Sujet Précédent Sujet Suivant

Virus Internet

Résolu
Lise -  
 Utilisateur anonyme -
Bonjour

J'ai un pb quand je fais une recherche internet, je suis tjs envoyé sur une page de pub.
J'ai spyce bot, mac affee. Je viens de passer adware et voici ci dessous le rapport. Merci de me dire ce que je dois faire.

Merci de m'aider

+ Créé à: 19:26:04 29/05/2007

+ Résultat de l'analyse:

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP131\A0032815.exe -> Adware.Fakealert : Ignoré.
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe -> Adware.WinFixer : Ignoré.
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe -> Adware.WinFixer : Ignoré.
[2912] C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe -> Adware.WinFixer : Ignoré.
[2940] C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe -> Adware.WinFixer : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\cmarinelli\Cookies\cmarinelli@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.

Fin du rapport
A voir également:

30 réponses

Précédent
  • 1
  • 2
Réponse 21 / 30
Utilisateur anonyme
 
LOL...
je reprends le texte de ma page....
https://leblogdeclaude.blogspot.com/2007/04/informatique-procdure-smitfraud.html
----------------------------------------------------------------------

Download du programme----Télécharger ici (tu la fais je suppose ?)
Vous obtenez un fichier archive Smitfraudfix.zip
(Double clic sur ce fichier...Izarc l'ouvre et te demande où tu veux le décompresser.....choisis le bureau, pour ne pas chercher après ....!!!)
Dezipper (décompresser) la totalité de l'archive Smitfraudfix.zip dans un nouveau dossier que vous nommez----(clic droit sur le bureau/nouveau dossier)
Smitfraud
Pour dézipper utilisez Izarc par exemple (freeware)
Dans ce dossier, une fois qu'il est décompressé,
Double cliquer sur Smitfraudfix.cmd
-1
lise
 
J ai bien téléchargé et j'obtiens le fichier Smitfraudfix.zip et que je double clic, Izarc l'ouvre mais ne me demande rien.....là est mon souci...rire
0
Réponse 22 / 30
Utilisateur anonyme
 
là...va falloir te donner de la peine !
regardes ici:
https://www.01net.com/actualites/
-1
Lise
 
Bonjour

Merci de ne pas me laisser tomber...mais je ne comprends pas l'astuce malgré une lecture attentive
j ai bien tout téléchargé et je suis à la page où j'ai smitfraudfix en smitfraudcmd mais l'écran qui s'ouvre me demande d'appuyer sur une touche pour continuer et après, l'écran disparaît....je n'arrive pas à avoir ce qui apparaît sur ton blog...
je saisis pas où est le pb...
merci de m'aider
0
Réponse 23 / 30
Utilisateur anonyme
 
ok,
passe ta machine en mode sans échec.
fais ceci:
https://leblogdeclaude.blogspot.com/2007/04/informatique-rebooter-xp-en-mode-sans.html
ensuite reclic sur Smitfraud.cmd
choisis l'option 1 et colles-moi le log.
-1
lise
 
j ai éteint l'ordinateur et j'ai redemarré mais je n'ai pas ce qui est écrit sur le blob
que je fasse mise en veille ou démarrer...j'arrive toujours la page windows et ensuite c'est le poste de travail qui s'affiche avec les différentes icônes et donc je ne sais pas passer en mode échec...
que faire svp ?
merci vraiment bcp
0
Réponse 24 / 30
Utilisateur anonyme
 
en mode normal....
clic sur Smitfraud.cmd
postes le rapport.
-1
lise
 
voilà; j'espère que c'est bien fait. Merci


@ECHO OFF


REM Smitfraud Fix by S!Ri
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip

REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
REM and all the ones I forgot who submit files, analyses, help users...
REM Miekiemoes' Shudder key fix added.
REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
REM Reboot.exe by Shadowar/Option^Explicit added.
REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
REM unzip.exe - info-zip (http://www.info-zip.org)
REM SmiUpdate.exe - Sebdraluorg

set fixname=SmitFraudFix
set fixvers=v2.189

VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 5.2.3790">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO Win
if %OS%==Windows_NT goto NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit

:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit

:NT
set DoReboot=0
set DoRestart=0
set syspath=%windir%\system32

echo Option Explicit>GetPaths.vbs
echo.>>GetPaths.vbs
echo Dim Shell>>GetPaths.vbs
echo Dim KeyPath>>GetPaths.vbs
echo Dim ObjFileSystem>>GetPaths.vbs
echo Dim ObjOutputFile>>GetPaths.vbs
echo Dim ObjRegExp>>GetPaths.vbs
echo Dim File>>GetPaths.vbs
echo Dim TmpVar>>GetPaths.vbs
echo Dim Var>>GetPaths.vbs
echo Dim Accent>>GetPaths.vbs

echo.>>GetPaths.vbs
echo KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo File = "SetPaths.bat">>GetPaths.vbs
echo.>>GetPaths.vbs
echo Set Shell = WScript.CreateObject("WScript.Shell")>>GetPaths.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>GetPaths.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>GetPaths.vbs
echo Set ObjRegExp = New RegExp>>GetPaths.vbs
echo.>>GetPaths.vbs

