Ce virus me pourri mon PC

Jean Pierre Galassi -  
 Utilisateur anonyme -
Bonjour
voilà ce qui s'affiche sur mon PC c:\WINDOWS\SYSTEM\WININET.DLL est contaminé par W32.Desktophijack
meme symantec ne me le sort pas
il faut que je vous disent que l'informatique et moi on est pas trop copain mais je tiens le coup je vais y arriver
sur vos réponse si il y en a faite simple pas comme les informaticiens du boulot
merci Jean Pierre

7 réponses

  1. Hitsmyr Messages postés 415 Statut Membre 193
     
    Salut,

    Tu as bien suivi les instructions de cette page?
    http://www.symantec.fr/region/fr/techsupp/avcenter/venc/data/fr-w32.desktophijack.html#technicaldetails

    Tu n'aurais pas oublié une clé du registre à supprimer?
    0
    1. galassi
       
      Bonsoir

      Tu sais j'ai 56 balais et je me lance dans cette toile
      pour moi tout ce langage c'est du charabia mais je vais faire ce que tu me dis

      Merci et bon courage

      jp
      0
  2. Utilisateur anonyme
     
    salut jp

    1/
    telecharge hijackthis:
    http://www.merijn.org/files/hijackthis.zip
    Dezippe le dans un dossier prévu a cet effet.
    Par exemple C:\hijack
    lance le puis:
    clic sur "do a system scan and save logfile" et pas autre chose
    Le bloc note va s'ouvrir, copie tout le contenu et colle le ici a la suite de ton message.
    Si tu as du mal, regarde ceci:
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    2/
    telecharge smitfraudfix ici:
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    dezippe le (clic droit > extraire tout)
    double clic sur smitfraudfix.cmd
    choisis l'option 1 (rechercher)
    fais un copier/coller du résultat ici

    a+
    0
  3. galassi
     
    Logfile of HijackThis v1.99.1
    Scan saved at 18:50:38, on 04/08/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\WANADOO\CNXMON.EXE
    C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
    C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
    C:\WINDOWS\SYSTEM\MSMSGS.EXE
    C:\WINDOWS\SYSTEM\COMBO.EXE
    C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\BDMCON.EXE
    C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
    C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
    C:\PROGRAM FILES\WANADOO\WATCH.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\BUREAU\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
    O4 - HKLM\..\Run: [combo.exe] combo.exe
    O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
    O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\\bdss.exe
    O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\\xcommsvr.exe
    O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender Free Edition\\bdinit.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {2D37B9E8-C14C-482C-B1CF-939C5440E179} (VTToolkit Control) - http://videomessages.wanadoo.fr/VTToolkit.ocx
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    0
  4. galassi
     
    @ECHO OFF
    REM Smitfraud Fix (balltrap, moe, S!Ri, Vazkor)
    REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    set fixname=SmitFraudFix
    set fixvers=v1.5

    VER|find "Windows 95">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows 98">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows Millennium">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows XP">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Windows 2000">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Windows 2003">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Version non support‚e.
    echo Windows 2000 / XP requis !
    echo.
    pause
    goto end

    :Win
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Version non support‚e.
    echo Windows 2000 / XP requis !
    echo.
    pause
    goto exit

    :NT
    set syspath=%windir%\system32
    goto test

    :test
    if not exist process.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier process.exe absent !
    echo.
    pause
    goto exit
    )
    if not exist %syspath%\process.exe copy process.exe %syspath%
    goto menu

    :menu
    color 17
    cls
    echo.
    echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
    echo º %fixname% %fixvers% º
    echo ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹
    echo º 1. Rapport - Recherche º
    echo º 2. Fix º
    echo º 3. Effacer les sites de confiance et sensibles º
    echo º Q. Quitter º
    echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
    echo.
    set ChoixMenu=''
    set /p ChoixMenu=Entrez votre choix (1,2,3,Q) :
    if '%ChoixMenu%'=='q' GOTO exit
    if '%ChoixMenu%'=='Q' GOTO exit
    if '%ChoixMenu%'=='1' GOTO search
    if '%ChoixMenu%'=='2' GOTO fix
    if '%ChoixMenu%'=='3' GOTO zonefix
    goto menu

    :search
    cls
    echo %fixname% %fixvers%
    echo %fixname% %fixvers%>rapport.txt
    echo.
    echo.>>rapport.txt
    echo Rapport fait à %time% le %date%>>rapport.txt
    for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
    echo Executé à partir de %CurDir%>>rapport.txt
    IF ERRORLEVEL 1 (
    echo Executé à partir de >>rapport.txt
    cd >>rapport.txt
    )
    for /f "Tokens=*" %%i in ('ver') do set Version=%%i
    echo OS: %Version%>>rapport.txt
    echo.>>rapport.txt

    echo Recherche %HOMEDRIVE%\...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %HOMEDRIVE%\>>rapport.txt
    echo.>>rapport.txt

    pushd %HOMEDRIVE%\
    if exist rapport2.txt del rapport2.txt

    if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe PRESENT !>>rapport2.txt)
    if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe PRESENT !>>rapport2.txt)
    if exist r.exe (echo %HOMEDRIVE%\r.exe PRESENT !>>rapport2.txt)
    if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe PRESENT !>>rapport2.txt)
    if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp PRESENT !>>rapport2.txt)
    if exist wp.exe (echo %HOMEDRIVE%\wp.exe PRESENT !>>rapport2.txt)

    popd
    if exist %HOMEDRIVE%\rapport2.txt move %HOMEDRIVE%\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    echo Recherche %windir%\...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%>>rapport.txt
    echo.>>rapport.txt

    pushd %windir%
    if exist rapport2.txt del rapport2.txt

    if exist desktop.html (echo %windir%\desktop.html PRESENT !>>rapport2.txt)
    if exist popuper.exe (echo %windir%\popuper.exe PRESENT !>>rapport2.txt)
    if exist screen.html (echo %windir%\screen.html PRESENT !>>rapport2.txt)
    if exist sites.ini (echo %windir%\sites.ini PRESENT !>>rapport2.txt)
    if exist uninstIU.exe (echo %windir%\uninstIU.exe PRESENT !>>rapport2.txt)
    if exist windows.html (echo %windir%\windows.html PRESENT !>>rapport2.txt)
    if exist zloader3.exe (echo %windir%\zloader3.exe PRESENT !>>rapport2.txt)

    popd
    if exist %windir%\rapport2.txt move %windir%\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    echo Recherche %windir%\system...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%\system>>rapport.txt
    echo.>>rapport.txt

    pushd %windir%\system
    if exist rapport2.txt del rapport2.txt

    if exist svchost.exe (echo %windir%\system\svchost.exe PRESENT!>>rapport2.txt)

    popd
    if exist %windir%\system\rapport2.txt move %windir%\system\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    echo Recherche %windir%\Web...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %windir%\Web>>rapport.txt
    echo.>>rapport.txt

    pushd %windir%\Web
    if exist rapport2.txt del rapport2.txt

    if exist desktop.html (echo %windir%\Web\desktop.html PRESENT!>>rapport2.txt)
    if exist wallpaper.html (echo %windir%\Web\wallpaper.html PRESENT!>>rapport2.txt)

    popd
    if exist %windir%\Web\rapport2.txt move %windir%\Web\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    echo Recherche %syspath%...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %syspath%>>rapport.txt
    echo.>>rapport.txt

