Sujet Précédent Sujet Suivant

Cheval de troie Win32:Downloader-EN [Trj]

Fermé
jimmy - 18 févr. 2007 à 19:27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 18 févr. 2007 à 21:50
Bonjour
Quelqu'un peut analyser mon hijackthis SVP?? j'ai un cheval de troie sur mon pc!!
Je n'y connais rien et j'ai vu par hasard qu'il fallait d'abord faire ce scan mais je ne connais pas la procédure .
Merci de m'aider!
Le cheval de troie s'appelle: C:\WINDOWS\system32\setup9x.exe
Nom: Win32:Downloader-EN [Trj].

Rapport:
Logfile of HijackThis v1.99.1
Scan saved at 19:14:52, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Archivos de programa\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Archivos de programa\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\SMCWUSBT 108Mbps Wireless USB 2.0 Adapter\ACU.exe
C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.EXE
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Java\jre1.5.0_10\bin\jucheck.exe
D:\Documents and Settings\All Users\eMule\emule.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
d:\documents and settings\all users\menú inicio\programas\inicio\dllhost.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Archivos de programa\limewire\limewire.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
D:\Documents and Settings\fatima\Configuración local\Archivos temporales de Internet\Content.IE5\5HO6JNPD\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SP&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ACU] C:\Archivos de programa\SMCWUSBT 108Mbps Wireless USB 2.0 Adapter\ACU.exe -nogui
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sp.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2DF379-D6CD-408D-B818-07E426214CFF}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A2DF379-D6CD-408D-B818-07E426214CFF}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A2DF379-D6CD-408D-B818-07E426214CFF}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Archivos de programa\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe



Merci de m'aider.

Jimmy
A voir également:

13 réponses

Réponse 1 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 19:44
Salut

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.


++
1
jimmy
18 févr. 2007 à 20:25
merci pour ta reponse, voici le rapport généré:
@ECHO OFF

REM Smitfraud Fix by S!Ri
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip

REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
REM and all the ones I forgot who submit files, analyses, help users...
REM Miekiemoes' Shudder key fix added.
REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
REM Reboot.exe by Shadowar/Option^Explicit added.
REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
REM unzip.exe - info-zip (http://www.info-zip.org)
REM SmiUpdate.exe - Sebdraluorg

set fixname=SmitFraudFix
set fixvers=v2.142

VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 5.2.3790">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO Win
if %OS%==Windows_NT goto NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit

:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit

:NT
set DoReboot=0
set DoRestart=0
set syspath=%windir%\system32

echo Option Explicit>GetPaths.vbs
echo.>>GetPaths.vbs
echo Dim Shell>>GetPaths.vbs
echo Dim KeyPath>>GetPaths.vbs
echo Dim ObjFileSystem>>GetPaths.vbs
echo Dim ObjOutputFile>>GetPaths.vbs
echo Dim ObjRegExp>>GetPaths.vbs
echo Dim File>>GetPaths.vbs
echo Dim TmpVar>>GetPaths.vbs
echo Dim Var>>GetPaths.vbs
echo Dim Accent>>GetPaths.vbs

echo.>>GetPaths.vbs
echo KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo File = "SetPaths.bat">>GetPaths.vbs
echo.>>GetPaths.vbs
echo Set Shell = WScript.CreateObject("WScript.Shell")>>GetPaths.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>GetPaths.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>GetPaths.vbs
echo Set ObjRegExp = New RegExp>>GetPaths.vbs
echo.>>GetPaths.vbs

echo Function ShortFileName(Path)>>GetPaths.vbs
echo Dim f>>GetPaths.vbs
echo Set f = ObjFileSystem.GetFolder(Path)>>GetPaths.vbs
echo ShortFileName = f.ShortPath>>GetPaths.vbs
echo End Function>>GetPaths.vbs

echo Function Accents(Str)>>GetPaths.vbs
echo ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]">>GetPaths.vbs
echo ObjRegExp.IgnoreCase = True>>GetPaths.vbs
echo ObjRegExp.Global = True>>GetPaths.vbs
echo Accents = ObjRegExp.Replace(Str, "?")>>GetPaths.vbs
echo End Function>>GetPaths.vbs

echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set desktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set favorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs

echo KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set audesktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set aufavorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo ObjOutputFile.Close>>GetPaths.vbs
echo Set objFileSystem = Nothing>>GetPaths.vbs
echo Set Shell = Nothing>>GetPaths.vbs
echo Set ObjRegExp = nothing>>GetPaths.vbs
echo.>>GetPaths.vbs
cscript //I //nologo GetPaths.vbs
del GetPaths.vbs
Call SetPaths.bat
del SetPaths.bat

if exist "%userprofile%\Bureau" (
set lang=fra
) else (
set lang=int
)

goto test

:test
if not exist Process.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Process.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Process.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swreg.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swreg.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swreg.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swsc.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swsc.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swsc.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist SrchSTS.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SrchSTS.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SrchSTS.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist Reboot.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Reboot.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Reboot.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist restart.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier restart.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo restart.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist GenericRenosFix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier GenericRenosFix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo GenericRenosFix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist dumphive.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier dumphive.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo dumphive.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist unzip.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier unzip.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo unzip.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist SmiUpdate.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SmiUpdate.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SmiUpdate.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swxcacls.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swxcacls.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swxcacls.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if exist Update.cmd del Update.cmd
if not exist %syspath%\Process.exe copy Process.exe %syspath%\Process.exe >NUL
if not exist %syspath%\swreg.exe copy swreg.exe %syspath%\swreg.exe >NUL
if not exist %syspath%\swsc.exe copy swsc.exe %syspath%\swsc.exe >NUL
if not exist %syspath%\SrchSTS.exe copy SrchSTS.exe %syspath%\SrchSTS.exe >NUL
if not exist %syspath%\dumphive.exe copy dumphive.exe %syspath%\dumphive.exe >NUL
if not exist %syspath%\swxcacls.exe copy swxcacls.exe %syspath%\swxcacls.exe >NUL

if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt
chkntfs %systemdrive% | find /V "%systemdrive%">tmp.txt
type tmp.txt | find /i "NTFS">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=NTFS
if exist tmp3.txt del tmp3.txt
type tmp.txt | find /i "FAT32">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=FAT32
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt

goto notice

:notice
color 17
cls
if %lang%==fra (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger n'est pas affili^‚ avec SmitfraudFix!
echo.
echo Cet outil a ^‚t^‚ cr^‚^‚ par S!Ri pour une utilisation GRATUITE.
echo Des dons seront accept^‚es par S!Ri, uniquement sur son site Web principal
echo N'importe qui d'autre qui essaie d'en tirer profit
echo ou qui sollicite de l'argent est impliqu^‚ dans une fraude.
echo.
echo.
echo Appuyez sur une touche pour continuer...
echo.
) else (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger is NOT involved with Smitfraudfix in any way!
echo.
echo This tool was created by S!Ri, and is available for FREE.
echo Voluntary donations will be accepted by S!Ri, at his main website only.
echo Anyone, other than the creator, trying to make a profit
echo or solicit money from its use would be involved in fraudulent activity.
echo.
echo.
echo Press a key to continue...
echo.
)
pause>NUL
goto menu

