>nul
process -k intell32.exe>nul
process -k intmon.exe>nul
process -k intmonp.exe>nul
process -k kernels32.exe>nul
process -k msmsgs.exe>nul
process -k msole32.exe>nul
process -k ntdetecd.exe>nul
process -k ole32vbs.exe>nul
process -k ongi.exe>nul
process -k popuper.exe>nul
process -k r.exe>nul
process -k runsrv32.exe>nul
process -k shnlog.exe>nul
process -k svcnt.exe>nul
process -k spoolsrv32.exe>nul
process -k uninst.exe>nul
process -k uninstIU.exe>nul
process -k w8673492.exe>nul
process -k weather.exe>nul
process -k winnook.exe>nul
process -k winstall.exe>nul
process -k wp.exe>nul
process -k zloader3.exe>nul
echo.>>rapport.txt
echo Suppression des fichiers infect‚s...
echo »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés>>rapport.txt
echo.>>rapport.txt
pushd %HOMEDRIVE%\
if exist rapport2.txt del rapport2.txt
if exist bsw.exe (
attrib -r -s -h bsw.exe
del /a /f bsw.exe
if NOT exist bsw.exe echo %HOMEDRIVE%\bsw.exe supprimé>>rapport2.txt
if exist bsw.exe echo Problème suppression %HOMEDRIVE%\bsw.exe>>rapport2.txt
)
if exist ntdetecd.exe (
attrib -r -s -h ntdetecd.exe
del /a /f ntdetecd.exe
if NOT exist ntdetecd.exe echo %HOMEDRIVE%\ntdetecd.exe supprimé>>rapport2.txt
if exist ntdetecd.exe echo Problème suppression %HOMEDRIVE%\ntdetecd.exe>>rapport2.txt
)
if exist r.exe (
attrib -r -s -h r.exe
del /a /f r.exe
if NOT exist r.exe echo %HOMEDRIVE%\r.exe supprimé>>rapport2.txt
if exist r.exe echo Problème suppression %HOMEDRIVE%\r.exe>>rapport2.txt
)
if exist winstall.exe (
attrib -r -s -h winstall.exe
del /a /f winstall.exe
if NOT exist winstall.exe echo %HOMEDRIVE%\winstall.exe supprimé>>rapport2.txt
if exist winstall.exe echo Problème suppression %HOMEDRIVE%\winstall.exe>>rapport2.txt
)
if exist wp.bmp (
attrib -r -s -h wp.bmp
del /a /f wp.bmp
if NOT exist wp.bmp echo %HOMEDRIVE%\wp.bmp supprimé>>rapport2.txt
if exist wp.bmp echo Problème suppression %HOMEDRIVE%\wp.bmp>>rapport2.txt
)
if exist wp.exe (
attrib -r -s -h wp.exe
del /a /f wp.exe
if NOT exist wp.exe echo %HOMEDRIVE%\wp.exe supprimé>>rapport2.txt
if exist wp.exe echo Problème suppression %HOMEDRIVE%\wp.exe>>rapport2.txt
)
popd
if exist %HOMEDRIVE%\rapport2.txt move %HOMEDRIVE%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %windir%
if exist rapport2.txt del rapport2.txt
if exist desktop.html (
attrib -r -s -h desktop.html
del /a /f desktop.html
if NOT exist desktop.html echo %windir%\desktop.html supprimé>>rapport2.txt
if exist desktop.html echo Problème suppression %windir%\desktop.html>>rapport2.txt
)
if exist popuper.exe (
attrib -r -s -h popuper.exe
del /a /f popuper.exe
if NOT exist popuper.exe echo %windir%\popuper.exe supprimé>>rapport2.txt
if exist popuper.exe echo Problème suppression %windir%\popuper.exe>>rapport2.txt
)
if exist screen.html (
attrib -r -s -h screen.html
del /a /f screen.html
if NOT exist screen.html echo %windir%\screen.html supprimé>>rapport2.txt
if exist screen.html echo Problème suppression %windir%\screen.html>>rapport2.txt
)
if exist sites.ini (
attrib -r -s -h sites.ini
del /a /f sites.ini
if NOT exist sites.ini echo %windir%\sites.ini supprimé>>rapport2.txt
if exist sites.ini echo Problème suppression %windir%\sites.ini>>rapport2.txt
)
if exist uninstIU.exe (
attrib -r -s -h uninstIU.exe
del /a /f uninstIU.exe
if NOT exist uninstIU.exe echo %windir%\uninstIU.exe supprimé>>rapport2.txt
if exist uninstIU.exe echo Problème suppression %windir%\uninstIU.exe>>rapport2.txt
)
if exist windows.html (
attrib -r -s -h windows.html
del /a /f windows.html
if NOT exist windows.html echo %windir%\windows.html supprimé>>rapport2.txt
if exist uninstIU.exe echo Problème suppression %windir%\windows.html>>rapport2.txt
)
if exist zloader3.exe (
attrib -r -s -h zloader3.exe