    pushd %syspath%
    if exist rapport2.txt del rapport2.txt

    if exist gunist.exe (echo %syspath%\gunist.exe PRESENT !>>rapport2.txt)
    if exist helper.exe (echo %syspath%\helper.exe PRESENT !>>rapport2.txt)
    if exist hhk.dll (echo %syspath%\hhk.dll PRESENT !>>rapport2.txt)
    if exist hookdump.exe (echo %syspath%\hookdump.exe PRESENT !>>rapport2.txt)
    if exist hp????.tmp (echo %syspath%\hp????.tmp PRESENT !>>rapport2.txt)
    if exist intel32.exe (echo %syspath%\intel32.exe PRESENT !>>rapport2.txt)
    if exist intell32.exe (echo %syspath%\intell32.exe PRESENT !>>rapport2.txt)
    if exist intmon.exe (echo %syspath%\intmon.exe PRESENT !>>rapport2.txt)
    if exist intmonp.exe (echo %syspath%\intmonp.exe PRESENT !>>rapport2.txt)
    if exist kernels32.exe (echo %syspath%\kernels32.exe PRESENT !>>rapport2.txt)
    if exist msmsgs.exe (echo %syspath%\msmsgs.exe PRESENT !>>rapport2.txt)
    if exist msole32.exe (echo %syspath%\msole32.exe PRESENT !>>rapport2.txt)
    if exist ole32vbs.exe (echo %syspath%\ole32vbs.exe PRESENT !>>rapport2.txt)
    if exist oleadm.dll (echo %syspath%\oleadm.dll PRESENT !>>rapport2.txt)
    if exist oleadm32.dll (echo %syspath%\oleadm32.dll PRESENT !>>rapport2.txt)
    if exist oleext.dll (echo %syspath%\oleext.dll PRESENT !>>rapport2.txt)
    if exist oleext32.dll (echo %syspath%\oleext32.dll PRESENT !>>rapport2.txt)
    if exist param32.dll (echo %syspath%\param32.dll PRESENT !>>rapport2.txt)
    if exist perfcii.ini (echo %syspath%\perfcii.ini PRESENT !>>rapport2.txt)
    if exist pop_up.dll (echo %syspath%\pop_up.dll PRESENT !>>rapport2.txt)
    if exist runsrv32.dll (echo %syspath%\runsrv32.dll PRESENT !>>rapport2.txt)
    if exist runsrv32.exe (echo %syspath%\runsrv32.exe PRESENT !>>rapport2.txt)
    if exist searchdll.dll (echo %syspath%\searchdll.dll PRESENT !>>rapport2.txt)
    if exist shnlog.exe (echo %syspath%\shnlog.exe PRESENT !>>rapport2.txt)
    if exist srpcsrv32.dll (echo %syspath%\srpcsrv32.dll PRESENT !>>rapport2.txt)
    if exist srpcsrv32.exe (echo %syspath%\srpcsrv32.exe PRESENT !>>rapport2.txt)
    if exist svchosts.dll (echo %syspath%\svchosts.dll PRESENT !>>rapport2.txt)
    if exist svcnt.exe (echo %syspath%\svcnt.exe PRESENT !>>rapport2.txt)
    if exist txfdb32.dll (echo %syspath%\txfdb32.dll PRESENT !>>rapport2.txt)
    if exist vxgame?.exe (echo %syspath%\vxgame?.exe PRESENT !>>rapport2.txt)
    if exist vxgamet?.exe (echo %syspath%\vxgamet?.exe PRESENT !>>rapport2.txt)
    if exist vxh8jkdq?.exe (echo %syspath%\vxh8jkdq?.exe PRESENT !>>rapport2.txt)
    if exist w8673492.exe (echo %syspath%\w8673492.exe PRESENT !>>rapport2.txt)
    if exist winnook.exe (echo %syspath%\winnook.exe PRESENT !>>rapport2.txt)
    if exist wldr.dll (echo %syspath%\wldr.dll PRESENT !>>rapport2.txt)
    if exist wp.bmp (echo %syspath%\wp.bmp PRESENT !>>rapport2.txt)
    if exist wppp.html (echo %syspath%\wppp.html PRESENT !>>rapport2.txt)

    popd
    if exist %syspath%\rapport2.txt move %syspath%\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    echo Recherche %syspath%\LogFiles...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %syspath%\LogFiles>>rapport.txt
    echo.>>rapport.txt

    pushd %syspath%\LogFiles
    if exist rapport2.txt del rapport2.txt

    if exist A5281300.so (echo %syspath%\A5281300.so PRESENT !>>rapport2.txt)
    if exist T54111925.so (echo %syspath%\T54111925.so PRESENT !>>rapport2.txt)
    if exist H53131712.so (echo %syspath%\H53131712.so PRESENT !>>rapport2.txt)
    if exist A54102200.so (echo %syspath%\A54102200.so PRESENT !>>rapport2.txt)
    if exist S53252000.so (echo %syspath%\S53252000.so PRESENT !>>rapport2.txt)
    if exist A04111925.so (echo %syspath%\A04111925.so PRESENT !>>rapport2.txt)
    if exist M54111925.so (echo %syspath%\M54111925.so PRESENT !>>rapport2.txt)
    if exist P54111925.so (echo %syspath%\P54111925.so PRESENT !>>rapport2.txt)

    popd
    if exist %syspath%\LogFiles\rapport2.txt move %syspath%\LogFiles\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    echo Recherche %userprofile%\Application Data...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %userprofile%\Application Data>>rapport.txt
    echo.>>rapport.txt

    pushd %userprofile%\Application Data
    if exist rapport2.txt del rapport2.txt

    if exist Install.dat (echo %userprofile%\Application Data\Install.dat PRESENT !>>rapport2.txt)

    popd
    if exist %userprofile%\Application Data\rapport2.txt move %userprofile%\Application Data\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    echo Recherche %ProgramFiles%...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche %ProgramFiles%>>rapport.txt
    echo.>>rapport.txt

    if exist "%ProgramFiles%\AdwareDelete" echo %ProgramFiles%\AdwareDelete\ PRESENT !>>rapport.txt
    if exist "%ProgramFiles%\AntivirusGold" echo %ProgramFiles%\AntivirusGold\ PRESENT !>>rapport.txt
    if exist "%ProgramFiles%\Daily Weather Forecast" echo %ProgramFiles%\Daily Weather Forecast\ PRESENT !>>rapport.txt
    if exist "%ProgramFiles%\PSGuard" echo %ProgramFiles%\PSGuard\ PRESENT!>>rapport.txt
    if exist "%ProgramFiles%\Search Maid" echo %ProgramFiles%\Search Maid\ PRESENT !>>rapport.txt
    if exist "%ProgramFiles%\Security IGuard" echo %ProgramFiles%\Security IGuard\ PRESENT !>>rapport.txt
    if exist "%ProgramFiles%\SpySheriff" echo %ProgramFiles%\SpySheriff\PRESENT!>>rapport.txt
    if exist "%ProgramFiles%\SpyKiller" echo %ProgramFiles%\SpyKiller\ PRESENT !>>rapport.txt
    if exist "%ProgramFiles%\Virtual Maid" echo %ProgramFiles%\Virtual Maid\ PRESENT !>>rapport.txt
    if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ PRESENT !>>rapport.txt

    if exist %syspath%\intell32.exe goto DateFile
    goto wininetscan

    :DateFile
    dir %syspath%\intell32.exe /4 /A /N /-C>result.txt
    type result.txt | find /i "intell32.exe">result2.txt
    for /f "tokens=1" %%a in (result2.txt) do set filedate=%%a

    echo Recherche des fichiers cr‚‚s le %filedate%...
    echo.>>rapport.txt
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche fichiers créés le %filedate%>>rapport.txt
    echo !!! Attention, les fichiers qui suivent ne sont pas forcément infectés !!!>>rapport.txt
    echo.>>rapport.txt

    dir %HOMEDRIVE%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
    for /f "tokens=4" %%a in (result.txt) do echo %HOMEDRIVE%\%%a>>rapport.txt
    dir %windir%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
    for /f "tokens=4" %%a in (result.txt) do echo %windir%\%%a>>rapport.txt
    dir %syspath%\*.* /4 /A /N /-C | find /i "%filedate%">result.txt
    for /f "tokens=4" %%a in (result.txt) do echo %syspath%\%%a>>rapport.txt

    if exist result.txt del result.txt
    if exist result2.txt del result2.txt
    goto wininetscan