:menu
color 17
cls

if %lang%==fra (
set sChoice=Entrez votre choix
set sScanDate=Rapport fait à
set sRunFrom=Executé à partir de
set sFSType=Le type du système de fichiers est
set SafeMWarn=Fix executé en mode normal
set SafeMDisp=Fix executé en mode sans echec
set sSearch=Recherche
set sFound=PRESENT !
set sDel=supprimé
set sInfect=infecté !
set sInfect2=infect^‚ !
set KDMess=détecté !
set sHOSTS=Fichier hosts corrompu !
set RKScan=utilisez un scanner de Rootkit
set pe386Mess=pe386 détecté, utilisez un scanner de Rootkit
set lzx32Mess=lzx32 détecté, utilisez un scanner de Rootkit
set huy32Mess=huy32 détecté, utilisez un scanner de Rootkit
set msguardMess=msguard détecté, utilisez un scanner de Rootkit
set sWiniSearch=Recherche wininet.dll de remplacement
set sEnd=Fin
set sProcess=Arret des processus
set sError=Problème suppression
set sNotFound=non trouvé
set sTempFolder=Suppression Fichiers Temporaires
set sRegCleanQ=Voulez-vous nettoyer le registre ? ^(o/n^)
set sRegClean=Nettoyage du registre
set sWininetQ=Corriger le fichier infect^‚ ? ^(o/n^)
set sTrustQ=R^‚initialiser la liste des sites de confiance et sensibles ? ^(o/n^)
set sTrustBackUp=Copie de sauvegarde
set sTrustDone=Sites de confiance et sensibles effac^‚s.
set sTrustError=*** Erreur : zone.reg non trouv^‚ ***

echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Recherche
echo 2. Nettoyage ^( mode sans echec recommand^‚ ^)
echo 3. Effacer les sites de confiance et sensibles
echo 4. V^‚rifier les Mises ^… jour
echo L. Langue Anglaise
echo Q. Quitter
echo.
echo.
echo Fermez tous les programmes
echo un red^‚marrage peut-^ˆtre n^‚cessaire
echo.
echo.
echo.
) else (
set sChoice=Enter your choice
set sScanDate=Scan done at
set sRunFrom=Run from
set sFSType=The filesystem type is
set SafeMWarn=Fix run in normal mode
set SafeMDisp=Fix run in safe mode
set sSearch=Scanning
set sFound=FOUND !
set sDel=Deleted
set sInfect=infected !
set sInfect2=infected !
set KDMess=detected !
set sHOSTS=hosts file corrupted !
set RKScan=use a Rootkit scanner
set pe386Mess=pe386 detected, use a Rootkit scanner
set lzx32Mess=lzx32 detected, use a Rootkit scanner
set huy32Mess=huy32 detected, use a Rootkit scanner
set msguardMess=msguard detected, use a Rootkit scanner
set sWiniSearch=Scanning wininet.dll backup
set sEnd=End
set sProcess=Killing process
set sError=Problem while deleting
set sNotFound=not found
set sTempFolder=Deleting Temp Files
set sRegCleanQ=Do you want to clean the registry ? ^(y/n^)
set sRegClean=Registry Cleaning
set sWininetQ=Replace infected file ? ^(y/n^)
set sTrustQ=Restore Trusted Zone ? ^(y/n^)
set sTrustBackUp=Saving BackUp
set sTrustDone=Trusted Zone deleted.
set sTrustError=*** Error : zone.reg not found ***

echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Search
echo 2. Clean ^(safe mode recommended^)
echo 3. Delete Trusted zone
echo 4. Check for updates
echo L. French Language
echo Q. Quit
echo.
echo.
echo Close all applications
echo Computer may reboot
echo.
echo.
echo.
)
set ChoixMenu=''
set /p ChoixMenu=%sChoice% (1,2,3,4,L,Q) :
if '%ChoixMenu%'=='l' GOTO SwappL
if '%ChoixMenu%'=='L' GOTO SwappL
if '%ChoixMenu%'=='q' GOTO exit
if '%ChoixMenu%'=='Q' GOTO exit
if '%ChoixMenu%'=='1' GOTO search
if '%ChoixMenu%'=='2' GOTO fix
if '%ChoixMenu%'=='3' GOTO zonefix
if '%ChoixMenu%'=='4' GOTO update
goto menu

:SwappL
if '%lang%'=='fra' (
set lang=int
) else (
set lang=fra
)
goto notice


:search
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>%systemdrive%\rapport.txt
echo.
echo.>>%systemdrive%\rapport.txt
echo %sScanDate% %time%, %date%>>%systemdrive%\rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo %sRunFrom% %CurDir%>>%systemdrive%\rapport.txt
IF ERRORLEVEL 1 (
echo %sRunFrom% >>%systemdrive%\rapport.txt
cd >>%systemdrive%\rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version% - %OS%>>%systemdrive%\rapport.txt
echo %sFSType% %FSType%>>%systemdrive%\rapport.txt
if not defined safeboot_option echo %SafeMWarn%>>%systemdrive%\rapport.txt
if defined safeboot_option echo %SafeMDisp%>>%systemdrive%\rapport.txt






echo.>>%systemdrive%\rapport.txt
echo %sSearch% hosts...
echo »»»»»»»»»»»»»»»»»»»»»»»» hosts>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt





if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt








type %syspath%\drivers\etc\hosts | find /i "arovax.com">tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bleepingcomputer.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "boskak.za.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bullguard.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "castlecops.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "compu-docs.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "computing.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "dell.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "depannetonpc.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "digitaltrends.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "ewido.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "geekstogo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "greyknight17.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "idg.pl">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "infos-du-net.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "innovative-sol.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lavasoftsupport.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lockergnome.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "majorgeeks.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "microsoft.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "mytechsupport.ca">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "pandasoftware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "prevx.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "siri.urz.free.fr">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spybot.info">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "stevengould.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "sunbelt-software.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.dk">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "superantispyware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techguy.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techsupportforum.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "tomcoyote.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "wilderssecurity.com">>tmp.txt

for /f "tokens=* delims=" %%a in (tmp.txt) do echo %%a>tmp2.txt
if exist tmp2.txt goto ScanHosts_Found
goto ScanHosts_End

:ScanHosts_Found
echo %sHOSTS%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
type tmp.txt>>%systemdrive%\rapport.txt