del /a /f zloader3.exe
if NOT exist zloader3.exe echo %windir%\zloader3.exe supprimé>>rapport2.txt
if exist zloader3.exe echo Problème suppression %windir%\zloader3.exe>>rapport2.txt
)
popd
if exist %windir%\rapport2.txt move %windir%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %windir%\system
if exist svchost.exe (
attrib -r -s -h svchost.exe
del /a /f svchost.exe
if NOT exist svchost.exe echo %windir%\systemb\svchost.exe supprimé>>rapport2.txt
if exist svchost.exe echo Problème suppression %windir%\system\svchost.exe>>rapport2.txt
)
popd
if exist %windir%\system\rapport2.txt move %windir%\system\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %windir%\Web
if exist desktop.html (
attrib -r -s -h desktop.html
del /a /f desktop.html
if NOT exist desktop.html echo %windir%\Web\desktop.html supprimé>>rapport2.txt
if exist desktop.html echo Problème suppression %windir%\Web\desktop.html>>rapport2.txt
)
if exist wallpaper.html (
attrib -r -s -h wallpaper.html
del /a /f wallpaper.html
if NOT exist wallpaper.html echo %windir%\Web\wallpaper.html supprimé>>rapport2.txt
if exist wallpaper.html echo Problème suppression %windir%\Web\wallpaper.html>>rapport2.txt
)
popd
if exist %windir%\Web\rapport2.txt move %windir%\Web\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %syspath%
if exist rapport2.txt del rapport2.txt
if exist gunist.exe (
attrib -r -s -h gunist.exe
del /a /f gunist.exe
if NOT exist gunist.exe echo %syspath%\gunist.exe supprimé>>rapport2.txt
if exist gunist.exe echo Problème suppression %syspath%\gunist.exe>>rapport2.txt
)
if exist helper.exe (
attrib -r -s -h helper.exe
del /a /f helper.exe
if NOT exist helper.exe echo %syspath%\helper.exe supprimé>>rapport2.txt
if exist helper.exe echo Problème suppression %syspath%\helper.exe>>rapport2.txt
)
if exist hhk.dll (
attrib -r -s -h hhk.dll
del /a /f hhk.dll
if NOT exist hhk.dll echo %syspath%\hhk.dll supprimé>>rapport2.txt
if exist hhk.dll echo Problème suppression %syspath%\hhk.dll>>rapport2.txt
)
if exist hookdump.exe (
attrib -r -s -h hookdump.exe
del /a /f hookdump.exe
if NOT exist hookdump.exe echo %syspath%\hookdump.exe supprimé>>rapport2.txt
if exist hookdump.exe echo Problème suppression %syspath%\hookdump.exe>>rapport2.txt
)
if exist hp????.tmp (
attrib -r -s -h hp????.tmp
del /a /f hp????.tmp
if NOT exist hp*.tmp echo %syspath%\hp????.tmp supprimé>>rapport2.txt
if exist hp????.tmp echo Problème suppression %syspath%\hp????.tmp>>rapport2.txt
)
if exist intel32.exe (
attrib -r -s -h intel32.exe
del /a /f intel32.exe
if NOT exist intel32.exe echo %syspath%\intel32.exe supprimé>>rapport2.txt
if exist intel32.exe echo Problème suppression %syspath%\intel32.exe>>rapport2.txt
)
if exist intell32.exe (
attrib -r -s -h intell32.exe
del /a /f intell32.exe
if NOT exist intell32.exe echo %syspath%\intell32.exe supprimé>>rapport2.txt
if exist intell32.exe echo Problème suppression %syspath%\intell32.exe>>rapport2.txt
)
if exist intmon.exe (
attrib -r -s -h intmon.exe
del /a /f intmon.exe
if NOT exist intmon.exe echo %syspath%\intmon.exe supprimé>>rapport2.txt
if exist intmon.exe echo Problème suppression %syspath%\intmon.exe>>rapport2.txt
)
if exist intmonp.exe (
attrib -r -s -h intmonp.exe
del /a /f intmonp.exe
if NOT exist intmonp.exe echo %syspath%\intmonp.exe supprimé>>rapport2.txt
if exist intmonp.exe echo Problème suppression %syspath%\intmonp.exe >>rapport2.txt
)
if exist kernels32.exe (
attrib -r -s -h kernels32.exe
del /a /f kernels32.exe
if NOT exist kernels32.exe echo %syspath%\kernels32.exe supprimé>>rapport2.txt
if exist kernels32.exe echo Problème suppression %syspath%\kernels32.exe>>rapport2.txt
)
if exist msmsgs.exe (
attrib -r -s -h msmsgs.exe
del /a /f msmsgs.exe