    :wininetscan
    findstr /m /I "OLEADM" %syspath%\wininet.dll>result.txt
    for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
    findstr /m /I "OLEEXT" %syspath%\wininet.dll>result.txt
    for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
    del result.txt
    if exist infected.txt (
    del infected.txt
    echo.
    echo.>>rapport.txt
    echo %syspath%\wininet.dll infect‚ !
    echo %syspath%\wininet.dll infecté !>>rapport.txt
    echo.>>rapport.txt
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recherche wininet.dll de remplacement>>rapport.txt
    echo.>>rapport.txt
    dir %systemroot%\wininet.dll /a h /s>>rapport.txt
    )

    goto fin

    :fix
    cls
    echo %fixname% %fixvers%
    echo %fixname% %fixvers%>rapport.txt
    echo.
    echo.>>rapport.txt
    echo Rapport fait à %time% le %date%>>rapport.txt
    for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
    echo Executé à partir de %CurDir%>>rapport.txt
    IF ERRORLEVEL 1 (
    echo Executé à partir de >>rapport.txt
    cd >>rapport.txt
    )
    for /f "Tokens=*" %%i in ('ver') do set Version=%%i
    echo OS: %Version%>>rapport.txt
    echo.>>rapport.txt

    echo Arret des processus...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus>>rapport.txt
    echo.>>rapport.txt

    process -k AntivirusGold.exe>nul
    process -k bsw.exe>nul
    process -k gunist.exe>nul
    process -k helper.exe>nul
    process -k hookdump.exe>nul
    process -k intel32.exe>nul
    process -k intell32.exe>nul
    process -k intmon.exe>nul
    process -k intmonp.exe>nul
    process -k kernels32.exe>nul
    process -k msmsgs.exe>nul
    process -k msole32.exe>nul
    process -k ntdetecd.exe>nul
    process -k ole32vbs.exe>nul
    process -k ongi.exe>nul
    process -k popuper.exe>nul
    process -k r.exe>nul
    process -k runsrv32.exe>nul
    process -k shnlog.exe>nul
    process -k svcnt.exe>nul
    process -k spoolsrv32.exe>nul
    process -k uninst.exe>nul
    process -k uninstIU.exe>nul
    process -k w8673492.exe>nul
    process -k weather.exe>nul
    process -k winnook.exe>nul
    process -k winstall.exe>nul
    process -k wp.exe>nul
    process -k zloader3.exe>nul

    echo.>>rapport.txt

    echo Suppression des fichiers infect‚s...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés>>rapport.txt
    echo.>>rapport.txt

    pushd %HOMEDRIVE%\
    if exist rapport2.txt del rapport2.txt

    if exist bsw.exe (
    attrib -r -s -h bsw.exe
    del /a /f bsw.exe
    if NOT exist bsw.exe echo %HOMEDRIVE%\bsw.exe supprimé>>rapport2.txt
    if exist bsw.exe echo Problème suppression %HOMEDRIVE%\bsw.exe>>rapport2.txt
    )

    if exist ntdetecd.exe (
    attrib -r -s -h ntdetecd.exe
    del /a /f ntdetecd.exe
    if NOT exist ntdetecd.exe echo %HOMEDRIVE%\ntdetecd.exe supprimé>>rapport2.txt
    if exist ntdetecd.exe echo Problème suppression %HOMEDRIVE%\ntdetecd.exe>>rapport2.txt
    )

    if exist r.exe (
    attrib -r -s -h r.exe
    del /a /f r.exe
    if NOT exist r.exe echo %HOMEDRIVE%\r.exe supprimé>>rapport2.txt
    if exist r.exe echo Problème suppression %HOMEDRIVE%\r.exe>>rapport2.txt
    )

    if exist winstall.exe (
    attrib -r -s -h winstall.exe
    del /a /f winstall.exe
    if NOT exist winstall.exe echo %HOMEDRIVE%\winstall.exe supprimé>>rapport2.txt
    if exist winstall.exe echo Problème suppression %HOMEDRIVE%\winstall.exe>>rapport2.txt
    )

    if exist wp.bmp (
    attrib -r -s -h wp.bmp
    del /a /f wp.bmp
    if NOT exist wp.bmp echo %HOMEDRIVE%\wp.bmp supprimé>>rapport2.txt
    if exist wp.bmp echo Problème suppression %HOMEDRIVE%\wp.bmp>>rapport2.txt
    )

    if exist wp.exe (
    attrib -r -s -h wp.exe
    del /a /f wp.exe
    if NOT exist wp.exe echo %HOMEDRIVE%\wp.exe supprimé>>rapport2.txt
    if exist wp.exe echo Problème suppression %HOMEDRIVE%\wp.exe>>rapport2.txt
    )

    popd
    if exist %HOMEDRIVE%\rapport2.txt move %HOMEDRIVE%\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    pushd %windir%
    if exist rapport2.txt del rapport2.txt

    if exist desktop.html (
    attrib -r -s -h desktop.html
    del /a /f desktop.html
    if NOT exist desktop.html echo %windir%\desktop.html supprimé>>rapport2.txt
    if exist desktop.html echo Problème suppression %windir%\desktop.html>>rapport2.txt
    )

    if exist popuper.exe (
    attrib -r -s -h popuper.exe
    del /a /f popuper.exe
    if NOT exist popuper.exe echo %windir%\popuper.exe supprimé>>rapport2.txt
    if exist popuper.exe echo Problème suppression %windir%\popuper.exe>>rapport2.txt
    )

    if exist screen.html (
    attrib -r -s -h screen.html
    del /a /f screen.html
    if NOT exist screen.html echo %windir%\screen.html supprimé>>rapport2.txt
    if exist screen.html echo Problème suppression %windir%\screen.html>>rapport2.txt
    )

    if exist sites.ini (
    attrib -r -s -h sites.ini
    del /a /f sites.ini
    if NOT exist sites.ini echo %windir%\sites.ini supprimé>>rapport2.txt
    if exist sites.ini echo Problème suppression %windir%\sites.ini>>rapport2.txt
    )

    if exist uninstIU.exe (
    attrib -r -s -h uninstIU.exe
    del /a /f uninstIU.exe
    if NOT exist uninstIU.exe echo %windir%\uninstIU.exe supprimé>>rapport2.txt
    if exist uninstIU.exe echo Problème suppression %windir%\uninstIU.exe>>rapport2.txt
    )

    if exist windows.html (
    attrib -r -s -h windows.html
    del /a /f windows.html
    if NOT exist windows.html echo %windir%\windows.html supprimé>>rapport2.txt
    if exist uninstIU.exe echo Problème suppression %windir%\windows.html>>rapport2.txt
    )