:ScanHosts_End
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt






echo.>>%systemdrive%\rapport.txt
echo %sSearch% %HOMEDRIVE%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %HOMEDRIVE%\>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %HOMEDRIVE%\

if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe %sFound%>>%systemdrive%\rapport.txt)
if exist contextplus.exe (echo %HOMEDRIVE%\contextplus.exe %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %HOMEDRIVE%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %HOMEDRIVE%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr.exe (echo %HOMEDRIVE%\dfndr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndra.exe (echo %HOMEDRIVE%\dfndra.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr?_?.exe (echo %HOMEDRIVE%\dfndr?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload?.exe (echo %HOMEDRIVE%\drsmartload?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload??.exe (echo %HOMEDRIVE%\drsmartload??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload???.exe (echo %HOMEDRIVE%\drsmartload???.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload????.exe (echo %HOMEDRIVE%\drsmartload????.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ecsiin.stub.exe (echo %HOMEDRIVE%\ecsiin.stub.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exit (echo %HOMEDRIVE%\exit %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys.exe (echo %HOMEDRIVE%\gimmysmileys.exe %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys?.exe (echo %HOMEDRIVE%\gimmysmileys?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %HOMEDRIVE%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %HOMEDRIVE%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %HOMEDRIVE%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %HOMEDRIVE%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd.exe (echo %HOMEDRIVE%\kybrd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd_?.exe (echo %HOMEDRIVE%\kybrd_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd?_?.exe (echo %HOMEDRIVE%\kybrd?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %HOMEDRIVE%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %HOMEDRIVE%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %HOMEDRIVE%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %HOMEDRIVE%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist MTE3NDI6ODoxNg.exe (echo %HOMEDRIVE%\MTE3NDI6ODoxNg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm.exe (echo %HOMEDRIVE%\nwnm.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm_?.exe (echo %HOMEDRIVE%\nwnm_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm?_?.exe (echo %HOMEDRIVE%\nwnm?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %HOMEDRIVE%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %HOMEDRIVE%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntps.exe (echo %HOMEDRIVE%\ntps.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntnc.exe (echo %HOMEDRIVE%\ntnc.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %HOMEDRIVE%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist r.exe (echo %HOMEDRIVE%\r.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %HOMEDRIVE%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist stub_113_4_0_4_0.exe (echo %HOMEDRIVE%\stub_113_4_0_4_0.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %HOMEDRIVE%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %HOMEDRIVE%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %HOMEDRIVE%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %HOMEDRIVE%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %HOMEDRIVE%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %HOMEDRIVE%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uniq (echo %HOMEDRIVE%\uniq %sFound%>>%systemdrive%\rapport.txt)
if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe %sFound%>>%systemdrive%\rapport.txt)
if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist wp.exe (echo %HOMEDRIVE%\wp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xxx.exe (echo %HOMEDRIVE%\xxx.exe %sFound%>>%systemdrive%\rapport.txt)

if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ %sFound%>>%systemdrive%\rapport.txt