echo Function ShortFileName(Path)>>GetPaths.vbs
echo Dim f>>GetPaths.vbs
echo Set f = ObjFileSystem.GetFolder(Path)>>GetPaths.vbs
echo ShortFileName = f.ShortPath>>GetPaths.vbs
echo End Function>>GetPaths.vbs

echo Function Accents(Str)>>GetPaths.vbs
echo ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]">>GetPaths.vbs
echo ObjRegExp.IgnoreCase = True>>GetPaths.vbs
echo ObjRegExp.Global = True>>GetPaths.vbs
echo Accents = ObjRegExp.Replace(Str, "?")>>GetPaths.vbs
echo End Function>>GetPaths.vbs

echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set desktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set favorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set startup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs

echo KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set audesktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set aufavorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set austartup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo ObjOutputFile.Close>>GetPaths.vbs
echo Set objFileSystem = Nothing>>GetPaths.vbs
echo Set Shell = Nothing>>GetPaths.vbs
echo Set ObjRegExp = nothing>>GetPaths.vbs
echo.>>GetPaths.vbs
cscript //I //nologo GetPaths.vbs
del GetPaths.vbs
Call SetPaths.bat
del SetPaths.bat



if exist "%userprofile%\Bureau" (
set lang=fra
) else (
set lang=int
)

goto test

:test
if not exist Process.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Process.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Process.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swreg.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swreg.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swreg.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swsc.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swsc.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swsc.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist SrchSTS.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SrchSTS.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SrchSTS.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist Reboot.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Reboot.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Reboot.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist restart.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier restart.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo restart.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist GenericRenosFix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier GenericRenosFix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo GenericRenosFix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist dumphive.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier dumphive.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo dumphive.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist unzip.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier unzip.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo unzip.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist SmiUpdate.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SmiUpdate.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SmiUpdate.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if not exist swxcacls.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swxcacls.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swxcacls.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)

if exist Update.cmd del Update.cmd
if not exist %syspath%\Process.exe copy Process.exe %syspath%\Process.exe >NUL
if not exist %syspath%\swreg.exe copy swreg.exe %syspath%\swreg.exe >NUL
if not exist %syspath%\swsc.exe copy swsc.exe %syspath%\swsc.exe >NUL
if not exist %syspath%\SrchSTS.exe copy SrchSTS.exe %syspath%\SrchSTS.exe >NUL
if not exist %syspath%\dumphive.exe copy dumphive.exe %syspath%\dumphive.exe >NUL
if not exist %syspath%\swxcacls.exe copy swxcacls.exe %syspath%\swxcacls.exe >NUL

if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt
chkntfs %systemdrive% | find /V "%systemdrive%">tmp.txt
type tmp.txt | find /i "NTFS">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=NTFS
if exist tmp3.txt del tmp3.txt
type tmp.txt | find /i "FAT32">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=FAT32
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt

goto notice

:notice
color 17
cls
if %lang%==fra (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger n'est pas affili^‚ avec SmitfraudFix!
echo.
echo Cet outil a ^‚t^‚ cr^‚^‚ par S!Ri pour une utilisation GRATUITE.
echo Des dons seront accept^‚s par S!Ri, uniquement sur son site Web principal
echo N'importe qui d'autre essayant d'en tirer profit
echo ou qui sollicite de l'argent est impliqu^‚ dans une fraude.
echo.
echo.
echo Appuyez sur une touche pour continuer...
echo.
) else (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger is NOT involved with Smitfraudfix in any way!
echo.
echo This tool was created by S!Ri, and is available for FREE.
echo Voluntary donations will be accepted by S!Ri, at his main website only.
echo Anyone, other than the creator, trying to make a profit
echo or solicit money from its use would be involved in fraudulent activity.
echo.
echo.
echo Press a key to continue...
echo.
)
pause>NUL
goto menu

:menu
color 17
cls

if %lang%==fra (
set sChoice=Entrez votre choix
set sScanDate=Rapport fait à
set sRunFrom=Executé à partir de
set sFSType=Le type du système de fichiers est
set SafeMWarn=Fix executé en mode normal
set SafeMDisp=Fix executé en mode sans echec
set sSearch=Recherche
set sFound=PRESENT !
set sDel=supprimé
set sInfect=infecté !
set sInfect2=infect^‚ !
set KDMess=détecté !
set sHOSTS=Fichier hosts corrompu !
set RKScan=utilisez un scanner de Rootkit
set xpdtMess=xpdt détecté, utilisez un scanner de Rootkit
set pe386Mess=pe386 détecté, utilisez un scanner de Rootkit
set lzx32Mess=lzx32 détecté, utilisez un scanner de Rootkit
set huy32Mess=huy32 détecté, utilisez un scanner de Rootkit
set msguardMess=msguard détecté, utilisez un scanner de Rootkit
set DNSHJ=Votre ordinateur est certainement victime d'un détournement de DNS
set CleanDNS=Voules vous reconfigurer votre réseau avec des IP dynamiques -DHCP- ?
set CancelDNS=Configuration annulée. Vérifiez les paramètres de votre réseau.
set sWiniSearch=Recherche wininet.dll de remplacement
set sEnd=Fin
set sProcess=Arret des processus
set sError=Problème suppression
set sNotFound=non trouvé
set sTempFolder=Suppression Fichiers Temporaires
set sRegCleanQ=Voulez-vous nettoyer le registre ? ^(o/n^)
set sRegClean=Nettoyage du registre
set sWininetQ=Corriger le fichier infect^‚ ? ^(o/n^)
set sTrustQ=R^‚initialiser la liste des sites de confiance et sensibles ? ^(o/n^)
set sTrustBackUp=Copie de sauvegarde
set sTrustDone=Sites de confiance et sensibles effac^‚s.
set sTrustError=*** Erreur : zone.reg non trouv^‚ ***


echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Recherche
echo 2. Nettoyage ^( mode sans echec recommand^‚ ^)
echo 3. Effacer les sites de confiance et sensibles
echo 4. V^‚rifier les Mises ^… jour
echo 5. Recherche et suppression d^‚tournement DNS
echo L. Langue Anglaise
echo Q. Quitter
echo.
echo.
echo Fermez tous les programmes
echo un red^‚marrage peut-^ˆtre n^‚cessaire
echo.
echo.
echo.
) else (
set sChoice=Enter your choice
set sScanDate=Scan done at
set sRunFrom=Run from
set sFSType=The filesystem type is
set SafeMWarn=Fix run in normal mode
set SafeMDisp=Fix run in safe mode
set sSearch=Scanning
set sFound=FOUND !
set sDel=Deleted
set sInfect=infected !
set sInfect2=infected !
set KDMess=detected !
set sHOSTS=hosts file corrupted !
set RKScan=use a Rootkit scanner
set xpdtMess=xpdt detected, use a Rootkit scanner
set pe386Mess=pe386 detected, use a Rootkit scanner
set lzx32Mess=lzx32 detected, use a Rootkit scanner
set huy32Mess=huy32 detected, use a Rootkit scanner
set msguardMess=msguard detected, use a Rootkit scanner
set DNSHJ=Your computer may be victim of a DNS Hijack
set CleanDNS=Do you want to set your network to dynamic -DHCP- Server ?
set CancelDNS=Configuration canceled. Check your network settings.
set sWiniSearch=Scanning for wininet.dll backup
set sEnd=End
set sProcess=Killing process
set sError=Problem while deleting
set sNotFound=not found
set sTempFolder=Deleting Temp Files
set sRegCleanQ=Do you want to clean the registry ? ^(y/n^)
set sRegClean=Registry Cleaning
set sWininetQ=Replace infected file ? ^(y/n^)
set sTrustQ=Restore Trusted Zone ? ^(y/n^)
set sTrustBackUp=Saving BackUp
set sTrustDone=Trusted Zone deleted.
set sTrustError=*** Error : zone.reg not found ***

echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Search
echo 2. Clean ^(safe mode recommended^)
echo 3. Delete Trusted zone
echo 4. Check for updates
echo 5. Search and clean DNS Hijack
echo L. French Language
echo Q. Quit
echo.
echo.
echo Close all applications
echo Computer may reboot
echo.
echo.
echo.
)
set ChoixMenu=''
set /p ChoixMenu=%sChoice% (1,2,3,4,5,L,Q) :
if '%ChoixMenu%'=='l' GOTO SwappL
if '%ChoixMenu%'=='L' GOTO SwappL
if '%ChoixMenu%'=='q' GOTO exit
if '%ChoixMenu%'=='Q' GOTO exit
if '%ChoixMenu%'=='1' GOTO search
if '%ChoixMenu%'=='2' GOTO fix
if '%ChoixMenu%'=='3' GOTO zonefix
if '%ChoixMenu%'=='4' GOTO update
if '%ChoixMenu%'=='5' GOTO DNSSearchFix
goto menu

:SwappL
if '%lang%'=='fra' (
set lang=int
) else (
set lang=fra
)
goto notice


:search
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>%systemdrive%\rapport.txt
echo.
echo.>>%systemdrive%\rapport.txt
echo %sScanDate% %time%, %date%>>%systemdrive%\rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo %sRunFrom% %CurDir%>>%systemdrive%\rapport.txt
IF ERRORLEVEL 1 (
echo %sRunFrom% >>%systemdrive%\rapport.txt
cd >>%systemdrive%\rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version% - %OS%>>%systemdrive%\rapport.txt
echo %sFSType% %FSType%>>%systemdrive%\rapport.txt
if not defined safeboot_option echo %SafeMWarn%>>%systemdrive%\rapport.txt
if defined safeboot_option echo %SafeMDisp%>>%systemdrive%\rapport.txt




echo.>>%systemdrive%\rapport.txt
echo %sSearch% Process...
echo »»»»»»»»»»»»»»»»»»»»»»»» Process>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