    if exist zloader3.exe (
    attrib -r -s -h zloader3.exe
    del /a /f zloader3.exe
    if NOT exist zloader3.exe echo %windir%\zloader3.exe supprimé>>rapport2.txt
    if exist zloader3.exe echo Problème suppression %windir%\zloader3.exe>>rapport2.txt
    )

    popd
    if exist %windir%\rapport2.txt move %windir%\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    pushd %windir%\system

    if exist svchost.exe (
    attrib -r -s -h svchost.exe
    del /a /f svchost.exe
    if NOT exist svchost.exe echo %windir%\systemb\svchost.exe supprimé>>rapport2.txt
    if exist svchost.exe echo Problème suppression %windir%\system\svchost.exe>>rapport2.txt
    )

    popd
    if exist %windir%\system\rapport2.txt move %windir%\system\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    pushd %windir%\Web

    if exist desktop.html (
    attrib -r -s -h desktop.html
    del /a /f desktop.html
    if NOT exist desktop.html echo %windir%\Web\desktop.html supprimé>>rapport2.txt
    if exist desktop.html echo Problème suppression %windir%\Web\desktop.html>>rapport2.txt
    )

    if exist wallpaper.html (
    attrib -r -s -h wallpaper.html
    del /a /f wallpaper.html
    if NOT exist wallpaper.html echo %windir%\Web\wallpaper.html supprimé>>rapport2.txt
    if exist wallpaper.html echo Problème suppression %windir%\Web\wallpaper.html>>rapport2.txt
    )

    popd
    if exist %windir%\Web\rapport2.txt move %windir%\Web\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    pushd %syspath%
    if exist rapport2.txt del rapport2.txt

    if exist gunist.exe (
    attrib -r -s -h gunist.exe
    del /a /f gunist.exe
    if NOT exist gunist.exe echo %syspath%\gunist.exe supprimé>>rapport2.txt
    if exist gunist.exe echo Problème suppression %syspath%\gunist.exe>>rapport2.txt
    )

    if exist helper.exe (
    attrib -r -s -h helper.exe
    del /a /f helper.exe
    if NOT exist helper.exe echo %syspath%\helper.exe supprimé>>rapport2.txt
    if exist helper.exe echo Problème suppression %syspath%\helper.exe>>rapport2.txt
    )

    if exist hhk.dll (
    attrib -r -s -h hhk.dll
    del /a /f hhk.dll
    if NOT exist hhk.dll echo %syspath%\hhk.dll supprimé>>rapport2.txt
    if exist hhk.dll echo Problème suppression %syspath%\hhk.dll>>rapport2.txt
    )

    if exist hookdump.exe (
    attrib -r -s -h hookdump.exe
    del /a /f hookdump.exe
    if NOT exist hookdump.exe echo %syspath%\hookdump.exe supprimé>>rapport2.txt
    if exist hookdump.exe echo Problème suppression %syspath%\hookdump.exe>>rapport2.txt
    )

    if exist hp????.tmp (
    attrib -r -s -h hp????.tmp
    del /a /f hp????.tmp
    if NOT exist hp*.tmp echo %syspath%\hp????.tmp supprimé>>rapport2.txt
    if exist hp????.tmp echo Problème suppression %syspath%\hp????.tmp>>rapport2.txt
    )

    if exist intel32.exe (
    attrib -r -s -h intel32.exe
    del /a /f intel32.exe
    if NOT exist intel32.exe echo %syspath%\intel32.exe supprimé>>rapport2.txt
    if exist intel32.exe echo Problème suppression %syspath%\intel32.exe>>rapport2.txt
    )

    if exist intell32.exe (
    attrib -r -s -h intell32.exe
    del /a /f intell32.exe
    if NOT exist intell32.exe echo %syspath%\intell32.exe supprimé>>rapport2.txt
    if exist intell32.exe echo Problème suppression %syspath%\intell32.exe>>rapport2.txt
    )

    if exist intmon.exe (
    attrib -r -s -h intmon.exe
    del /a /f intmon.exe
    if NOT exist intmon.exe echo %syspath%\intmon.exe supprimé>>rapport2.txt
    if exist intmon.exe echo Problème suppression %syspath%\intmon.exe>>rapport2.txt
    )

    if exist intmonp.exe (
    attrib -r -s -h intmonp.exe
    del /a /f intmonp.exe
    if NOT exist intmonp.exe echo %syspath%\intmonp.exe supprimé>>rapport2.txt
    if exist intmonp.exe echo Problème suppression %syspath%\intmonp.exe >>rapport2.txt
    )

    if exist kernels32.exe (
    attrib -r -s -h kernels32.exe
    del /a /f kernels32.exe
    if NOT exist kernels32.exe echo %syspath%\kernels32.exe supprimé>>rapport2.txt
    if exist kernels32.exe echo Problème suppression %syspath%\kernels32.exe>>rapport2.txt
    )

    if exist msmsgs.exe (
    attrib -r -s -h msmsgs.exe
    del /a /f msmsgs.exe
    if NOT exist msmsgs.exe echo %syspath%\msmsgs.exe supprimé>>rapport2.txt
    if exist msmsgs.exe echo Problème suppression %syspath%\msmsgs.exe>>rapport2.txt
    )

    if exist msole32.exe (
    attrib -r -s -h msole32.exe
    del /a /f msole32.exe
    if NOT exist msole32.exe echo %syspath%\msole32.exe supprimé>>rapport2.txt
    if exist msole32.exe echo Problème suppression %syspath%\msole32.exe>>rapport2.txt
    )

    if exist ole32vbs.exe (
    attrib -r -s -h ole32vbs.exe
    del /a /f ole32vbs.exe
    if NOT exist ole32vbs.exe echo %syspath%\ole32vbs.exe supprimé>>rapport2.txt
    if exist ole32vbs.exe echo Problème suppression %syspath%\ole32vbs.exe>>rapport2.txt
    )

    if exist oleadm.dll (
    attrib -r -s -h oleadm.dll
    del /a /f oleadm.dll
    if NOT exist oleadm.dll echo %syspath%\oleadm.dll supprimé>>rapport2.txt
    if exist oleadm.dll echo Problème suppression %syspath%\oleadm.dll>>rapport2.txt
    )

    if exist oleadm32.dll (
    attrib -r -s -h oleadm32.dll
    del /a /f oleadm32.dll
    if NOT exist oleadm32.dll echo %syspath%\oleadm32.dll supprimé>>rapport2.txt
    if exist oleadm32.dll echo Problème suppression %syspath%\oleadm32.dll>>rapport2.txt
    )

    if exist oleext.dll (
    attrib -r -s -h oleext.dll
    del /a /f oleext.dll
    if NOT exist oleext.dll echo %syspath%\oleext.dll supprimé>>rapport2.txt
    if exist oleext.dll echo Problème suppression %syspath%\oleext.dll>>rapport2.txt
    )

    if exist oleext2.dll (
    attrib -r -s -h oleext32.dll
    del /a /f oleext32.dll
    if NOT exist oleext32.dll echo %syspath%\oleext32.dll supprimé>>rapport2.txt
    if exist oleext32.dll echo Problème suppression %syspath%\oleext32.dll>>rapport2.txt
    )

    if exist param32.dll (
    attrib -r -s -h param32.dll
    del /a /f param32.dll
    if NOT exist param32.dll echo %syspath%\param32.dll supprimé>>rapport2.txt
    if exist param32.dll echo Problème suppression %syspath%\param32.dll>>rapport2.txt
    )