if NOT exist msmsgs.exe echo %syspath%\msmsgs.exe supprimé>>rapport2.txt
if exist msmsgs.exe echo Problème suppression %syspath%\msmsgs.exe>>rapport2.txt
)
if exist msole32.exe (
attrib -r -s -h msole32.exe
del /a /f msole32.exe
if NOT exist msole32.exe echo %syspath%\msole32.exe supprimé>>rapport2.txt
if exist msole32.exe echo Problème suppression %syspath%\msole32.exe>>rapport2.txt
)
if exist ole32vbs.exe (
attrib -r -s -h ole32vbs.exe
del /a /f ole32vbs.exe
if NOT exist ole32vbs.exe echo %syspath%\ole32vbs.exe supprimé>>rapport2.txt
if exist ole32vbs.exe echo Problème suppression %syspath%\ole32vbs.exe>>rapport2.txt
)
if exist oleadm.dll (
attrib -r -s -h oleadm.dll
del /a /f oleadm.dll
if NOT exist oleadm.dll echo %syspath%\oleadm.dll supprimé>>rapport2.txt
if exist oleadm.dll echo Problème suppression %syspath%\oleadm.dll>>rapport2.txt
)
if exist oleadm32.dll (
attrib -r -s -h oleadm32.dll
del /a /f oleadm32.dll
if NOT exist oleadm32.dll echo %syspath%\oleadm32.dll supprimé>>rapport2.txt
if exist oleadm32.dll echo Problème suppression %syspath%\oleadm32.dll>>rapport2.txt
)
if exist oleext.dll (
attrib -r -s -h oleext.dll
del /a /f oleext.dll
if NOT exist oleext.dll echo %syspath%\oleext.dll supprimé>>rapport2.txt
if exist oleext.dll echo Problème suppression %syspath%\oleext.dll>>rapport2.txt
)
if exist oleext2.dll (
attrib -r -s -h oleext32.dll
del /a /f oleext32.dll
if NOT exist oleext32.dll echo %syspath%\oleext32.dll supprimé>>rapport2.txt
if exist oleext32.dll echo Problème suppression %syspath%\oleext32.dll>>rapport2.txt
)
if exist param32.dll (
attrib -r -s -h param32.dll
del /a /f param32.dll
if NOT exist param32.dll echo %syspath%\param32.dll supprimé>>rapport2.txt
if exist param32.dll echo Problème suppression %syspath%\param32.dll>>rapport2.txt
)
if exist perfcii.ini (
attrib -r -s -h perfcii.ini
del /a /f perfcii.ini
if NOT exist perfcii.ini echo %syspath%\perfcii.ini supprimé>>rapport2.txt
if exist perfcii.ini echo Problème suppression %syspath%\perfcii.ini>>rapport2.txt
)
if exist pop_up.dll (
attrib -r -s -h pop_up.dll
del /a /f pop_up.dll
if NOT exist pop_up.dll echo %syspath%\pop_up.dll supprimé>>rapport2.txt
if exist pop_up.dll echo Problème suppression %syspath%\pop_up.dll>>rapport2.txt
)
if exist runsrv32.dll (
attrib -r -s -h runsrv32.dll
del /a /f runsrv32.dll
if NOT exist runsrv32.dll echo %syspath%\runsrv32.dll supprimé>>rapport2.txt
if exist runsrv32.dll echo Problème suppression %syspath%\runsrv32.dll>>rapport2.txt
)
if exist runsrv32.exe (
attrib -r -s -h runsrv32.exe
del /a /f runsrv32.exe
if NOT exist runsrv32.exe echo %syspath%\runsrv32.exe supprimé>>rapport2.txt
if exist runsrv32.exe echo Problème suppression %syspath%\runsrv32.exe>>rapport2.txt
)
if exist searchdll.dll (
attrib -r -s -h searchdll.dll
del /a /f searchdll.dll
if NOT exist searchdll.dll echo %syspath%\searchdll.dll supprimé>>rapport2.txt
if exist searchdll.dll echo Problème suppression %syspath%\searchdll.dll>>rapport2.txt
)
if exist shnlog.exe (
attrib -r -s -h shnlog.exe
del /a /f shnlog.exe
if NOT exist shnlog.exe echo %syspath%\shnlog.exe supprimé>>rapport2.txt
if exist shnlog.exe echo Problème suppression %syspath%\shnlog.exe>>rapport2.txt
)
if exist spoolsrv32.exe (
attrib -r -s -h spoolsrv32.exe
del /a /f spoolsrv32.exe
if NOT exist spoolsrv32.exe echo %syspath%\spoolsrv32.exe supprimé>>rapport2.txt
if exist spoolsrv32.exe echo Problème suppression %syspath%\spoolsrv32.exe>>rapport2.txt
)
if exist srpcsrv32.dll (
attrib -r -s -h srpcsrv32.dll
del /a /f srpcsrv32.dll
if NOT exist srpcsrv32.dll echo %syspath%\srpcsrv32.dll supprimé>>rapport2.txt
if exist srpcsrv32.dll echo Problème suppression %syspath%\srpcsrv32.dll>>rapport2.txt
)
if exist srpcsrv32.exe (