echo Option Explicit>ProcessList.vbs
echo.>>ProcessList.vbs
echo Dim File>>ProcessList.vbs
echo Dim ObjFileSystem>>ProcessList.vbs
echo Dim ObjOutputFile>>ProcessList.vbs
echo Dim objWMIService>>ProcessList.vbs
echo Dim oproc>>ProcessList.vbs
echo Dim Var>>ProcessList.vbs
echo.>>ProcessList.vbs
echo File = "Process.txt">>ProcessList.vbs
echo.>>ProcessList.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>ProcessList.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>ProcessList.vbs
echo.>>ProcessList.vbs
echo Set objWMIService = GetObject("winmgmts:\root\cimv2")>>ProcessList.vbs
echo Set oproc = objWMIService.ExecQuery("Select * from Win32_Process",,48)>>ProcessList.vbs
echo.>>ProcessList.vbs
echo For Each oproc In oproc>>ProcessList.vbs
echo Var = oproc.ExecutablePath>>ProcessList.vbs
echo if Var ^<^> "" then>>ProcessList.vbs
echo ObjOutputFile.WriteLine(Var)>>ProcessList.vbs
echo End If>>ProcessList.vbs
echo Next>>ProcessList.vbs
echo.>>ProcessList.vbs
echo ObjOutputFile.Close>>ProcessList.vbs
echo Set objFileSystem = Nothing>>ProcessList.vbs
echo Set oproc = Nothing>>ProcessList.vbs
echo Set objWMIService = Nothing>>ProcessList.vbs
echo.>>ProcessList.vbs
cscript //I //nologo ProcessList.vbs
del ProcessList.vbs
type Process.txt | find /v "cscript.exe" >>%systemdrive%\rapport.txt
del Process.txt









echo.>>%systemdrive%\rapport.txt
echo %sSearch% hosts...
echo »»»»»»»»»»»»»»»»»»»»»»»» hosts>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt





if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt








type %syspath%\drivers\etc\hosts | find /i "arovax.com">tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bleepingcomputer.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "boskak.za.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bullguard.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "castlecops.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "compu-docs.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "computing.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "dell.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "depannetonpc.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "digitaltrends.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "ewido.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "geekstogo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "greyknight17.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "idg.pl">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "infos-du-net.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "innovative-sol.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lavasoftsupport.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lockergnome.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "majorgeeks.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "microsoft.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "mytechsupport.ca">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "pandasoftware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "prevx.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "siri.urz.free.fr">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spybot.info">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "stevengould.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "sunbelt-software.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.dk">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "superantispyware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techguy.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techsupportforum.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "tomcoyote.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "wilderssecurity.com">>tmp.txt

for /f "tokens=* delims=" %%a in (tmp.txt) do echo %%a>tmp2.txt
if exist tmp2.txt goto ScanHosts_Found
goto ScanHosts_End

:ScanHosts_Found
echo %sHOSTS%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
type tmp.txt>>%systemdrive%\rapport.txt

:ScanHosts_End
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt






echo.>>%systemdrive%\rapport.txt
echo %sSearch% %HOMEDRIVE%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %HOMEDRIVE%\>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %HOMEDRIVE%\

if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe %sFound%>>%systemdrive%\rapport.txt)
if exist config.sy_ (echo %HOMEDRIVE%\config.sy_ %sFound%>>%systemdrive%\rapport.txt)
if exist contextplus.exe (echo %HOMEDRIVE%\contextplus.exe %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %HOMEDRIVE%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %HOMEDRIVE%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr.exe (echo %HOMEDRIVE%\dfndr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndra.exe (echo %HOMEDRIVE%\dfndra.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr?_?.exe (echo %HOMEDRIVE%\dfndr?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload?.exe (echo %HOMEDRIVE%\drsmartload?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload??.exe (echo %HOMEDRIVE%\drsmartload??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload???.exe (echo %HOMEDRIVE%\drsmartload???.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload????.exe (echo %HOMEDRIVE%\drsmartload????.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ecsiin.stub.exe (echo %HOMEDRIVE%\ecsiin.stub.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exit (echo %HOMEDRIVE%\exit %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys.exe (echo %HOMEDRIVE%\gimmysmileys.exe %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys?.exe (echo %HOMEDRIVE%\gimmysmileys?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %HOMEDRIVE%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %HOMEDRIVE%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %HOMEDRIVE%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %HOMEDRIVE%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd.exe (echo %HOMEDRIVE%\kybrd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd_?.exe (echo %HOMEDRIVE%\kybrd_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd?_?.exe (echo %HOMEDRIVE%\kybrd?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %HOMEDRIVE%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %HOMEDRIVE%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %HOMEDRIVE%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %HOMEDRIVE%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist MTE3NDI6ODoxNg.exe (echo %HOMEDRIVE%\MTE3NDI6ODoxNg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm.exe (echo %HOMEDRIVE%\nwnm.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm_?.exe (echo %HOMEDRIVE%\nwnm_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm?_?.exe (echo %HOMEDRIVE%\nwnm?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %HOMEDRIVE%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %HOMEDRIVE%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntps.exe (echo %HOMEDRIVE%\ntps.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntnc.exe (echo %HOMEDRIVE%\ntnc.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %HOMEDRIVE%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist r.exe (echo %HOMEDRIVE%\r.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %HOMEDRIVE%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist stub_113_4_0_4_0.exe (echo %HOMEDRIVE%\stub_113_4_0_4_0.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %HOMEDRIVE%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %HOMEDRIVE%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %HOMEDRIVE%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %HOMEDRIVE%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %HOMEDRIVE%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %HOMEDRIVE%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uniq (echo %HOMEDRIVE%\uniq %sFound%>>%systemdrive%\rapport.txt)
if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe %sFound%>>%systemdrive%\rapport.txt)
if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist wp.exe (echo %HOMEDRIVE%\wp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xxx.exe (echo %HOMEDRIVE%\xxx.exe %sFound%>>%systemdrive%\rapport.txt)