popd



echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%

if exist ".protected" (echo %windir%\.protected %sFound%>>%systemdrive%\rapport.txt)
if exist aapfr.exe (echo %windir%\aapfr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist accesss.exe (echo %windir%\accesss.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ads.js (echo %windir%\ads.js %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbc.dll (echo %windir%\adsldpbc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbd.dll (echo %windir%\adsldpbd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbe.dll (echo %windir%\adsldpbe.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbf.dll (echo %windir%\adsldpbf.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbj.dll (echo %windir%\adsldpbj.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2005.exe (echo %windir%\adtech2005.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2006a.exe (echo %windir%\adtech2006a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adw.htm (echo %windir%\adw.htm %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-box.gif" (echo %windir%\adware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-header.gif" (echo %windir%\adware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist alexaie.dll (echo %windir%\alexaie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxie328.dll (echo %windir%\alxie328.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxtb1.dll (echo %windir%\alxtb1.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "antispylab-logo.gif" (echo %windir%\antispylab-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bg.gif (echo %windir%\about_spyware_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bottom.gif (echo %windir%\about_spyware_bottom.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as.gif (echo %windir%\as.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as_header.gif (echo %windir%\as_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist astctl32.ocx (echo %windir%\astctl32.ocx %sFound%>>%systemdrive%\rapport.txt)
if exist avpcc.dll (echo %windir%\avpcc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist azesearch.bmp (echo %windir%\azesearch.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist back.gif (echo %windir%\back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist batserv2.exe (echo %windir%\batserv2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bg.gif (echo %windir%\bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bg_bg.gif (echo %windir%\bg_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist big_red_x.gif (echo %windir%\big_red_x.gif %sFound%>>%systemdrive%\rapport.txt)
if exist blank.mht (echo %windir%\blank.mht %sFound%>>%systemdrive%\rapport.txt)
if exist "blue-bg.gif" (echo %windir%\blue-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_1.gif (echo %windir%\box_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_2.gif (echo %windir%\box_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_3.gif (echo %windir%\box_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist BTGrab.dll (echo %windir%\BTGrab.dll %sFound%>>%systemdrive%\rapport.txt)
if exist button_buynow.gif (echo %windir%\button_buynow.gif %sFound%>>%systemdrive%\rapport.txt)
if exist button_freescan.gif (echo %windir%\button_freescan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy.gif (echo %windir%\buy.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy_now.gif (echo %windir%\buy_now.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "buy-now-btn.gif" (echo %windir%\buy-now-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bxproxy.exe (echo %windir%\bxproxy.exe %sFound%>>%systemdrive%\rapport.txt)
if exist click_for_free_scan.gif (echo %windir%\click_for_free_scan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist close_ico.gif (echo %windir%\close_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "close-bar.gif" (echo %windir%\close-bar.gif %sFound%>>%systemdrive%\rapport.txt)
if exist clrssn.exe (echo %windir%\clrssn.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-left.gif" (echo %windir%\corner-left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-right.gif" (echo %windir%\corner-right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %windir%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cpan.dll (echo %windir%\cpan.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3dn32.exe (echo %windir%\d3dn32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist d3??.dll (echo %windir%\d3??.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3pb.exe (echo %windir%\d3pb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %windir%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist desktop.html (echo %windir%\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist dialup.exe (echo %windir%\dialup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dlmax.dll (echo %windir%\dlmax.dll %sFound%>>%systemdrive%\rapport.txt)
if exist download.gif (echo %windir%\download.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_box.gif (echo %windir%\download_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_product.gif (echo %windir%\download_product.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "download-btn.gif" (echo %windir%\download-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist dr.exe (echo %windir%\dr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload.dat (echo %windir%\drsmartload.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload2.dat (echo %windir%\drsmartload2.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload95a.exe (echo %windir%\drsmartload95a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartloadb1.dat (echo %windir%\drsmartloadb1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist "facts.gif" (echo %windir%\facts.gif %sFound%>>%systemdrive%\rapport.txt)
if exist features.gif (echo %windir%\features.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "footer.gif" (echo %windir%\footer.giff %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.gif (echo %windir%\footer_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.jpg (echo %windir%\footer_back.jpg %sFound%>>%systemdrive%\rapport.txt)
if exist free_scan_red_btn.gif (echo %windir%\free_scan_red_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "free-scan-btn.gif" (echo %windir%\free-scan-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist gimmygames.dat (echo %windir%\gimmygames.dat %sFound%>>%systemdrive%\rapport.txt)
if exist "h-line-gradient.gif" (echo %windir%\h-line-gradient.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_1.gif (echo %windir%\header_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_2.gif (echo %windir%\header_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_3.gif (echo %windir%\header_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_4.gif (echo %windir%\header_4.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "header-bg.gif" (echo %windir%\header-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist icon_warning_big.gif (echo %windir%\icon_warning_big.gif %sFound%>>%systemdrive%\rapport.txt)
if exist icont.exe (echo %windir%\icont.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.dll (echo %windir%\ieyi.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.exe (echo %windir%\ieyi.exe %sFound%>>%systemdrive%\rapport.txt)
if exist inetdctr.dll (echo %windir%\inetdctr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist inetloader.dll (echo %windir%\inetloader.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "infected.gif" (echo %windir%\infected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist infected_top_bg.gif (echo %windir%\infected_top_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "info.gif" (echo %windir%\info.gif %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %windir%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %windir%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard1.dat (echo %windir%\keyboard1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %windir%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl.exe (echo %windir%\kl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %windir%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loadadv728.exe (echo %windir%\loadadv728.exe %sFound%>>%systemdrive%\rapport.txt)
if exist local.html (echo %windir%\local.html %sFound%>>%systemdrive%\rapport.txt)
if exist logo.gif (echo %windir%\logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist main_back.gif (echo %windir%\main_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist mxd.exe (echo %windir%\mxd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %windir%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %windir%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %windir%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mtwirl32.dll (echo %windir%\mtwirl32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_bg.gif (echo %windir%\navibar_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_left.gif (echo %windir%\navibar_corner_left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_right.gif (echo %windir%\navibar_corner_right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist newname.dat (echo %windir%\newname.dat %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %windir%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %windir%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %windir%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "no-icon.gif" (echo %windir%\no-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist notepad.com (echo %windir%\notepad.com %sFound%>>%systemdrive%\rapport.txt)
if exist notepad32.exe (echo %windir%\notepad32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist onlineshopping.ico (echo %windir%\onlineshopping.ico %sFound%>>%systemdrive%\rapport.txt)
if exist olehelp.exe (echo %windir%\olehelp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist osaupd.exe (echo %windir%\osaupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pop06ap2.exe (echo %windir%\pop06ap2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist popuper.exe (echo %windir%\popuper.exe %sFound%>>%systemdrive%\rapport.txt)
if exist processes.txt (echo %windir%\processes.txt %sFound%>>%systemdrive%\rapport.txt)
if exist product_box.gif (echo %windir%\product_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist psg.exe (echo %windir%\psg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist Pynix.dll (echo %windir%\Pynix.dll %sFound%>>%systemdrive%\rapport.txt)
if exist q*_disk.dll (echo %windir%\q*_disk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist red_warning_ico.gif (echo %windir%\red_warning_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-box.gif" (echo %windir%\reg-freeze-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-header.gif" (echo %windir%\reg-freeze-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist remove_spyware_header.gif (echo %windir%\remove_spyware_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "remove-spyware-btn.gif" (echo %windir%\remove-spyware-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist removeadware.ico (echo %windir%\removeadware.ico %sFound%>>%systemdrive%\rapport.txt)
if exist rf.gif (echo %windir%\rf.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rf_header.gif (echo %windir%\rf_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rzs.exe (echo %windir%\rzs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist runwin32.exe (echo %windir%\runwin32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachostx.exe (echo %windir%\sachostx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist safe_and_trusted.gif (echo %windir%\safe_and_trusted.gif %sFound%>>%systemdrive%\rapport.txt)
if exist scan_btn.gif (echo %windir%\scan_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist screen.html (echo %windir%\screen.html %sFound%>>%systemdrive%\rapport.txt)
if exist se_spoof.dll (echo %windir%\se_spoof.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sec.exe (echo %windir%\sec.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-bg.gif" (echo %windir%\security-center-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-logo.gif" (echo %windir%\security-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist security_center_caption.gif (echo %windir%\security_center_caption.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_hor.gif (echo %windir%\sep_hor.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_vert.gif (echo %windir%\sep_vert.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sexpersonals.ico (echo %windir%\sexpersonals.ico %sFound%>>%systemdrive%\rapport.txt)
if exist sdkcb.dll (echo %windir%\sdkcb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sdkqq.exe (echo %windir%\sdkqq.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %windir%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist sites.ini (echo %windir%\sites.ini %sFound%>>%systemdrive%\rapport.txt)
if exist slassac.dll (echo %windir%\slassac.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spp3.dll (echo %windir%\spp3.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spacer.gif (echo %windir%\spacer.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spacer.gif'" (echo %windir%\spacer.gif' %sFound%>>%systemdrive%\rapport.txt)
if exist spyware_detected.gif (echo %windir%\spyware_detected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-detected.gif" (echo %windir%\spyware-detected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-sheriff-header.gif" (echo %windir%\spyware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-sheriff-box.gif" (echo %windir%\spyware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sss_main.ini (echo %windir%\sss_main.ini %sFound%>>%systemdrive%\rapport.txt)
if exist "star.gif" (echo %windir%\star.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "star-grey.gif" (echo %windir%\star-grey.gif %sFound%>>%systemdrive%\rapport.txt)
if exist star_gray.gif (echo %windir%\star_gray.gif %sFound%>>%systemdrive%\rapport.txt)
if exist star_gray_small.gif (echo %windir%\star_gray_small.gif %sFound%>>%systemdrive%\rapport.txt)
if exist star_small.gif (echo %windir%\star_small.gif %sFound%>>%systemdrive%\rapport.txt)
if exist susp.exe (echo %windir%\susp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.exe (echo %windir%\svchost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysen.exe (echo %windir%\sysen.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysvx_.exe (echo %windir%\sysvx_.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysldr32.exe (echo %windir%\sysldr32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist systeem.exe (echo %windir%\systeem.exe %sFound%>>%systemdrive%\rapport.txt)
if exist System32fab.exe (echo %windir%\System32fab.exe %sFound%>>%systemdrive%\rapport.txt)
if exist systemcritical.exe (echo %windir%\systemcritical.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tctool.exe (echo %windir%\tctool.exe %sFound%>>%systemdrive%\rapport.txt)
if exist teller2.chk (echo %windir%\teller2.chk %sFound%>>%systemdrive%\rapport.txt)
if exist temp.000.exe (echo %windir%\temp.000.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ticads.exe (echo %windir%\ticads.exe %sFound%>>%systemdrive%\rapport.txt)
if exist time.exe (echo %windir%\time.exe %sFound%>>%systemdrive%\rapport.txt)
if exist timessquare.exe (echo %windir%\timessquare.exe %sFound%>>%systemdrive%\rapport.txt)
if exist timessquare1.dat (echo %windir%\timessquare1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %windir%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %windir%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %windir%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %windir%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %windir%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %windir%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tpopup.exe (echo %windir%\tpopup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "true-stories.gif" (echo %windir%\true-stories.gif %sFound%>>%systemdrive%\rapport.txt)
if exist trustinbar.exe (echo %windir%\trustinbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ts.gif (echo %windir%\ts.gif %sFound%>>%systemdrive%\rapport.txt)
if exist ts_header.gif (echo %windir%\ts_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist tse.exe (echo %windir%\tse.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uninstDsk.exe (echo %windir%\uninstDsk.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uninstIU.exe (echo %windir%\uninstIU.exe %sFound%>>%systemdrive%\rapport.txt)
if exist update13.js (echo %windir%\update13.js %sFound%>>%systemdrive%\rapport.txt)
if exist url.exe (echo %windir%\url.exe %sFound%>>%systemdrive%\rapport.txt)
if exist user32.exe (echo %windir%\user32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist users32.exe (echo %windir%\users32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist v.gif (echo %windir%\v.gif %sFound%>>%systemdrive%\rapport.txt)
if exist videoslots.ico (echo %windir%\videoslots.ico %sFound%>>%systemdrive%\rapport.txt)
if exist waol.exe (echo %windir%\waol.exe %sFound%>>%systemdrive%\rapport.txt)
if exist warnhp.html (echo %windir%\warnhp.html %sFound%>>%systemdrive%\rapport.txt)
if exist warning_icon.gif (echo %windir%\warning_icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "warning-bar-ico.gif" (echo %windir%\warning-bar-ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist win_logo.gif (echo %windir%\win_logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "win-sec-center-logo.gif" (echo %windir%\win-sec-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist win32e.exe (echo %windir%\win32e.exe %sFound%>>%systemdrive%\rapport.txt)
if exist win64.exe (echo %windir%\win64.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winajbm.dll (echo %windir%\winajbm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist window.exe (echo %windir%\window.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "windows-compatible.gif" (echo %windir%\windows-compatible.gif %sFound%>>%systemdrive%\rapport.txt)
if exist wininet32.exe (echo %windir%\wininet32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winmgnt.exe (echo %windir%\winmgnt.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysupd.exe (echo %windir%\winsysupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysban.exe (echo %windir%\winsysban.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysban8.exe (echo %windir%\winsysban8.exe %sFound%>>%systemdrive%\rapport.txt)
if exist windows.html (echo %windir%\windows.html %sFound%>>%systemdrive%\rapport.txt)
if exist wupdmgr.exe (echo %windir%\wupdmgr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist x.exe (echo %windir%\x.exe %sFound%>>%systemdrive%\rapport.txt)
if exist x.gif (echo %windir%\x.gif %sFound%>>%systemdrive%\rapport.txt)
if exist xplugin.dll (echo %windir%\xplugin.dll %sFound%>>%systemdrive%\rapport.txt)
if exist xpupdate.exe (echo %windir%\xpupdate.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xxxvideo.hta (echo %windir%\xxxvideo.hta %sFound%>>%systemdrive%\rapport.txt)
if exist y.exe (echo %windir%\y.exe %sFound%>>%systemdrive%\rapport.txt)
if exist yellow_warning_ico.gif (echo %windir%\yellow_warning_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "yes-icon.gif" (echo %windir%\yes-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "yod.htm" (echo %windir%\yod.htm %sFound%>>%systemdrive%\rapport.txt)
if exist zloader3.exe (echo %windir%\zloader3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ZServ.dll (echo %windir%\ZServ.dll %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__popuper.exe (echo %windir%\__delete_on_reboot__popuper.exe %sFound%>>%systemdrive%\rapport.txt)