attrib -r -s -h srpcsrv32.exe
del /a /f srpcsrv32.exe
if NOT exist srpcsrv32.exe echo %syspath%\srpcsrv32.exe supprimé>>rapport2.txt
if exist srpcsrv32.exe echo Problème suppression %syspath%\srpcsrv32.exe>>rapport2.txt
)
if exist svchosts.dll (
attrib -r -s -h svchosts.dll
del /a /f svchosts.dll
if NOT exist svchosts.dll echo %syspath%\svchosts.dll supprimé>>rapport2.txt
if exist svchosts.dll echo Problème suppression %syspath%\svchosts.dll>>rapport2.txt
)
if exist svcnt.exe (
attrib -r -s -h svcnt.exe
del /a /f svcnt.exe
if NOT exist svcnt.exe echo %syspath%\svcnt.exe supprimé>>rapport2.txt
if exist svcnt.exe echo Problème suppression %syspath%\svcnt.exe>>rapport2.txt
)
if exist txfdb32.dll (
attrib -r -s -h txfdb32.dll
del /a /f txfdb32.dll
if NOT exist txfdb32.dll echo %syspath%\txfdb32.dll supprimé>>rapport2.txt
if exist txfdb32.dll echo Problème suppression %syspath%\txfdb32.dll>>rapport2.txt
)
if exist vxgame?.exe (
attrib -r -s -h vxgame?.exe
del /a /f /q vxgame?.exe
if NOT exist vxgame?.exe echo %syspath%\vxgame?.exe supprimé>>rapport2.txt
if exist vxgame?.exe echo Problème suppression %syspath%\vxgame?.exe>>rapport2.txt
)
if exist vxgamet?.exe (
attrib -r -s -h vxgamet?.exe
del /a /f /q vxgamet?.exe
if NOT exist vxgamet?.exe echo %syspath%\vxgamet?.exe supprimé>>rapport2.txt
if exist vxgamet?.exe echo Problème suppression %syspath%\vxgamet?.exe>>rapport2.txt
)
if exist vxh8jkdq?.exe (
attrib -r -s -h vxh8jkdq?.exe
del /a /f /q vxh8jkdq?.exe
if NOT exist vxh8jkdq?.exe echo %syspath%\vxh8jkdq?.exe supprimé>>rapport2.txt
if exist vxh8jkdq?.exe echo Problème suppression %syspath%\vxh8jkdq?.exe>>rapport2.txt
)
if exist w8673492.exe (
attrib -r -s -h w8673492.exe
del /a /f w8673492.exe
if NOT exist w8673492.exe echo %syspath%\w8673492.exe supprimé>>rapport2.txt
if exist w8673492.exe echo Problème suppression %syspath%\w8673492.exe>>rapport2.txt
)
if exist winnook.exe (
attrib -r -s -h winnook.exe
del /a /f winnook.exe
if NOT exist winnook.exe echo %syspath%\winnook.exe supprimé>>rapport2.txt
if exist winnook.exe echo Problème suppression %syspath%\winnook.exe>>rapport2.txt
)
if exist wldr.dll (
attrib -r -s -h wldr.dll
del /a /f wldr.dll
if NOT exist wldr.dll echo %syspath%\wldr.dll supprimé>>rapport2.txt
if exist wldr.dll echo Problème suppression %syspath%\wldr.dll>>rapport2.txt
)
if exist wp.bmp (
attrib -r -s -h wp.bmp
del /a /f wp.bmp
if NOT exist wp.bmp echo %syspath%\wp.bmp supprimé>>rapport2.txt
if exist wp.bmp echo Problème suppression %syspath%\wp.bmp>>rapport2.txt
)
if exist wppp.html (
attrib -r -s -h wppp.html
del /a /f wppp.html
if NOT exist wppp.html echo %syspath%\wppp.html supprimé>>rapport2.txt
if exist wppp.html echo Problème suppression %syspath%\wppp.html>>rapport2.txt
)
popd
if exist %syspath%\rapport2.txt move %syspath%\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %syspath%\LogFiles
if exist rapport2.txt del rapport2.txt
if exist A5281300.so (
attrib -r -s -h A5281300.so
del /a /f A5281300.so
if NOT exist A5281300.so echo %syspath%\LogFiles\A5281300.so supprimé>>rapport2.txt
if exist A5281300.so echo Problème suppression %syspath%\LogFiles\A5281300.so>>rapport2.txt
)
if exist T54111925.so (
attrib -r -s -h T54111925.so
del /a /f T54111925.so
if NOT exist T54111925.so echo %syspath%\LogFiles\T54111925.so supprimé>>rapport2.txt
if exist T54111925.so echo Problème suppression %syspath%\LogFiles\T54111925.so>>rapport2.txt
)
if exist H53131712.so (
attrib -r -s -h H53131712.so
del /a /f H53131712.so
if NOT exist H53131712.so echo %syspath%\LogFiles\H53131712.so supprimé>>rapport2.txt
if exist H53131712.so echo Problème suppression %syspath%\LogFiles\H53131712.so>>rapport2.txt
)
if exist A54102200.so (
attrib -r -s -h A54102200.so