if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ %sFound%>>%systemdrive%\rapport.txt

popd



echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%

if exist ".protected" (echo %windir%\.protected %sFound%>>%systemdrive%\rapport.txt)
if exist aapfr.exe (echo %windir%\aapfr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist accesss.exe (echo %windir%\accesss.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ads.js (echo %windir%\ads.js %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbc.dll (echo %windir%\adsldpbc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbd.dll (echo %windir%\adsldpbd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbe.dll (echo %windir%\adsldpbe.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbf.dll (echo %windir%\adsldpbf.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbj.dll (echo %windir%\adsldpbj.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2005.exe (echo %windir%\adtech2005.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2006a.exe (echo %windir%\adtech2006a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adw.htm (echo %windir%\adw.htm %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-box.gif" (echo %windir%\adware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-header.gif" (echo %windir%\adware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist alexaie.dll (echo %windir%\alexaie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxie328.dll (echo %windir%\alxie328.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxtb1.dll (echo %windir%\alxtb1.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "antispylab-logo.gif" (echo %windir%\antispylab-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bg.gif (echo %windir%\about_spyware_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bottom.gif (echo %windir%\about_spyware_bottom.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as.gif (echo %windir%\as.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as_header.gif (echo %windir%\as_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist astctl32.ocx (echo %windir%\astctl32.ocx %sFound%>>%systemdrive%\rapport.txt)
if exist avpcc.dll (echo %windir%\avpcc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist azesearch.bmp (echo %windir%\azesearch.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist back.gif (echo %windir%\back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bandserv.dll (echo %windir%\bandserv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist batserv2.exe (echo %windir%\batserv2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bg.gif (echo %windir%\bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bg_bg.gif (echo %windir%\bg_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist big_red_x.gif (echo %windir%\big_red_x.gif %sFound%>>%systemdrive%\rapport.txt)
if exist blank.mht (echo %windir%\blank.mht %sFound%>>%systemdrive%\rapport.txt)
if exist "blue-bg.gif" (echo %windir%\blue-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_1.gif (echo %windir%\box_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_2.gif (echo %windir%\box_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_3.gif (echo %windir%\box_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist browsers.dll (echo %windir%\browsers.dll %sFound%>>%systemdrive%\rapport.txt)
if exist BTGrab.dll (echo %windir%\BTGrab.dll %sFound%>>%systemdrive%\rapport.txt)
if exist button_buynow.gif (echo %windir%\button_buynow.gif %sFound%>>%systemdrive%\rapport.txt)
if exist button_freescan.gif (echo %windir%\button_freescan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy.gif (echo %windir%\buy.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy_now.gif (echo %windir%\buy_now.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "buy-now-btn.gif" (echo %windir%\buy-now-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bxproxy.exe (echo %windir%\bxproxy.exe %sFound%>>%systemdrive%\rapport.txt)
if exist click_for_free_scan.gif (echo %windir%\click_for_free_scan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist close_ico.gif (echo %windir%\close_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "close-bar.gif" (echo %windir%\close-bar.gif %sFound%>>%systemdrive%\rapport.txt)
if exist clrssn.exe (echo %windir%\clrssn.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-left.gif" (echo %windir%\corner-left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-right.gif" (echo %windir%\corner-right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %windir%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cpan.dll (echo %windir%\cpan.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3dn32.exe (echo %windir%\d3dn32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist d3??.dll (echo %windir%\d3??.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3pb.exe (echo %windir%\d3pb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %windir%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist desktop.html (echo %windir%\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist dialup.exe (echo %windir%\dialup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dxdiag.dll (echo %windir%\dxdiag.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dlmax.dll (echo %windir%\dlmax.dll %sFound%>>%systemdrive%\rapport.txt)
if exist download.gif (echo %windir%\download.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_box.gif (echo %windir%\download_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_product.gif (echo %windir%\download_product.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "download-btn.gif" (echo %windir%\download-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist dr.exe (echo %windir%\dr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload.dat (echo %windir%\drsmartload.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload2.dat (echo %windir%\drsmartload2.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload95a.exe (echo %windir%\drsmartload95a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartloadb1.dat (echo %windir%\drsmartloadb1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist "facts.gif" (echo %windir%\facts.gif %sFound%>>%systemdrive%\rapport.txt)
if exist features.gif (echo %windir%\features.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "footer.gif" (echo %windir%\footer.giff %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.gif (echo %windir%\footer_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.jpg (echo %windir%\footer_back.jpg %sFound%>>%systemdrive%\rapport.txt)
if exist free_scan_red_btn.gif (echo %windir%\free_scan_red_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "free-scan-btn.gif" (echo %windir%\free-scan-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist gimmygames.dat (echo %windir%\gimmygames.dat %sFound%>>%systemdrive%\rapport.txt)
if exist "h-line-gradient.gif" (echo %windir%\h-line-gradient.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_1.gif (echo %windir%\header_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_2.gif (echo %windir%\header_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_3.gif (echo %windir%\header_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_4.gif (echo %windir%\header_4.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "header-bg.gif" (echo %windir%\header-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist icon_warning_big.gif (echo %windir%\icon_warning_big.gif %sFound%>>%systemdrive%\rapport.txt)
if exist icont.exe (echo %windir%\icont.exe %sFound%>>%systemdrive%\rapport.txt)