if exist "%windir%\muwq" echo %windir%\muwq\ %sFound%>>%systemdrive%\rapport.txt

if exist "%windir%\inet20001" echo %windir%\inet20001\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20010" echo %windir%\inet20010\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20066" echo %windir%\inet20066\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20099" echo %windir%\inet20099\ %sFound%>>%systemdrive%\rapport.txt

if exist "%windir%\Tasks\At1.job" echo %windir%\Tasks\At1.job %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\Tasks\At2.job" echo %windir%\Tasks\At2.job %sFound%>>%systemdrive%\rapport.txt

popd






echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\system...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%\system>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%\system

if exist csrss.exe (echo %windir%\system\csrss.exe %sFound%>>%systemdrive%\rapport.txt)
if exist eooyt.exe (echo %windir%\system\eooyt.exe %sFound%>>%systemdrive%\rapport.txt)
if exist processes.txt (echo %windir%\system\processes.txt %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.exe (echo %windir%\system\svchost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.dll (echo %windir%\system\svchost.dll %sFound%>>%systemdrive%\rapport.txt)
if exist svwhost.exe (echo %windir%\system\svwhost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svwhost.dll (echo %windir%\system\svwhost.dll %sFound%>>%systemdrive%\rapport.txt)

popd




echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\Web...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%\Web>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%\Web

if exist desktop.html (echo %windir%\Web\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist wallpaper.html (echo %windir%\Web\wallpaper.html %sFound%>>%systemdrive%\rapport.txt)

popd



echo.>>%systemdrive%\rapport.txt
echo %sSearch% %syspath%...
echo »»»»»»»»»»»»»»»»»»»»»»»» %syspath%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %syspath%