del /a /f A54102200.so
if NOT exist A54102200.so echo %syspath%\LogFiles\A54102200.so supprimé>>rapport2.txt
if exist A54102200.so echo Problème suppression %syspath%\LogFiles\A54102200.so>>rapport2.txt
)
if exist S53252000.so (
attrib -r -s -h S53252000.so
del /a /f S53252000.so
if NOT exist S53252000.so echo %syspath%\LogFiles\S53252000.so supprimé>>rapport2.txt
if exist S53252000.so echo Problème suppression %syspath%\LogFiles\S53252000.so>>rapport2.txt
)
if exist A04111925.so (
attrib -r -s -h A04111925.so
del /a /f A04111925.so
if NOT exist A04111925.so echo %syspath%\LogFiles\A04111925.so supprimé>>rapport2.txt
if exist A04111925.so echo Problème suppression %syspath%\LogFiles\A04111925.so>>rapport2.txt
)
if exist M54111925.so (
attrib -r -s -h M54111925.so
del /a /f M54111925.so
if NOT exist M54111925.so echo %syspath%\LogFiles\M54111925.so supprimé>>rapport2.txt
if exist M54111925.so echo Problème suppression %syspath%\LogFiles\M54111925.so>>rapport2.txt
)
if exist P54111925.so (
attrib -r -s -h P54111925.so
del /a /f P54111925.so
if NOT exist P54111925.so echo %syspath%\LogFiles\P54111925.so supprimé>>rapport2.txt
if exist P54111925.so echo Problème suppression %syspath%\LogFiles\P54111925.so>>rapport2.txt
)
popd
if exist %syspath%\LogFiles\rapport2.txt move %syspath%\LogFiles\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
pushd %userprofile%\Application Data
if exist rapport2.txt del rapport2.txt
if exist Install.dat (
attrib -r -s -h Install.dat
del /a /f Install.dat
if NOT exist Install.dat echo %userprofile%\Application Data\Install.dat supprimé>>rapport2.txt
if exist Install.dat echo Problème suppression %userprofile%\Application Data\Install.dat>>rapport2.txt
)
popd
if exist %userprofile%\Application Data\rapport2.txt move %userprofile%\Application Data\rapport2.txt rapport2.txt
if exist rapport2.txt type rapport2.txt>>rapport.txt
if exist rapport2.txt del rapport2.txt
echo.>>rapport.txt
if exist "%ProgramFiles%\AdwareDelete" (
RD /s /q "%ProgramFiles%\AdwareDelete"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\AdwareDelete\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\AntivirusGold" (
RD /s /q "%ProgramFiles%\AntivirusGold"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\AntivirusGold\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Daily Weather Forecast" (
RD /s /q "%ProgramFiles%\Daily Weather Forecast"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Daily Weather Forecast\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\PSGuard" (
RD /s /q "%ProgramFiles%\PSGuard"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\PSGuard\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Search Maid" (
RD /s /q "%ProgramFiles%\Search Maid"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Search Maid\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Security IGuard" (
RD /s /q "%ProgramFiles%\Security IGuard"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Security IGuard\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\SpySheriff" (
RD /s /q "%ProgramFiles%\SpySheriff"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\SpySheriff\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\SpyKiller" (
RD /s /q "%ProgramFiles%\SpyKiller"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\SpyKiller\ supprimé>>rapport.txt
)
if exist "%ProgramFiles%\Virtual Maid" (
RD /s /q "%ProgramFiles%\Virtual Maid"
IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Virtual Maid\ supprimé>>rapport.txt
)
if exist "%HOMEDRIVE%\spywarevanisher-free" (
RD /s /q "%HOMEDRIVE%\spywarevanisher-free"
IF NOT ERRORLEVEL 1 echo %HOMEDRIVE%\spywarevanisher-free\ supprimé>>rapport.txt
)
:QuestionRegistre
echo.