if exist iebrowser.dll (echo %windir%\iebrowser.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iecontext.dll (echo %windir%\iecontext.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedebug.dll (echo %windir%\iedebug.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedns.dll (echo %windir%\iedns.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedrives.dll (echo %windir%\iedrives.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedrv.exe (echo %windir%\iedrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist iedrvctrl.exe (echo %windir%\iedrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ielocales.dll (echo %windir%\ielocales.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieproxy.dll (echo %windir%\ieproxy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iereport.dll (echo %windir%\iereport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iesettings.dll (echo %windir%\iesettings.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iesupport.dll (echo %windir%\iesupport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iexploree.dll (echo %windir%\iexploree.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iexplorer.exe (echo %windir%\iexplorer.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.dll (echo %windir%\ieyi.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.exe (echo %windir%\ieyi.exe %sFound%>>%systemdrive%\rapport.txt)
if exist inetdctr.dll (echo %windir%\inetdctr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist inetloader.dll (echo %windir%\inetloader.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "infected.gif" (echo %windir%\infected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist infected_top_bg.gif (echo %windir%\infected_top_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "info.gif" (echo %windir%\info.gif %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %windir%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %windir%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard1.dat (echo %windir%\keyboard1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %windir%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl.exe (echo %windir%\kl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %windir%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %windir%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loadadv728.exe (echo %windir%\loadadv728.exe %sFound%>>%systemdrive%\rapport.txt)
if exist local.html (echo %windir%\local.html %sFound%>>%systemdrive%\rapport.txt)
if exist logo.gif (echo %windir%\logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist main_back.gif (echo %windir%\main_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist main_uninstaller.exe (echo %windir%\main_uninstaller.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %windir%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %windir%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %windir%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msdn.dll (echo %windir%\msdn.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdns.dll (echo %windir%\msdns.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdn32.dll (echo %windir%\msdn32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdrv.exe (echo %windir%\msdrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msdrvctrl.exe (echo %windir%\msdrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msie.dll (echo %windir%\msie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mslog.exe (echo %windir%\mslog.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mssmart.dll (echo %windir%\mssmart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mtwirl32.dll (echo %windir%\mtwirl32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mxd.exe (echo %windir%\mxd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_bg.gif (echo %windir%\navibar_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_left.gif (echo %windir%\navibar_corner_left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_right.gif (echo %windir%\navibar_corner_right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist newname.dat (echo %windir%\newname.dat %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %windir%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %windir%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %windir%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "no-icon.gif" (echo %windir%\no-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist notepad.com (echo %windir%\notepad.com %sFound%>>%systemdrive%\rapport.txt)
if exist notepad32.exe (echo %windir%\notepad32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist onlineshopping.ico (echo %windir%\onlineshopping.ico %sFound%>>%systemdrive%\rapport.txt)
if exist olehelp.exe (echo %windir%\olehelp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist osaupd.exe (echo %windir%\osaupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ossmart.dll (echo %windir%\ossmart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist policies.dll (echo %windir%\policies.dll %sFound%>>%systemdrive%\rapport.txt)
if exist policyverifier.exe (echo %windir%\policyverifier.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pop06ap2.exe (echo %windir%\pop06ap2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist popuper.exe (echo %windir%\popuper.exe %sFound%>>%systemdrive%\rapport.txt)
if exist privacy_danger (echo %windir%\privacy_danger %sFound%>>%systemdrive%\rapport.txt)
if exist processes.txt (echo %windir%\processes.txt %sFound%>>%systemdrive%\rapport.txt)
if exist product_box.gif (echo %windir%\product_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist psg.exe (echo %windir%\psg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pssms.dll (echo %windir%\pssms.dll %sFound%>>%systemdrive%\rapport.txt)
if exist Pynix.dll (echo %windir%\Pynix.dll %sFound%>>%systemdrive%\rapport.txt)
if exist q*_disk.dll (echo %windir%\q*_disk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist red_warning_ico.gif (echo %windir%\red_warning_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-box.gif" (echo %windir%\reg-freeze-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-header.gif" (echo %windir%\reg-freeze-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist remove_spyware_header.gif (echo %windir%\remove_spyware_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "remove-spyware-btn.gif" (echo %windir%\remove-spyware-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist removeadware.ico (echo %windir%\removeadware.ico %sFound%>>%systemdrive%\rapport.txt)
if exist rf.gif (echo %windir%\rf.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rf_header.gif (echo %windir%\rf_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rzs.exe (echo %windir%\rzs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist runwin32.exe (echo %windir%\runwin32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachostx.exe (echo %windir%\sachostx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist safe_and_trusted.gif (echo %windir%\safe_and_trusted.gif %sFound%>>%systemdrive%\rapport.txt)
if exist scan_btn.gif (echo %windir%\scan_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist screen.html (echo %windir%\screen.html %sFound%>>%systemdrive%\rapport.txt)
if exist se_spoof.dll (echo %windir%\se_spoof.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sec.exe (echo %windir%\sec.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-bg.gif" (echo %windir%\security-center-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-logo.gif" (echo %windir%\security-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist security_center_caption.gif (echo %windir%\security_center_caption.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_hor.gif (echo %windir%\sep_hor.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_vert.gif (echo %windir%\sep_vert.gif %sFound%>>%systemdrive%\rapport.txt)