if exist ~update.exe (echo %syspath%\~update.exe %sFound%>>%systemdrive%\rapport.txt)
if exist 0mcamcap.exe (echo %syspath%\0mcamcap.exe %sFound%>>%systemdrive%\rapport.txt)
if exist 977efcdb.exe (echo %syspath%\977efcdb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist a.exe (echo %syspath%\a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ace16win.dll (echo %syspath%\ace16win.dll %sFound%>>%systemdrive%\rapport.txt)
if exist acvgxw.dll (echo %syspath%\acvgxw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adobepnl.dll (echo %syspath%\adobepnl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Air Tickets.ico" (echo %syspath%\Air Tickets.ico %sFound%>>%systemdrive%\rapport.txt)
if exist AdService.dll (echo %syspath%\AdService.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsmart.exe (echo %syspath%\adsmart.exe %sFound%>>%systemdrive%\rapport.txt)
if exist alxres.dll (echo %syspath%\alxres.dll %sFound%>>%systemdrive%\rapport.txt)
if exist anti_troj.exe (echo %syspath%\anti_troj.exe %sFound%>>%systemdrive%\rapport.txt)
if exist appmagr.dll (echo %syspath%\appmagr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist asxbbx.dll (echo %syspath%\asxbbx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist atmclk.exe (echo %syspath%\atmclk.exe %sFound%>>%systemdrive%\rapport.txt)
if exist autodisc32.dll (echo %syspath%\autodisc32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist autosys.exe (echo %syspath%\autosys.exe %sFound%>>%systemdrive%\rapport.txt)
if exist axlet.dll (echo %syspath%\axlet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bhoimpl.dll (echo %syspath%\bhoimpl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bikini.exe (echo %syspath%\bikini.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bin29a.log (echo %syspath%\bin29a.log %sFound%>>%systemdrive%\rapport.txt)
if exist "Big Tits.ico" (echo %syspath%\Big Tits.ico %sFound%>>%systemdrive%\rapport.txt)
if exist birdihuy.dll (echo %syspath%\birdihuy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist birdihuy32.dll (echo %syspath%\birdihuy32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist Blackjack.ico (echo %syspath%\Blackjack.ico %sFound%>>%systemdrive%\rapport.txt)
if exist bnmsrv.exe (echo %syspath%\bnmsrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bolnyz.dll (echo %syspath%\bolnyz.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bre.dll (echo %syspath%\bre.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bre32.dll (echo %syspath%\bre32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bridge.dll (echo %syspath%\bridge.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bpvcou.dll (echo %syspath%\bpvcou.dll %sFound%>>%systemdrive%\rapport.txt)
if exist browsela.dll (echo %syspath%\browsela.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Britney Spears.ico" (echo %syspath%\Britney Spears.ico %sFound%>>%systemdrive%\rapport.txt)
if exist bu.exe (echo %syspath%\bu.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "Car Insurance.ico" (echo %syspath%\Car Insurance.ico %sFound%>>%systemdrive%\rapport.txt)
if exist casino.ico (echo %syspath%\casino.ico %sFound%>>%systemdrive%\rapport.txt)
if exist cfltygd.dll (echo %syspath%\cfltygd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Cheap Cigarettes.ico" (echo %syspath%\Cheap Cigarettes.ico %sFound%>>%systemdrive%\rapport.txt)
if exist child.dll (echo %syspath%\child.dll %sFound%>>%systemdrive%\rapport.txt)
if exist chp.dll (echo %syspath%\chp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist cmd32.exe (echo %syspath%\cmd32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cmdtel.exe (echo %syspath%\cmdtel.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cnymxw32.dll (echo %syspath%\cnymxw32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist combo.exe (echo %syspath%\combo.exe %sFound%>>%systemdrive%\rapport.txt)
if exist comdlg64.dll (echo %syspath%\comdlg64.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ctpmon.exe (echo %syspath%\ctpmon.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "Credit Card.ico" (echo %syspath%\Credit Card.ico %sFound%>>%systemdrive%\rapport.txt)
if exist Cruises.ico (echo %syspath%\Cruises.ico %sFound%>>%systemdrive%\rapport.txt)
if exist cthkpcv.dll (echo %syspath%\cthkpcv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Currency Trading.ico" (echo %syspath%\Currency Trading.ico %sFound%>>%systemdrive%\rapport.txt)
if exist cvnzie.dll (echo %syspath%\cvnzie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist cvxh8jkdq?.exe (echo %syspath%\cvxh8jkdq?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cwgppb.dll (echo %syspath%\cwgppb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist CWS_iestart.exe (echo %syspath%\CWS_iestart.exe %sFound%>>%systemdrive%\rapport.txt)
if exist date.ico (echo %syspath%\date.ico %sFound%>>%systemdrive%\rapport.txt)
if exist dailytoolbar.dll (echo %syspath%\dailytoolbar.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dbqlrij.dll (echo %syspath%\dbqlrij.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_14.dll (echo %syspath%\dcom_14.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_15.dll (echo %syspath%\dcom_15.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_16.dll (echo %syspath%\dcom_16.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_18.dll (echo %syspath%\dcom_18.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_19.dll (echo %syspath%\dcom_19.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_20.dll (echo %syspath%\dcom_20.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcom_21.dll (echo %syspath%\dcom_21.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dcomcfg.exe (echo %syspath%\dcomcfg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dcvwaah.dll (echo %syspath%\dcvwaah.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dial23.exe (echo %syspath%\dial23.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dload.exe (echo %syspath%\dload.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dlh9jkdq?.exe (echo %syspath%\dlh9jkdq?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist doser.exe (echo %syspath%\doser.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfrgsrv.exe (echo %syspath%\dfrgsrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dnefhw.dll (echo %syspath%\dnefhw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dpfwu.dll (echo %syspath%\dpfwu.dll %sFound%>>%systemdrive%\rapport.txt)
if exist duxzj.dll (echo %syspath%\duxzj.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dvdcap.dll (echo %syspath%\dvdcap.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dxole32.exe (echo %syspath%\dxole32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dxmpp.dll (echo %syspath%\dxmpp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist efsdfgxg.exe (echo %syspath%\efsdfgxg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ekvrlfzz.exe (echo %syspath%\ekvrlfzz.exe %sFound%>>%systemdrive%\rapport.txt)
if exist eowygj.dll (echo %syspath%\eowygj.dll %sFound%>>%systemdrive%\rapport.txt)
if exist erxbx.dll (echo %syspath%\erxbx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist exa32.exe (echo %syspath%\exa32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exeha2.exe (echo %syspath%\exeha2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exeha3.exe (echo %syspath%\exeha3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exuc32.tmp (echo %syspath%\exuc32.tmp %sFound%>>%systemdrive%\rapport.txt)
if exist fhmfes.dll (echo %syspath%\fhmfes.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ficqv.dll (echo %syspath%\ficqv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist fjdcy.dll (echo %syspath%\fjdcy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist fmrmhc.dll (echo %syspath%\fmrmhc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist fyhhxw.dll (echo %syspath%\fyhhxw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist games.ico (echo %syspath%\games.ico %sFound%>>%systemdrive%\rapport.txt)
if exist ginuerep.dll (echo %syspath%\ginuerep.dll %sFound%>>%systemdrive%\rapport.txt)
if exist gqagksr.dll (echo %syspath%\gqagksr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist gtpbx.dll (echo %syspath%\gtpbx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist gunist.exe (echo %syspath%\gunist.exe %sFound%>>%systemdrive%\rapport.txt)
if exist guxxa.dll (echo %syspath%\guxxa.dll %sFound%>>%systemdrive%\rapport.txt)
if exist gwquvw.dll (echo %syspath%\gwquvw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist helper.exe (echo %syspath%\helper.exe %sFound%>>%systemdrive%\rapport.txt)
if exist higjxe.dll (echo %syspath%\higjxe.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hjpprpu.dll (echo %syspath%\hjpprpu.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hh
0
Réponse 2 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 20:30
re

ce n'est pas celui-ci :)

Double click sur Smitfraudfix.cmd choisit l’option 1,

refais en un stp

++
0
jimmy
18 févr. 2007 à 20:51
re
Je ne trouve pas l'oprion 1 qd je double click sur smitfraudfix, j'ai dézippé le fichier que tu m'as envoyé et je n'ai qu'un seul fichier qui s'appelle comme ca.