echo Nettoyage du registre
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre>>rapport.txt
set ChoixRegistre=''
set /p ChoixRegistre=Voulez-vous nettoyer le registre ? (o/n)
if '%ChoixRegistre%'=='n' GOTO nonet
if '%ChoixRegistre%'=='o' GOTO net
goto QuestionRegistre
:net
echo.>>rapport.txt
echo REGEDIT4>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{020b1227-417d-4682-9ac3-61f43cb5b6b1}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{125494b2-acad-414c-98b9-452f3ef7703a}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{408f660a-9465-44a3-b557-8709dfd992bc}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{8ee6bf73-b370-4d13-9126-eb0071178f2e}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{9bb7e700-4e48-476d-b75c-6f47606be988}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{d6d64cdf-0363-4261-b723-29a3af365e1d}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\VMHomepage]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\CLSID\VMHomepage.1]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\VMHomepage]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CLASSES_ROOT\VMHomepage.1]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>cleanup.reg
echo "Wallpaper"=->>cleanup.reg
echo "WallpaperStyle"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Control Panel\Colors]>>cleanup.reg
echo "Background"="0 78 152">>cleanup.reg
echo "WallpaperStyle"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]>>cleanup.reg
echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo "Search Bar"="http://search.msn.com/spbasic.htm">>cleanup.reg
echo "Use Custom Search URL"= dword:00000000>>cleanup.reg
echo "Use Search Asst"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]>>cleanup.reg
echo ""="http://home.microsoft.com/access/autosearch.asp?p=%%s">>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]>>cleanup.reg
echo "NoChangingWallPaper"=->>cleanup.reg
echo "NoComponents"=->>cleanup.reg
echo "NoAddingComponents"=->>cleanup.reg
echo "NoDeletingComponents"=->>cleanup.reg
echo "NoEditingComponents"=->>cleanup.reg
echo "NoHTMLWallpaper"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>cleanup.reg
echo "NoViewContextMenu"=->>cleanup.reg
echo "NoSaveSettings"=->>cleanup.reg
echo "NoActiveDesktopChanges"=->>cleanup.reg
echo "ForceActiveDesktopOn"=->>cleanup.reg
echo "NoActiveDesktop"=->>cleanup.reg
echo "NoThemesTab"=->>cleanup.reg
echo "ClassicShell"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]>>cleanup.reg
echo "NoDispAppearancePage"=->>cleanup.reg
echo "Wallpaper"=->>cleanup.reg
echo "WallpaperStyle"=->>cleanup.reg
echo "NoDispBackgroundPage"=->>cleanup.reg
echo "NoDispCpl"=->>cleanup.reg
echo "NoDispScrSavPage"=->>cleanup.reg
echo "NoDispSettingsPage"=->>cleanup.reg
echo "NoVisualStyleChoice"=->>cleanup.reg
echo "NoColorChoice"=->>cleanup.reg
echo "NoSizeChoice"=->>cleanup.reg
echo "DisableTaskMgr"=->>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{081669BA-EFC4-48C2-A8F4-874052D02553}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1D27320E-2DA2-41E2-A103-B5FD9D6A798B}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B599C57E-113A-4488-A5E9-BC552C4F1152}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D56A1203-1452-EBA1-7294-EE3377770000}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Classes\CLSID\{3F245C2A-1558-3CCA-04A8-7AA23B60E40F}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]>>cleanup.reg
echo.>>cleanup.reg
REM echo [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}]>>cleanup.reg
REM echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]>>cleanup.reg
echo "{3F245C2A-1558-3CCA-04A8-7AA23B60E40F}"=->>cleanup.reg
echo "{D56A1203-1452-EBA1-7294-EE3377770000}"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]>>cleanup.reg
echo "msmsgs.exe"=->>cleanup.reg
echo "popuper.exe"=->>cleanup.reg
echo "shnlog.exe"=->>cleanup.reg
echo "notepad.exe"=->>cleanup.reg
echo "notepad2.exe"=->>cleanup.reg
echo "winlogon.exe"=->>cleanup.reg
echo "paint.exe"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]>>cleanup.reg
echo "Intel system tool"=->>cleanup.reg
echo "SNInstall"=->>cleanup.reg
echo "SpySheriff"=->>cleanup.reg
echo "SpyKiller"=->>cleanup.reg
echo "WindowsFY"=->>cleanup.reg
echo "WindowsFZ"=->>cleanup.reg
echo "Windows installer"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>cleanup.reg
echo "Svr32 spool service"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>cleanup.reg
echo "intel32.exe"=->>cleanup.reg
echo "intell32.exe"=->>cleanup.reg
echo "Intel system tool"=->>cleanup.reg
echo "Daily Weather Forecast"=->>cleanup.reg
echo "Fast Start"=->>cleanup.reg
echo "MSN Messenger"=->>cleanup.reg
echo "PSGuard"=->>cleanup.reg
echo "PSGuard spyware remover"=->>cleanup.reg
echo "RegSvr32"=->>cleanup.reg
echo "System"=->>cleanup.reg
echo "WindowsFZ"=->>cleanup.reg
echo "WindowsUpdate"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>cleanup.reg
echo "Svr32 spool service"=->>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]>>cleanup.reg
echo "SystemTools"=->>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_CURRENT_USER\SOFTWARE\SpySheriff]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDelete]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]>>cleanup.reg
echo "WallpaperFileTime"=->>cleanup.reg
echo "WallpaperLocalFileTime"=->>cleanup.reg
echo.>>cleanup.reg>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>cleanup.reg
echo "NoViewContextMenu"=->>cleanup.reg
echo.>>cleanup.reg>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]>>cleanup.reg
echo "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]>>cleanup.reg
echo "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm">>cleanup.reg
echo "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm">>cleanup.reg
echo "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app paths\antivirusgold.exe]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\BlueScreen W@rning]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\antivirusgold]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\Daily Weather Forecast]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet update]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Connection Update and HomeP KB234087]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSGuard]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyKiller]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S]>>cleanup.reg
echo.>>cleanup.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\r]>>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]>>cleanup.reg
echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
echo "Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm">>cleanup.reg
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]>>cleanup.reg
echo "AllowProtectedRenames"=->>cleanup.reg
echo "PendingFileRenameOperations"=->>cleanup.reg
if exist shell.txt del shell.txt
if exist shell2.txt del shell2.txt
regedit /E shell.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
type shell.txt | find /i "Shell">shell2.txt
type shell2.txt | find /i "Explorer.exe">shell.txt
type shell.txt | find /i "Explorer.exe, msmsgs.exe">shell2.txt
if exist shell.txt del shell.txt
for /f "tokens=* delims=" %%a in (shell2.txt) do echo %%a>shell.txt
if exist shell.txt (
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>cleanup.reg
echo "Shell"="Explorer.exe">>cleanup.reg
del shell.txt
)
if exist shell2.txt del shell2.txt
if exist shell.txt del shell.txt
if exist shell2.txt del shell2.txt
regedit /E shell.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
type shell.txt | find /i "Shell">shell2.txt
type shell2.txt | find /i "Explorer.exe">shell.txt
type shell.txt | find /i "kernels32.exe">shell2.txt
if exist shell.txt del shell.txt
for /f "tokens=* delims=" %%a in (shell2.txt) do echo %%a>shell.txt
if exist shell.txt (
echo.>>cleanup.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>cleanup.reg
echo "Shell"="Explorer.exe">>cleanup.reg
del shell.txt
)
if exist shell2.txt del shell2.txt
if exist cleanup.reg (
regedit /s cleanup.reg
del cleanup.reg
echo.