if exist service.dll (echo %windir%\service.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sexpersonals.ico (echo %windir%\sexpersonals.ico %sFound%>>%systemdrive%\rapport.txt)
if exist sdkcb.dll (echo %windir%\sdkcb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sdkqq.exe (echo %windir%\sdkqq.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %windir%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist sites.ini (echo %windir%\sites.ini %sFound%>>%systemdrive%\rapport.txt)
if exist slassac.dll (echo %windir%\slassac.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spp3.dll (echo %windir%\spp3.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spacer.gif (echo %windir%\spacer.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spacer.gif'" (echo %windir%\spacer.gif' %sFound%>>%systemdrive%\rapport.txt)
if exist spyware_detected.gif (echo %windir%\spyware_detected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-detected.gif" (echo %windir%\spyware-detected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-sheriff-header.gif" (echo %windir%\spyware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-sheriff-box.gif" (echo %windir%\spyware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sss_main.ini (echo %windir%\sss_main.ini %sFound%>>%systemdrive%\rapport.txt)
if exist "star.gif" (echo %windir%\star.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "star-grey.gif" (echo %windir%\star-grey.gif %sFound%>>%systemdrive%\rapport.txt)
if exist star_gray.gif (echo %windir%\star_gray.gif %sFound%>>%systemdrive%\rapport.txt)
if exist star_gray_small.gif (echo %windir%\star_gray_small.gif %sFound%>>%systemdrive%\rapport.txt)
if exist star_small.gif (echo %windir%\star_small.gif %sFound%>>%systemdrive%\rapport.txt)
if exist susp.exe (echo %windir%\susp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.exe (echo %windir%\svchost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysen.exe (echo %windir%\sysen.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysvx_.exe (echo %windir%\sysvx_.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sysldr32.exe (echo %windir%\sysldr32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist systeem.exe (echo %windir%\systeem.exe %sFound%>>%systemdrive%\rapport.txt)
if exist System32fab.exe (echo %windir%\System32fab.exe %sFound%>>%systemdrive%\rapport.txt)
if exist systemcritical.exe (echo %windir%\systemcritical.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tctool.exe (echo %windir%\tctool.exe %sFound%>>%systemdrive%\rapport.txt)
if exist teller2.chk (echo %windir%\teller2.chk %sFound%>>%systemdrive%\rapport.txt)
if exist temp.000.exe (echo %windir%\temp.000.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ticads.exe (echo %windir%\ticads.exe %sFound%>>%systemdrive%\rapport.txt)
if exist time.exe (echo %windir%\time.exe %sFound%>>%systemdrive%\rapport.txt)
if exist timessquare.exe (echo %windir%\timessquare.exe %sFound%>>%systemdrive%\rapport.txt)
if exist timessquare1.dat (echo %windir%\timessquare1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist tlhelp.dll (echo %windir%\tlhelp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist tlhelper.dll (echo %windir%\tlhelper.dll %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %windir%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %windir%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %windir%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %windir%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %windir%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %windir%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tpopup.exe (echo %windir%\tpopup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "true-stories.gif" (echo %windir%\true-stories.gif %sFound%>>%systemdrive%\rapport.txt)
if exist trustinbar.exe (echo %windir%\trustinbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ts.gif (echo %windir%\ts.gif %sFound%>>%systemdrive%\rapport.txt)
if exist ts_header.gif (echo %windir%\ts_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist tse.exe (echo %windir%\tse.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uninstDsk.exe (echo %windir%\uninstDsk.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uninstIU.exe (echo %windir%\uninstIU.exe %sFound%>>%systemdrive%\rapport.txt)
if exist update13.js (echo %windir%\update13.js %sFound%>>%systemdrive%\rapport.txt)
if exist url.exe (echo %windir%\url.exe %sFound%>>%systemdrive%\rapport.txt)
if exist user32.exe (echo %windir%\user32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist users32.exe (echo %windir%\users32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist v.gif (echo %windir%\v.gif %sFound%>>%systemdrive%\rapport.txt)
if exist videoslots.ico (echo %windir%\videoslots.ico %sFound%>>%systemdrive%\rapport.txt)
if exist vpnconfig.dll (echo %windir%\vpnconfig.dll %sFound%>>%systemdrive%\rapport.txt)
if exist vsmart.dll (echo %windir%\vsmart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist waol.exe (echo %windir%\waol.exe %sFound%>>%systemdrive%\rapport.txt)
if exist warnhp.html (echo %windir%\warnhp.html %sFound%>>%systemdrive%\rapport.txt)
if exist warning_icon.gif (echo %windir%\warning_icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "warning-bar-ico.gif" (echo %windir%\warning-bar-ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist win_logo.gif (echo %windir%\win_logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "win-sec-center-logo.gif" (echo %windir%\win-sec-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist win32e.exe (echo %windir%\win32e.exe %sFound%>>%systemdrive%\rapport.txt)
if exist win64.exe (echo %windir%\win64.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winajbm.dll (echo %windir%\winajbm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist window.exe (echo %windir%\window.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "windows-compatible.gif" (echo %windir%\windows-compatible.gif %sFound%>>%systemdrive%\rapport.txt)
if exist wininet32.exe (echo %windir%\wininet32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winmgnt.exe (echo %windir%\winmgnt.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysupd.exe (echo %windir%\winsysupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysban.exe (echo %windir%\winsysban.exe %sFound%>>%systemdrive%\rapport.txt)
if exist winsysban8.exe (echo %windir%\winsysban8.exe %sFound%>>%systemdrive%\rapport.txt)
if exist windows.html (echo %windir%\windows.html %sFound%>>%systemdrive%\rapport.txt)
if exist wow.dll (echo %windir%\wow.dll %sFound%>>%systemdrive%\rapport.txt)
if exist wowsupport.dll (echo %windir%\wowsupport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist wupdmgr.exe (echo %windir%\wupdmgr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist x.exe (echo %windir%\x.exe %sFound%>>%systemdrive%\rapport.txt)
if exist x.gif (echo %windir%\x.gif %sFound%>>%systemdrive%\rapport.txt)
if exist xplugin.dll (echo %windir%\xplugin.dll %sFound%>>%systemdrive%\rapport.txt)
if exist xpupdate.exe (echo %windir%\xpupdate.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xxxvideo.hta (echo %windir%\xxxvideo.hta %sFound%>>%systemdrive%\rapport.txt)
if exist y.exe (echo %windir%\y.exe %sFound%>>%systemdrive%\rapport.txt)
if exist yellow_warning_ico.gif (echo %windir%\yellow_warning_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "yes-icon.gif" (echo %windir%\yes-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "yod.htm" (echo %windir%\yod.htm %sFound%>>%systemdrive%\rapport.txt)
if exist zloader3.exe (echo %windir%\zloader3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ZServ.dll (echo %windir%\ZServ.dll %sFound%>>%systemdrive%\rapport.txt)
if exist __delete_on_reboot__popuper.exe (echo %windir%\__delete_on_reboot__popuper.exe %sFound%>>%systemdrive%\rapport.txt)