++
0
Réponse 3 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 20:58
re

oui, dans ce fichier decompressé, tu dois avoir Smitfraudfix.cmd

lance le et choisis l'option 1

++
0
jimmy
18 févr. 2007 à 21:04
ben ecoute justement ya pas d option 1 qui apparait quand je double click dessus ca me sors le rapport directement...
donc je pense pas qu il y ai une application dans le rapport vus la taille qu il fait en +
ta une autre solution please ?
0
Réponse 4 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 21:07
bizzar ...

fais les manips de ce lien stp :

virus methode preliminaire de desinfection version fr

++
0
jimmy
18 févr. 2007 à 21:22
Voila ca ne marchait pas alors g redemarré le pc et g executé l'option 1, je te mets le rapport:


SmitFraudFix v2.131

Scan done at 21:19:51,60, 18/02/2007
Run from D:\Documents and Settings\fatima\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\fatima


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\fatima\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\fatima\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


la suite...;-)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
zoefelix
18 févr. 2007 à 21:14
Bonjour, j'ai un problème indentique, de plus le problème se propage à la vitesse d'un cheval au galop si je puis dire....!!!puisuqe je n'ai plus un trjan mais 4 .Je vais de ce pas executer le cmd de smitfraud et te poster le résultat....si tu voulais bien y jeter un coup d'oeil..
Merci beaucoup
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 21:21
Salut

merci ce créer ton propre message, sinon, tous ici, on va s'emmelé les pinceaux ;-)

@+
0
Réponse 6 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 21:25
ouf ! tant mieux ... à un detail près, c'est le bon rapport, mais pas la dernière version, supprime ce que tu as téléchargé, puis retélécharge la dernière version sur le lien que je t'ai mis et poste en un nouveau stp

@+
0
Réponse 7 / 13
jimmy
18 févr. 2007 à 21:29
Voici un autre rapport que g eu en meme temps que l'autre (ca me met copy report), c'est peut etre celui ci dont t'as besoin sinon dis le moi je refais la manip... on va y arriver lol

a+ ;-)


LimeWire version 4.12.6
Java version 1.5.0_10 from Sun Microsystems Inc.
Windows XP v. 5.1 on x86
Free/total memory: 3939176/4128768

com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid update.ver
at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:278)
at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.limegroup.gnutella.gui.Main.main(Main.java:44)

STARTUP ERROR!

-- listing properties --
WINDOW_Y=0
WINDOW_X=0
PORT=9397
TOTAL_CONNECTION_TIME=39683340
UPDATE_DELAY=252000020
UPDATE_GIVEUP_FACTOR=49
FILTER_HASH_QUERIES=true
INSTALLED=true
UI_LIBRARY_TREE_DIVIDER_LOCATION=165
AVERAGE_UPTIME=10057
TOTAL_UPTIME=140806
MIN_CONNECT_TIME=7
CONTENT_AUTHORITIES=fserv1.limewire.com:10000
COUNTRY=
LAST_SHUTDOWN_TIME=1171818705406
APP_WIDTH=1440
SESSIONS=15
UI_LIBRARY_PLAY_LIST_TAB_DIVIDER_LOCATION=735
NECTIONS=2
LANGUAGE=fr
LAST_ACCEPTABLE_BUG_VERSION=4.13.0
FRACTIONAL_UPTIME=0.0022530619
UPDATE_RETRY_DELAY=1800001
CONNECTION_SPEED=350
LAST_EXPIRE_TIME=1170681220812
TOTAL_CONNECTIONS=15
DIRECTORY_FOR_SAVING_FILES=D:\Documents and Settings\fatima\Shared
MAX_DOWNLOAD_BYTES_PER_SEC=541
UPDATE_DOWNLOAD_DELAY=14400001
RUN_ONCE=true
AVERAGE_CONNECTION_TIME=2645556
APP_HEIGHT=866
EVIL_HOSTS=BearShare 5.2
CONTENT_USER_MANAGEMENT_ACTIVE=true
DIRECTORIES_TO_SEARCH_FOR_FILES=C:\WINDOWS\I386\LANG;C:\WINDOWS\Fonts...
MAX_SIM_DOWNLOAD=8
UNSET_FIREWALLED_FROM_CONNECTBACK=true
CLIENT_ID=6EBE5D3535C1265A5C47E339B0329000
CONTENT_MANAGEMENT_ACTIVE=true
FLUSH_DELAY_TIME=25
IDLE_CONNECTIONS=2



FILES IN CURRENT DIRECTORY:
C:\Archivos de programa\limewire\clink.jar
LAST MODIFIED: 1168190365281
SIZE: 307949

C:\Archivos de programa\limewire\commons-httpclient.jar
LAST MODIFIED: 1168190365625
SIZE: 459988

C:\Archivos de programa\limewire\commons-logging.jar
LAST MODIFIED: 1168190365718
SIZE: 59154

C:\Archivos de programa\limewire\commons-net.jar
LAST MODIFIED: 1168190365906
SIZE: 355370

C:\Archivos de programa\limewire\daap.jar
LAST MODIFIED: 1168190366031
SIZE: 388504

C:\Archivos de programa\limewire\GenericWindowsUtils.dll
LAST MODIFIED: 1156261551091
SIZE: 12279

C:\Archivos de programa\limewire\i18n.jar
LAST MODIFIED: 1168190366171
SIZE: 25678

C:\Archivos de programa\limewire\icu4j.jar
LAST MODIFIED: 1168190366328
SIZE: 741440

C:\Archivos de programa\limewire\id3v2.jar
LAST MODIFIED: 1168190366406
SIZE: 94430

C:\Archivos de programa\limewire\jcraft.jar
LAST MODIFIED: 1168190366484
SIZE: 136693

C:\Archivos de programa\limewire\jl011.jar
LAST MODIFIED: 1168190366562
SIZE: 255016

C:\Archivos de programa\limewire\jmdns.jar
LAST MODIFIED: 1168190366609
SIZE: 69306

C:\Archivos de programa\limewire\LimeWire.exe
LAST MODIFIED: 1156261555747
SIZE: 159744

C:\Archivos de programa\limewire\LimeWire.jar
LAST MODIFIED: 1168190363875
SIZE: 7117582

C:\Archivos de programa\limewire\LimeWire20.dll
LAST MODIFIED: 1156261553326
SIZE: 40960

C:\Archivos de programa\limewire\log4j.jar
LAST MODIFIED: 1168190366765
SIZE: 677952

C:\Archivos de programa\limewire\looks.jar
LAST MODIFIED: 1168190366906
SIZE: 630634

C:\Archivos de programa\limewire\MessagesBundles.jar
LAST MODIFIED: 1168190364421
SIZE: 2951044

C:\Archivos de programa\limewire\mp3sp14.jar
LAST MODIFIED: 1168190366968
SIZE: 40064

C:\Archivos de programa\limewire\ProgressTabs.jar
LAST MODIFIED: 1168190365093
SIZE: 5786

C:\Archivos de programa\limewire\themes.jar
LAST MODIFIED: 1168190367062
SIZE: 620179

C:\Archivos de programa\limewire\tritonus.jar
LAST MODIFIED: 1168190367156
SIZE: 152711

C:\Archivos de programa\limewire\vorbis.jar
LAST MODIFIED: 1168190367203
SIZE: 27215

C:\Archivos de programa\limewire\WindowsFirewall.dll
LAST MODIFIED: 1156261553404
SIZE: 61440

C:\Archivos de programa\limewire\WindowsV5PlusUtils.dll
LAST MODIFIED: 1156261553451
SIZE: 12808

C:\Archivos de programa\limewire\xerces.jar
LAST MODIFIED: 1168190367531
SIZE: 2147687

C:\Archivos de programa\limewire\xml-apis.jar
LAST MODIFIED: 1168190367609
SIZE: 207655
0
Réponse 8 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 21:36
manip à refaire avec la dernière version stp ;-))

++
0
Réponse 9 / 13
jimmy
18 févr. 2007 à 21:38
Voila...