    if exist perfcii.ini (
    attrib -r -s -h perfcii.ini
    del /a /f perfcii.ini
    if NOT exist perfcii.ini echo %syspath%\perfcii.ini supprimé>>rapport2.txt
    if exist perfcii.ini echo Problème suppression %syspath%\perfcii.ini>>rapport2.txt
    )

    if exist pop_up.dll (
    attrib -r -s -h pop_up.dll
    del /a /f pop_up.dll
    if NOT exist pop_up.dll echo %syspath%\pop_up.dll supprimé>>rapport2.txt
    if exist pop_up.dll echo Problème suppression %syspath%\pop_up.dll>>rapport2.txt
    )

    if exist runsrv32.dll (
    attrib -r -s -h runsrv32.dll
    del /a /f runsrv32.dll
    if NOT exist runsrv32.dll echo %syspath%\runsrv32.dll supprimé>>rapport2.txt
    if exist runsrv32.dll echo Problème suppression %syspath%\runsrv32.dll>>rapport2.txt
    )

    if exist runsrv32.exe (
    attrib -r -s -h runsrv32.exe
    del /a /f runsrv32.exe
    if NOT exist runsrv32.exe echo %syspath%\runsrv32.exe supprimé>>rapport2.txt
    if exist runsrv32.exe echo Problème suppression %syspath%\runsrv32.exe>>rapport2.txt
    )

    if exist searchdll.dll (
    attrib -r -s -h searchdll.dll
    del /a /f searchdll.dll
    if NOT exist searchdll.dll echo %syspath%\searchdll.dll supprimé>>rapport2.txt
    if exist searchdll.dll echo Problème suppression %syspath%\searchdll.dll>>rapport2.txt
    )

    if exist shnlog.exe (
    attrib -r -s -h shnlog.exe
    del /a /f shnlog.exe
    if NOT exist shnlog.exe echo %syspath%\shnlog.exe supprimé>>rapport2.txt
    if exist shnlog.exe echo Problème suppression %syspath%\shnlog.exe>>rapport2.txt
    )

    if exist spoolsrv32.exe (
    attrib -r -s -h spoolsrv32.exe
    del /a /f spoolsrv32.exe
    if NOT exist spoolsrv32.exe echo %syspath%\spoolsrv32.exe supprimé>>rapport2.txt
    if exist spoolsrv32.exe echo Problème suppression %syspath%\spoolsrv32.exe>>rapport2.txt
    )

    if exist srpcsrv32.dll (
    attrib -r -s -h srpcsrv32.dll
    del /a /f srpcsrv32.dll
    if NOT exist srpcsrv32.dll echo %syspath%\srpcsrv32.dll supprimé>>rapport2.txt
    if exist srpcsrv32.dll echo Problème suppression %syspath%\srpcsrv32.dll>>rapport2.txt
    )

    if exist srpcsrv32.exe (
    attrib -r -s -h srpcsrv32.exe
    del /a /f srpcsrv32.exe
    if NOT exist srpcsrv32.exe echo %syspath%\srpcsrv32.exe supprimé>>rapport2.txt
    if exist srpcsrv32.exe echo Problème suppression %syspath%\srpcsrv32.exe>>rapport2.txt
    )

    if exist svchosts.dll (
    attrib -r -s -h svchosts.dll
    del /a /f svchosts.dll
    if NOT exist svchosts.dll echo %syspath%\svchosts.dll supprimé>>rapport2.txt
    if exist svchosts.dll echo Problème suppression %syspath%\svchosts.dll>>rapport2.txt
    )

    if exist svcnt.exe (
    attrib -r -s -h svcnt.exe
    del /a /f svcnt.exe
    if NOT exist svcnt.exe echo %syspath%\svcnt.exe supprimé>>rapport2.txt
    if exist svcnt.exe echo Problème suppression %syspath%\svcnt.exe>>rapport2.txt
    )

    if exist txfdb32.dll (
    attrib -r -s -h txfdb32.dll
    del /a /f txfdb32.dll
    if NOT exist txfdb32.dll echo %syspath%\txfdb32.dll supprimé>>rapport2.txt
    if exist txfdb32.dll echo Problème suppression %syspath%\txfdb32.dll>>rapport2.txt
    )

    if exist vxgame?.exe (
    attrib -r -s -h vxgame?.exe
    del /a /f /q vxgame?.exe
    if NOT exist vxgame?.exe echo %syspath%\vxgame?.exe supprimé>>rapport2.txt
    if exist vxgame?.exe echo Problème suppression %syspath%\vxgame?.exe>>rapport2.txt
    )

    if exist vxgamet?.exe (
    attrib -r -s -h vxgamet?.exe
    del /a /f /q vxgamet?.exe
    if NOT exist vxgamet?.exe echo %syspath%\vxgamet?.exe supprimé>>rapport2.txt
    if exist vxgamet?.exe echo Problème suppression %syspath%\vxgamet?.exe>>rapport2.txt
    )

    if exist vxh8jkdq?.exe (
    attrib -r -s -h vxh8jkdq?.exe
    del /a /f /q vxh8jkdq?.exe
    if NOT exist vxh8jkdq?.exe echo %syspath%\vxh8jkdq?.exe supprimé>>rapport2.txt
    if exist vxh8jkdq?.exe echo Problème suppression %syspath%\vxh8jkdq?.exe>>rapport2.txt
    )

    if exist w8673492.exe (
    attrib -r -s -h w8673492.exe
    del /a /f w8673492.exe
    if NOT exist w8673492.exe echo %syspath%\w8673492.exe supprimé>>rapport2.txt
    if exist w8673492.exe echo Problème suppression %syspath%\w8673492.exe>>rapport2.txt
    )

    if exist winnook.exe (
    attrib -r -s -h winnook.exe
    del /a /f winnook.exe
    if NOT exist winnook.exe echo %syspath%\winnook.exe supprimé>>rapport2.txt
    if exist winnook.exe echo Problème suppression %syspath%\winnook.exe>>rapport2.txt
    )

    if exist wldr.dll (
    attrib -r -s -h wldr.dll
    del /a /f wldr.dll
    if NOT exist wldr.dll echo %syspath%\wldr.dll supprimé>>rapport2.txt
    if exist wldr.dll echo Problème suppression %syspath%\wldr.dll>>rapport2.txt
    )

    if exist wp.bmp (
    attrib -r -s -h wp.bmp
    del /a /f wp.bmp
    if NOT exist wp.bmp echo %syspath%\wp.bmp supprimé>>rapport2.txt
    if exist wp.bmp echo Problème suppression %syspath%\wp.bmp>>rapport2.txt
    )

    if exist wppp.html (
    attrib -r -s -h wppp.html
    del /a /f wppp.html
    if NOT exist wppp.html echo %syspath%\wppp.html supprimé>>rapport2.txt
    if exist wppp.html echo Problème suppression %syspath%\wppp.html>>rapport2.txt
    )

    popd
    if exist %syspath%\rapport2.txt move %syspath%\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    pushd %syspath%\LogFiles
    if exist rapport2.txt del rapport2.txt

    if exist A5281300.so (
    attrib -r -s -h A5281300.so
    del /a /f A5281300.so
    if NOT exist A5281300.so echo %syspath%\LogFiles\A5281300.so supprimé>>rapport2.txt
    if exist A5281300.so echo Problème suppression %syspath%\LogFiles\A5281300.so>>rapport2.txt
    )