echo Nettoyage termin‚.
echo Nettoyage terminé.>>rapport.txt
) ELSE (
echo *** Erreur : cleanup.reg non trouv‚ ***
echo *** Erreur : cleanup.reg non trouvé ***>>rapport.txt
)
goto scanwininet
:nonet
echo.
echo Nettoyage du registre non souhait‚.
echo.>>rapport.txt
echo Nettoyage du registre non souhaité.>>rapport.txt
goto scanwininet
:scanwininet
findstr /m /I "OLEADM" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
findstr /m /I "OLEEXT" %syspath%\wininet.dll>result.txt
for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
del result.txt
if exist infected.txt goto search
if NOT exist infected.txt goto fin
:search
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Recheche wininet.dll>>rapport.txt
echo.
echo.>>rapport.txt
echo %syspath%\wininet.dll infect‚ !
echo %syspath%\wininet.dll infecté !>>rapport.txt
del infected.txt
echo.
echo.>>rapport.txt
echo Recherche d'une copie de secours (backup) de wininet.dll...
echo Recherche d'une copie de secours (backup) de wininet.dll...>>rapport.txt
if exist result.txt del result.txt
if exist result2.txt del result2.txt
dir %systemroot%\wininet.dll /a h /s>result.txt
type result.txt>>rapport.txt
type result.txt | find /i "%windir%">result2.txt
type result2.txt | find /i /V "system">result.txt
type result2.txt | find /i "dllcache">>result.txt
type result.txt | find /i /V "Uninstall">result2.txt
type result2.txt | find /i /V "Software">result.txt
if exist result2.txt del result2.txt
for /f "tokens=3" %%a in (result.txt) do echo %%a>>result2.txt
if exist result.txt del result.txt
if not exist result2.txt goto notfound
echo Set objFSO = CreateObject("Scripting.FileSystemObject")>CheckVersion.vbs
echo Wscript.Echo objFSO.GetFileVersion(wscript.arguments(0))>>CheckVersion.vbs
for /F "delims=" %%G in ('cscript //I //nologo CheckVersion.vbs %syspath%\wininet.dll') do set InfectVerNo=%%G
goto do_count
:do_count
set count=0
for /f "tokens=*" %%a in (result2.txt) do (call :do_add %%a)
goto get_vers
:do_add
set /a count+=1
set wininetpath=%1
goto :eof
:get_vers
set /a count2=0
for /F "delims=" %%G in ('cscript //I //nologo CheckVersion.vbs %wininetpath%\wininet.dll') do set VerNo=%%G
if %InfectVerNo%==%VerNo% goto QuestionWininet
if exist result.txt del result.txt
for /f "tokens=*" %%a in (result2.txt) do (call :do_add2 %%a)
goto compare
:do_add2
set /a count2+=1
if NOT %count2%==%count% echo %1>>result.txt
goto :eof
:compare
type result.txt>result2.txt
if not exist result.txt goto notfound
del result.txt
goto do_count
:QuestionWininet
echo.>>rapport.txt
echo Fichier de remplacement trouv‚:
echo Fichier trouv‚ : %wininetpath%\wininet.dll
echo Version System : %InfectVerNo%
echo Version BackUp : %VerNo%
echo Fichier trouvé : %wininetpath%\wininet.dll>>rapport.txt
echo Version System : %InfectVerNo%>>rapport.txt
echo Version BackUp : %VerNo%>>rapport.txt
echo.
echo.>>rapport.txt
set ChoixWininet=''
set /p ChoixWininet=Corriger le fichier infect‚ ? (o/n)
if '%ChoixWininet%'=='n' GOTO noreplace
if '%ChoixWininet%'=='o' GOTO replace
goto QuestionWininet
:noreplace
echo.
echo Correction du fichier non souhait‚e.
echo Correction du fichier non souhaitée.>>rapport.txt
goto fin
:replace
echo.