SmitFraudFix v2.131

Scan done at 21:37:05,92, 18/02/2007
Run from D:\Documents and Settings\fatima\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\fatima


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\fatima\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\fatima\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 10 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 21:41
oups ! je me suis peut être mal exprimer, le truc c'est que c'est pas la bonne version du fix, celle-ci est depassée... il faudrai le re-télécharger et faire la même manip stp :)

mais pour l'instant, rien de machant dans tes rapports !

++
0
Réponse 11 / 13
zoefelix
18 févr. 2007 à 21:43
ok, désolée, j'ai posté une nouvelle discussion sur mon problème;..bonne quête de solutions
0
Réponse 12 / 13
jimmy
18 févr. 2007 à 21:45
J'espère que cette fois c'est bon...;-)


LimeWire version 4.12.6
Java version 1.5.0_10 from Sun Microsystems Inc.
Windows XP v. 5.1 on x86
Free/total memory: 3939176/4128768

com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid update.ver
at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:278)
at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.limegroup.gnutella.gui.Main.main(Main.java:44)

STARTUP ERROR!

-- listing properties --
WINDOW_Y=0
WINDOW_X=0
PORT=9397
TOTAL_CONNECTION_TIME=39683340
UPDATE_DELAY=252000020
UPDATE_GIVEUP_FACTOR=49
FILTER_HASH_QUERIES=true
INSTALLED=true
UI_LIBRARY_TREE_DIVIDER_LOCATION=165
AVERAGE_UPTIME=10057
TOTAL_UPTIME=140806
MIN_CONNECT_TIME=7
CONTENT_AUTHORITIES=fserv1.limewire.com:10000
COUNTRY=
LAST_SHUTDOWN_TIME=1171818705406
APP_WIDTH=1440
SESSIONS=15
UI_LIBRARY_PLAY_LIST_TAB_DIVIDER_LOCATION=735
NECTIONS=2
LANGUAGE=fr
LAST_ACCEPTABLE_BUG_VERSION=4.13.0
FRACTIONAL_UPTIME=0.0022530619
UPDATE_RETRY_DELAY=1800001
CONNECTION_SPEED=350
LAST_EXPIRE_TIME=1170681220812
TOTAL_CONNECTIONS=15
DIRECTORY_FOR_SAVING_FILES=D:\Documents and Settings\fatima\Shared
MAX_DOWNLOAD_BYTES_PER_SEC=541
UPDATE_DOWNLOAD_DELAY=14400001
RUN_ONCE=true
AVERAGE_CONNECTION_TIME=2645556
APP_HEIGHT=866
EVIL_HOSTS=BearShare 5.2
CONTENT_USER_MANAGEMENT_ACTIVE=true
DIRECTORIES_TO_SEARCH_FOR_FILES=C:\WINDOWS\I386\LANG;C:\WINDOWS\Fonts...
MAX_SIM_DOWNLOAD=8
UNSET_FIREWALLED_FROM_CONNECTBACK=true
CLIENT_ID=6EBE5D3535C1265A5C47E339B0329000
CONTENT_MANAGEMENT_ACTIVE=true
FLUSH_DELAY_TIME=25
IDLE_CONNECTIONS=2



FILES IN CURRENT DIRECTORY:
C:\Archivos de programa\limewire\clink.jar
LAST MODIFIED: 1168190365281
SIZE: 307949

C:\Archivos de programa\limewire\commons-httpclient.jar
LAST MODIFIED: 1168190365625
SIZE: 459988

C:\Archivos de programa\limewire\commons-logging.jar
LAST MODIFIED: 1168190365718
SIZE: 59154

C:\Archivos de programa\limewire\commons-net.jar
LAST MODIFIED: 1168190365906
SIZE: 355370

C:\Archivos de programa\limewire\daap.jar
LAST MODIFIED: 1168190366031
SIZE: 388504

C:\Archivos de programa\limewire\GenericWindowsUtils.dll
LAST MODIFIED: 1156261551091
SIZE: 12279

C:\Archivos de programa\limewire\i18n.jar
LAST MODIFIED: 1168190366171
SIZE: 25678

C:\Archivos de programa\limewire\icu4j.jar
LAST MODIFIED: 1168190366328
SIZE: 741440

C:\Archivos de programa\limewire\id3v2.jar
LAST MODIFIED: 1168190366406
SIZE: 94430

C:\Archivos de programa\limewire\jcraft.jar
LAST MODIFIED: 1168190366484
SIZE: 136693

C:\Archivos de programa\limewire\jl011.jar
LAST MODIFIED: 1168190366562
SIZE: 255016

C:\Archivos de programa\limewire\jmdns.jar
LAST MODIFIED: 1168190366609
SIZE: 69306

C:\Archivos de programa\limewire\LimeWire.exe
LAST MODIFIED: 1156261555747
SIZE: 159744

C:\Archivos de programa\limewire\LimeWire.jar
LAST MODIFIED: 1168190363875
SIZE: 7117582

C:\Archivos de programa\limewire\LimeWire20.dll
LAST MODIFIED: 1156261553326
SIZE: 40960

C:\Archivos de programa\limewire\log4j.jar
LAST MODIFIED: 1168190366765
SIZE: 677952

C:\Archivos de programa\limewire\looks.jar
LAST MODIFIED: 1168190366906
SIZE: 630634

C:\Archivos de programa\limewire\MessagesBundles.jar
LAST MODIFIED: 1168190364421
SIZE: 2951044

C:\Archivos de programa\limewire\mp3sp14.jar
LAST MODIFIED: 1168190366968
SIZE: 40064

C:\Archivos de programa\limewire\ProgressTabs.jar
LAST MODIFIED: 1168190365093
SIZE: 5786

C:\Archivos de programa\limewire\themes.jar
LAST MODIFIED: 1168190367062
SIZE: 620179

C:\Archivos de programa\limewire\tritonus.jar
LAST MODIFIED: 1168190367156
SIZE: 152711

C:\Archivos de programa\limewire\vorbis.jar
LAST MODIFIED: 1168190367203
SIZE: 27215

C:\Archivos de programa\limewire\WindowsFirewall.dll
LAST MODIFIED: 1156261553404
SIZE: 61440

C:\Archivos de programa\limewire\WindowsV5PlusUtils.dll
LAST MODIFIED: 1156261553451
SIZE: 12808

C:\Archivos de programa\limewire\xerces.jar
LAST MODIFIED: 1168190367531
SIZE: 2147687

C:\Archivos de programa\limewire\xml-apis.jar
LAST MODIFIED: 1168190367609
SIZE: 207655
0
Réponse 13 / 13
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
18 févr. 2007 à 21:50
non :)))

il faut re-télécharge smitfraud et refaire la manip initiale, courage, tu y es presque !



0

Discussions similaires

Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
Présence ou non de cheval de troie ?
hunter55 -
Malekal_morte- -

14 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
windows defender cheval de troie
dplonguet -
Faarid.31 -

3 réponses