    if exist T54111925.so (
    attrib -r -s -h T54111925.so
    del /a /f T54111925.so
    if NOT exist T54111925.so echo %syspath%\LogFiles\T54111925.so supprimé>>rapport2.txt
    if exist T54111925.so echo Problème suppression %syspath%\LogFiles\T54111925.so>>rapport2.txt
    )

    if exist H53131712.so (
    attrib -r -s -h H53131712.so
    del /a /f H53131712.so
    if NOT exist H53131712.so echo %syspath%\LogFiles\H53131712.so supprimé>>rapport2.txt
    if exist H53131712.so echo Problème suppression %syspath%\LogFiles\H53131712.so>>rapport2.txt
    )

    if exist A54102200.so (
    attrib -r -s -h A54102200.so
    del /a /f A54102200.so
    if NOT exist A54102200.so echo %syspath%\LogFiles\A54102200.so supprimé>>rapport2.txt
    if exist A54102200.so echo Problème suppression %syspath%\LogFiles\A54102200.so>>rapport2.txt
    )

    if exist S53252000.so (
    attrib -r -s -h S53252000.so
    del /a /f S53252000.so
    if NOT exist S53252000.so echo %syspath%\LogFiles\S53252000.so supprimé>>rapport2.txt
    if exist S53252000.so echo Problème suppression %syspath%\LogFiles\S53252000.so>>rapport2.txt
    )

    if exist A04111925.so (
    attrib -r -s -h A04111925.so
    del /a /f A04111925.so
    if NOT exist A04111925.so echo %syspath%\LogFiles\A04111925.so supprimé>>rapport2.txt
    if exist A04111925.so echo Problème suppression %syspath%\LogFiles\A04111925.so>>rapport2.txt
    )

    if exist M54111925.so (
    attrib -r -s -h M54111925.so
    del /a /f M54111925.so
    if NOT exist M54111925.so echo %syspath%\LogFiles\M54111925.so supprimé>>rapport2.txt
    if exist M54111925.so echo Problème suppression %syspath%\LogFiles\M54111925.so>>rapport2.txt
    )

    if exist P54111925.so (
    attrib -r -s -h P54111925.so
    del /a /f P54111925.so
    if NOT exist P54111925.so echo %syspath%\LogFiles\P54111925.so supprimé>>rapport2.txt
    if exist P54111925.so echo Problème suppression %syspath%\LogFiles\P54111925.so>>rapport2.txt
    )

    popd
    if exist %syspath%\LogFiles\rapport2.txt move %syspath%\LogFiles\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    pushd %userprofile%\Application Data
    if exist rapport2.txt del rapport2.txt

    if exist Install.dat (
    attrib -r -s -h Install.dat
    del /a /f Install.dat
    if NOT exist Install.dat echo %userprofile%\Application Data\Install.dat supprimé>>rapport2.txt
    if exist Install.dat echo Problème suppression %userprofile%\Application Data\Install.dat>>rapport2.txt
    )

    popd
    if exist %userprofile%\Application Data\rapport2.txt move %userprofile%\Application Data\rapport2.txt rapport2.txt
    if exist rapport2.txt type rapport2.txt>>rapport.txt
    if exist rapport2.txt del rapport2.txt

    echo.>>rapport.txt
    if exist "%ProgramFiles%\AdwareDelete" (
    RD /s /q "%ProgramFiles%\AdwareDelete"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\AdwareDelete\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\AntivirusGold" (
    RD /s /q "%ProgramFiles%\AntivirusGold"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\AntivirusGold\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\Daily Weather Forecast" (
    RD /s /q "%ProgramFiles%\Daily Weather Forecast"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Daily Weather Forecast\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\PSGuard" (
    RD /s /q "%ProgramFiles%\PSGuard"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\PSGuard\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\Search Maid" (
    RD /s /q "%ProgramFiles%\Search Maid"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Search Maid\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\Security IGuard" (
    RD /s /q "%ProgramFiles%\Security IGuard"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Security IGuard\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\SpySheriff" (
    RD /s /q "%ProgramFiles%\SpySheriff"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\SpySheriff\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\SpyKiller" (
    RD /s /q "%ProgramFiles%\SpyKiller"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\SpyKiller\ supprimé>>rapport.txt
    )

    if exist "%ProgramFiles%\Virtual Maid" (
    RD /s /q "%ProgramFiles%\Virtual Maid"
    IF NOT ERRORLEVEL 1 echo %ProgramFiles%\Virtual Maid\ supprimé>>rapport.txt
    )

    if exist "%HOMEDRIVE%\spywarevanisher-free" (
    RD /s /q "%HOMEDRIVE%\spywarevanisher-free"
    IF NOT ERRORLEVEL 1 echo %HOMEDRIVE%\spywarevanisher-free\ supprimé>>rapport.txt
    )

    :QuestionRegistre
    echo.
    echo Nettoyage du registre
    echo.>>rapport.txt
    echo »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre>>rapport.txt
    set ChoixRegistre=''
    set /p ChoixRegistre=Voulez-vous nettoyer le registre ? (o/n)
    if '%ChoixRegistre%'=='n' GOTO nonet
    if '%ChoixRegistre%'=='o' GOTO net
    goto QuestionRegistre