echo Remplacement wininet.dll (reboot necessaire)
echo Remplacement wininet.dll (reboot necessaire)>>rapport.txt
attrib -r -h -s %syspath%\wininet.dll
ren %syspath%\wininet.dll wininet.old
attrib -r -h -s %wininetpath%\wininet.dll
copy %wininetpath%\wininet.dll %syspath%
attrib +s %syspath%\wininet.dll
attrib +s %wininetpath%\wininet.dll
goto reboot
:notfound
echo Fichier de remplacement wininet.dll non trouv‚.
echo Fichier de remplacement wininet.dll non trouvé.>>rapport.txt
goto fin
:reboot
if exist smitfraudfix1.reg del smitfraudfix1.reg
echo REGEDIT4>>smitfraudfix1.reg
echo.>>smitfraudfix1.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>smitfraudfix1.reg
echo "smitfraudfix"="%systemdrive%\\fixclean.cmd">>smitfraudfix1.reg
regedit.exe /s smitfraudfix1.reg
if exist smitfraudfix1.reg del smitfraudfix1.reg
if exist %systemdrive%\fixclean.cmd del %systemdrive%\fixclean.cmd
if exist %systemdrive%\smitfraudfix2.reg del %systemdrive%\smitfraudfix2.reg
echo @echo off>>%systemdrive%\fixclean.cmd
echo.>>%systemdrive%\fixclean.cmd
echo attrib -r -h -s %systemroot%\system32\wininet.old>>%systemdrive%\fixclean.cmd
echo del /q %systemroot%\system32\wininet.old>>%systemdrive%\fixclean.cmd
echo if exist "%systemroot%\system32\oleadm.dll" (>>%systemdrive%\fixclean.cmd
echo attrib -r -h -s %systemroot%\system32\oleadm.dll>>%systemdrive%\fixclean.cmd
echo del /q %systemroot%\system32\oleadm.dll>>%systemdrive%\fixclean.cmd
echo )>>%systemdrive%\fixclean.cmd
echo if exist "%systemroot%\system32\oleext.dll" (>>%systemdrive%\fixclean.cmd
echo attrib -r -h -s %systemroot%\system32\oleext.dll>>%systemdrive%\fixclean.cmd
echo del /q %systemroot%\system32\oleext.dll>>%systemdrive%\fixclean.cmd
echo )>>%systemdrive%\fixclean.cmd
echo.>>%systemdrive%\fixclean.cmd
echo regedit.exe /s %systemdrive%\smitfraudfix2.reg>>%systemdrive%\fixclean.cmd
echo.>>%systemdrive%\fixclean.cmd
echo if exist %systemdrive%\smitfraudfix2.reg del %systemdrive%\smitfraudfix2.reg>>%systemdrive%\fixclean.cmd
echo if exist %systemdrive%\fixclean.cmd del %systemdrive%\fixclean.cmd>>%systemdrive%\fixclean.cmd
echo REGEDIT4>>%systemdrive%\smitfraudfix2.reg
echo.>>%systemdrive%\smitfraudfix2.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>%systemdrive%\smitfraudfix2.reg
echo "smitfraudfix"=->>%systemdrive%\smitfraudfix2.reg
goto fin
:zonefix
cls
set Choix_Zone=''
echo %fixname% %fixvers%
echo.
set /p Choix_Zone=R‚initialiser la liste des sites de confiance et sensibles ? (o/n)
if '%Choix_Zone%'=='n' GOTO menu
if '%Choix_Zone%'=='o' GOTO zonefix2
goto zonefix
:zonefix2
echo Copie de sauvegarde...
if not exist backups mkdir backups
regedit /e backups\HKCU_Domains.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
regedit /e backups\HKCU_Ranges.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
regedit /e backups\HKLM_Domains.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
regedit /e backups\HKLM_Ranges.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
echo REGEDIT4>zone.reg
echo.>>zone.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
echo.>>zone.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
echo.>>zone.reg
echo.
if exist zone.reg (
regedit /s zone.reg
del zone.reg
echo Sites de confiance et sensibles effac‚s.
) ELSE (
echo *** Erreur : zone.reg non trouv‚ ***
)
echo.
pause
goto menu
:fin
echo.
echo fin
echo.>>rapport.txt
echo »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport>>rapport.txt
echo.>>rapport.txt
if exist CheckVersion.vbs del CheckVersion.vbs
if exist result2.t
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut galassi
le fix ne passe pas sous win 98, il faudra faire le nettoyage manuellement.
dis moi si les fichiers oleadm.dll et oleext.dll sont présent dans ton pc ?
a+
le fix ne passe pas sous win 98, il faudra faire le nettoyage manuellement.
dis moi si les fichiers oleadm.dll et oleext.dll sont présent dans ton pc ?
a+
De plus, l emplacement doit etre ici
C:\WINDOWS\system32\ [...]
Auparavant
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
C:\WINDOWS\system32\ [...]
Auparavant
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
Tu sais j'ai 56 balais et je me lance dans cette toile
pour moi tout ce langage c'est du charabia mais je vais faire ce que tu me dis
Merci et bon courage
jp