    :net
    echo.>>rapport.txt
    echo REGEDIT4>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{020b1227-417d-4682-9ac3-61f43cb5b6b1}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{125494b2-acad-414c-98b9-452f3ef7703a}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{408f660a-9465-44a3-b557-8709dfd992bc}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{8ee6bf73-b370-4d13-9126-eb0071178f2e}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{9bb7e700-4e48-476d-b75c-6f47606be988}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{d6d64cdf-0363-4261-b723-29a3af365e1d}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\VMHomepage]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\CLSID\VMHomepage.1]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\VMHomepage]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CLASSES_ROOT\VMHomepage.1]>>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>cleanup.reg
    echo "Wallpaper"=->>cleanup.reg
    echo "WallpaperStyle"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Control Panel\Colors]>>cleanup.reg
    echo "Background"="0 78 152">>cleanup.reg
    echo "WallpaperStyle"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]>>cleanup.reg
    echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
    echo "Search Bar"="http://search.msn.com/spbasic.htm">>cleanup.reg
    echo "Use Custom Search URL"= dword:00000000>>cleanup.reg
    echo "Use Search Asst"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]>>cleanup.reg
    echo ""="http://home.microsoft.com/access/autosearch.asp?p=%%s">>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]>>cleanup.reg
    echo "NoChangingWallPaper"=->>cleanup.reg
    echo "NoComponents"=->>cleanup.reg
    echo "NoAddingComponents"=->>cleanup.reg
    echo "NoDeletingComponents"=->>cleanup.reg
    echo "NoEditingComponents"=->>cleanup.reg
    echo "NoHTMLWallpaper"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>cleanup.reg
    echo "NoViewContextMenu"=->>cleanup.reg
    echo "NoSaveSettings"=->>cleanup.reg
    echo "NoActiveDesktopChanges"=->>cleanup.reg
    echo "ForceActiveDesktopOn"=->>cleanup.reg
    echo "NoActiveDesktop"=->>cleanup.reg
    echo "NoThemesTab"=->>cleanup.reg
    echo "ClassicShell"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]>>cleanup.reg
    echo "NoDispAppearancePage"=->>cleanup.reg
    echo "Wallpaper"=->>cleanup.reg
    echo "WallpaperStyle"=->>cleanup.reg
    echo "NoDispBackgroundPage"=->>cleanup.reg
    echo "NoDispCpl"=->>cleanup.reg
    echo "NoDispScrSavPage"=->>cleanup.reg
    echo "NoDispSettingsPage"=->>cleanup.reg
    echo "NoVisualStyleChoice"=->>cleanup.reg
    echo "NoColorChoice"=->>cleanup.reg
    echo "NoSizeChoice"=->>cleanup.reg
    echo "DisableTaskMgr"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{081669BA-EFC4-48C2-A8F4-874052D02553}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1D27320E-2DA2-41E2-A103-B5FD9D6A798B}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B599C57E-113A-4488-A5E9-BC552C4F1152}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D56A1203-1452-EBA1-7294-EE3377770000}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CURRENT_USER\Software\Classes\CLSID\{3F245C2A-1558-3CCA-04A8-7AA23B60E40F}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]>>cleanup.reg
    echo.>>cleanup.reg
    REM echo [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}]>>cleanup.reg
    REM echo.>>cleanup.reg
    echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]>>cleanup.reg
    echo "{3F245C2A-1558-3CCA-04A8-7AA23B60E40F}"=->>cleanup.reg
    echo "{D56A1203-1452-EBA1-7294-EE3377770000}"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]>>cleanup.reg
    echo "msmsgs.exe"=->>cleanup.reg
    echo "popuper.exe"=->>cleanup.reg
    echo "shnlog.exe"=->>cleanup.reg
    echo "notepad.exe"=->>cleanup.reg
    echo "notepad2.exe"=->>cleanup.reg
    echo "winlogon.exe"=->>cleanup.reg
    echo "paint.exe"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]>>cleanup.reg
    echo "Intel system tool"=->>cleanup.reg
    echo "SNInstall"=->>cleanup.reg
    echo "SpySheriff"=->>cleanup.reg
    echo "SpyKiller"=->>cleanup.reg
    echo "WindowsFY"=->>cleanup.reg
    echo "WindowsFZ"=->>cleanup.reg
    echo "Windows installer"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>cleanup.reg
    echo "Svr32 spool service"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>cleanup.reg
    echo "intel32.exe"=->>cleanup.reg
    echo "intell32.exe"=->>cleanup.reg
    echo "Intel system tool"=->>cleanup.reg
    echo "Daily Weather Forecast"=->>cleanup.reg
    echo "Fast Start"=->>cleanup.reg
    echo "MSN Messenger"=->>cleanup.reg
    echo "PSGuard"=->>cleanup.reg
    echo "PSGuard spyware remover"=->>cleanup.reg
    echo "RegSvr32"=->>cleanup.reg
    echo "System"=->>cleanup.reg
    echo "WindowsFZ"=->>cleanup.reg
    echo "WindowsUpdate"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>cleanup.reg
    echo "Svr32 spool service"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]>>cleanup.reg
    echo "SystemTools"=->>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_CURRENT_USER\SOFTWARE\SpySheriff]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDelete]>>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]>>cleanup.reg
    echo "WallpaperFileTime"=->>cleanup.reg
    echo "WallpaperLocalFileTime"=->>cleanup.reg
    echo.>>cleanup.reg>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>cleanup.reg
    echo "NoViewContextMenu"=->>cleanup.reg
    echo.>>cleanup.reg>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]>>cleanup.reg
    echo "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
    echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]>>cleanup.reg
    echo "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm">>cleanup.reg
    echo "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm">>cleanup.reg
    echo "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app paths\antivirusgold.exe]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\BlueScreen W@rning]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\antivirusgold]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall\Daily Weather Forecast]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet update]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Connection Update and HomeP KB234087]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSGuard]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyKiller]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S]>>cleanup.reg
    echo.>>cleanup.reg
    echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\r]>>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]>>cleanup.reg
    echo "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch">>cleanup.reg
    echo "Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm">>cleanup.reg
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]>>cleanup.reg
    echo "AllowProtectedRenames"=->>cleanup.reg
    echo "PendingFileRenameOperations"=->>cleanup.reg

    if exist shell.txt del shell.txt
    if exist shell2.txt del shell2.txt
    regedit /E shell.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    type shell.txt | find /i "Shell">shell2.txt
    type shell2.txt | find /i "Explorer.exe">shell.txt
    type shell.txt | find /i "Explorer.exe, msmsgs.exe">shell2.txt
    if exist shell.txt del shell.txt
    for /f "tokens=* delims=" %%a in (shell2.txt) do echo %%a>shell.txt
    if exist shell.txt (
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>cleanup.reg
    echo "Shell"="Explorer.exe">>cleanup.reg
    del shell.txt
    )
    if exist shell2.txt del shell2.txt

    if exist shell.txt del shell.txt
    if exist shell2.txt del shell2.txt
    regedit /E shell.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    type shell.txt | find /i "Shell">shell2.txt
    type shell2.txt | find /i "Explorer.exe">shell.txt
    type shell.txt | find /i "kernels32.exe">shell2.txt
    if exist shell.txt del shell.txt
    for /f "tokens=* delims=" %%a in (shell2.txt) do echo %%a>shell.txt
    if exist shell.txt (
    echo.>>cleanup.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>cleanup.reg
    echo "Shell"="Explorer.exe">>cleanup.reg
    del shell.txt
    )
    if exist shell2.txt del shell2.txt

    if exist cleanup.reg (
    regedit /s cleanup.reg
    del cleanup.reg
    echo.
    echo Nettoyage termin‚.
    echo Nettoyage terminé.>>rapport.txt
    ) ELSE (
    echo *** Erreur : cleanup.reg non trouv‚ ***
    echo *** Erreur : cleanup.reg non trouvé ***>>rapport.txt
    )
    goto scanwininet

    :nonet
    echo.
    echo Nettoyage du registre non souhait‚.
    echo.>>rapport.txt
    echo Nettoyage du registre non souhaité.>>rapport.txt
    goto scanwininet

    :scanwininet
    findstr /m /I "OLEADM" %syspath%\wininet.dll>result.txt
    for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
    findstr /m /I "OLEEXT" %syspath%\wininet.dll>result.txt
    for /F "TOKENS=* DELIMS=" %%A IN (result.txt) do echo wininet.dll infecté !>infected.txt
    del result.txt
    if exist infected.txt goto search
    if NOT exist infected.txt goto fin

    :search
    echo.>>rapport.txt
    echo »»»»»»»»»»»»»»»»»»»»»»»» Recheche wininet.dll>>rapport.txt
    echo.
    echo.>>rapport.txt
    echo %syspath%\wininet.dll infect‚ !
    echo %syspath%\wininet.dll infecté !>>rapport.txt
    del infected.txt

    echo.
    echo.>>rapport.txt
    echo Recherche d'une copie de secours (backup) de wininet.dll...
    echo Recherche d'une copie de secours (backup) de wininet.dll...>>rapport.txt
    if exist result.txt del result.txt
    if exist result2.txt del result2.txt
    dir %systemroot%\wininet.dll /a h /s>result.txt
    type result.txt>>rapport.txt
    type result.txt | find /i "%windir%">result2.txt
    type result2.txt | find /i /V "system">result.txt
    type result2.txt | find /i "dllcache">>result.txt
    type result.txt | find /i /V "Uninstall">result2.txt
    type result2.txt | find /i /V "Software">result.txt
    if exist result2.txt del result2.txt
    for /f "tokens=3" %%a in (result.txt) do echo %%a>>result2.txt
    if exist result.txt del result.txt
    if not exist result2.txt goto notfound

    echo Set objFSO = CreateObject("Scripting.FileSystemObject")>CheckVersion.vbs
    echo Wscript.Echo objFSO.GetFileVersion(wscript.arguments(0))>>CheckVersion.vbs
    for /F "delims=" %%G in ('cscript //I //nologo CheckVersion.vbs %syspath%\wininet.dll') do set InfectVerNo=%%G
    goto do_count

    :do_count
    set count=0
    for /f "tokens=*" %%a in (result2.txt) do (call :do_add %%a)
    goto get_vers

    :do_add
    set /a count+=1
    set wininetpath=%1
    goto :eof

    :get_vers
    set /a count2=0
    for /F "delims=" %%G in ('cscript //I //nologo CheckVersion.vbs %wininetpath%\wininet.dll') do set VerNo=%%G
    if %InfectVerNo%==%VerNo% goto QuestionWininet
    if exist result.txt del result.txt
    for /f "tokens=*" %%a in (result2.txt) do (call :do_add2 %%a)
    goto compare

    :do_add2
    set /a count2+=1
    if NOT %count2%==%count% echo %1>>result.txt
    goto :eof

    :compare
    type result.txt>result2.txt
    if not exist result.txt goto notfound
    del result.txt
    goto do_count

    :QuestionWininet
    echo.>>rapport.txt
    echo Fichier de remplacement trouv‚:
    echo Fichier trouv‚ : %wininetpath%\wininet.dll
    echo Version System : %InfectVerNo%
    echo Version BackUp : %VerNo%
    echo Fichier trouvé : %wininetpath%\wininet.dll>>rapport.txt
    echo Version System : %InfectVerNo%>>rapport.txt
    echo Version BackUp : %VerNo%>>rapport.txt
    echo.
    echo.>>rapport.txt
    set ChoixWininet=''
    set /p ChoixWininet=Corriger le fichier infect‚ ? (o/n)
    if '%ChoixWininet%'=='n' GOTO noreplace
    if '%ChoixWininet%'=='o' GOTO replace
    goto QuestionWininet

    :noreplace
    echo.
    echo Correction du fichier non souhait‚e.
    echo Correction du fichier non souhaitée.>>rapport.txt
    goto fin

    :replace
    echo.
    echo Remplacement wininet.dll (reboot necessaire)
    echo Remplacement wininet.dll (reboot necessaire)>>rapport.txt
    attrib -r -h -s %syspath%\wininet.dll
    ren %syspath%\wininet.dll wininet.old
    attrib -r -h -s %wininetpath%\wininet.dll
    copy %wininetpath%\wininet.dll %syspath%
    attrib +s %syspath%\wininet.dll
    attrib +s %wininetpath%\wininet.dll
    goto reboot

    :notfound
    echo Fichier de remplacement wininet.dll non trouv‚.
    echo Fichier de remplacement wininet.dll non trouvé.>>rapport.txt
    goto fin

    :reboot
    if exist smitfraudfix1.reg del smitfraudfix1.reg
    echo REGEDIT4>>smitfraudfix1.reg
    echo.>>smitfraudfix1.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>smitfraudfix1.reg
    echo "smitfraudfix"="%systemdrive%\\fixclean.cmd">>smitfraudfix1.reg
    regedit.exe /s smitfraudfix1.reg
    if exist smitfraudfix1.reg del smitfraudfix1.reg

    if exist %systemdrive%\fixclean.cmd del %systemdrive%\fixclean.cmd
    if exist %systemdrive%\smitfraudfix2.reg del %systemdrive%\smitfraudfix2.reg

    echo @echo off>>%systemdrive%\fixclean.cmd
    echo.>>%systemdrive%\fixclean.cmd
    echo attrib -r -h -s %systemroot%\system32\wininet.old>>%systemdrive%\fixclean.cmd
    echo del /q %systemroot%\system32\wininet.old>>%systemdrive%\fixclean.cmd
    echo if exist "%systemroot%\system32\oleadm.dll" (>>%systemdrive%\fixclean.cmd
    echo attrib -r -h -s %systemroot%\system32\oleadm.dll>>%systemdrive%\fixclean.cmd
    echo del /q %systemroot%\system32\oleadm.dll>>%systemdrive%\fixclean.cmd
    echo )>>%systemdrive%\fixclean.cmd
    echo if exist "%systemroot%\system32\oleext.dll" (>>%systemdrive%\fixclean.cmd
    echo attrib -r -h -s %systemroot%\system32\oleext.dll>>%systemdrive%\fixclean.cmd
    echo del /q %systemroot%\system32\oleext.dll>>%systemdrive%\fixclean.cmd
    echo )>>%systemdrive%\fixclean.cmd
    echo.>>%systemdrive%\fixclean.cmd
    echo regedit.exe /s %systemdrive%\smitfraudfix2.reg>>%systemdrive%\fixclean.cmd
    echo.>>%systemdrive%\fixclean.cmd
    echo if exist %systemdrive%\smitfraudfix2.reg del %systemdrive%\smitfraudfix2.reg>>%systemdrive%\fixclean.cmd
    echo if exist %systemdrive%\fixclean.cmd del %systemdrive%\fixclean.cmd>>%systemdrive%\fixclean.cmd

    echo REGEDIT4>>%systemdrive%\smitfraudfix2.reg
    echo.>>%systemdrive%\smitfraudfix2.reg
    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]>>%systemdrive%\smitfraudfix2.reg
    echo "smitfraudfix"=->>%systemdrive%\smitfraudfix2.reg

    goto fin

    :zonefix
    cls
    set Choix_Zone=''
    echo %fixname% %fixvers%
    echo.
    set /p Choix_Zone=R‚initialiser la liste des sites de confiance et sensibles ? (o/n)
    if '%Choix_Zone%'=='n' GOTO menu
    if '%Choix_Zone%'=='o' GOTO zonefix2
    goto zonefix

    :zonefix2
    echo Copie de sauvegarde...
    if not exist backups mkdir backups
    regedit /e backups\HKCU_Domains.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    regedit /e backups\HKCU_Ranges.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    regedit /e backups\HKLM_Domains.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    regedit /e backups\HKLM_Ranges.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    echo REGEDIT4>zone.reg
    echo.>>zone.reg
    echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
    echo.>>zone.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
    echo.>>zone.reg
    echo [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
    echo.>>zone.reg
    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
    echo.>>zone.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
    echo.>>zone.reg
    echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]>>zone.reg
    echo.>>zone.reg
    echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
    echo.>>zone.reg
    echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]>>zone.reg
    echo.>>zone.reg
    echo.
    if exist zone.reg (
    regedit /s zone.reg
    del zone.reg
    echo Sites de confiance et sensibles effac‚s.
    ) ELSE (
    echo *** Erreur : zone.reg non trouv‚ ***
    )
    echo.
    pause
    goto menu

    :fin
    echo.
    echo fin
    echo.>>rapport.txt
    echo »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport>>rapport.txt
    echo.>>rapport.txt
    if exist CheckVersion.vbs del CheckVersion.vbs
    if exist result2.t
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    salut galassi

    le fix ne passe pas sous win 98, il faudra faire le nettoyage manuellement.

    dis moi si les fichiers oleadm.dll et oleext.dll sont présent dans ton pc ?

    a+
    0
    1. galassi
       
      Salut moe 31

      ça va te paraitre con mais comment je fais pour savoir si ces fichiers sont là

      je te remercie de t'occuper de moi
      0
  7. Utilisateur anonyme
     
    salut,
    tu clik rechercher , tu tape ces noms et tu regarde si il existe
    0
  8. Utilisateur anonyme
     
    De plus, l emplacement doit etre ici
    C:\WINDOWS\system32\ [...]

    Auparavant

    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    0