if exist "%windir%\muwq" echo %windir%\muwq\ %sFound%>>%systemdrive%\rapport.txt

if exist "%windir%\inet20001" echo %windir%\inet20001\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20010" echo %windir%\inet20010\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20066" echo %windir%\inet20066\ %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\inet20099" echo %windir%\inet20099\ %sFound%>>%systemdrive%\rapport.txt

if exist "%windir%\Tasks\At?.job" echo %windir%\Tasks\At?.job %sFound%>>%systemdrive%\rapport.txt
if exist "%windir%\Tasks\At??.job" echo %windir%\Tasks\At??.job %sFound%>>%systemdrive%\rapport.txt

popd






echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\system...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%\system>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%\system

if exist csrss.exe (echo %windir%\system\csrss.exe %sFound%>>%systemdrive%\rapport.txt)
if exist eooyt.exe (echo %windir%\system\eooyt.exe %sFound%>>%systemdrive%\rapport.txt)
if exist processes.txt (echo %windir%\system\processes.txt %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.exe (echo %windir%\system\svchost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svchost.dll (echo %windir%\system\svchost.dll %sFound%>>%systemdrive%\rapport.txt)
if exist svwhost.exe (echo %windir%\system\svwhost.exe %sFound%>>%systemdrive%\rapport.txt)
if exist svwhost.dll (echo %windir%\system\svwhost.dll %sFound%>>%systemdrive%\rapport.txt)

popd




echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\Web...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%\Web>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %windir%\Web

if exist desktop.html (echo %windir%\Web\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist wallpaper.html (echo %windir%\Web\wallpaper.html %sFound%>>%systemdrive%\rapport.txt)

popd



echo.>>%systemdrive%\rapport.txt
echo %sSearch% %syspath%...
echo »»»»»»»»»»»»»»»»»»»»»»»» %syspath%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt



pushd %syspath%

if exist ~update.exe (echo %syspath%\~update.exe %sFound%>>%systemdrive%\rapport.txt)
if exist 0mcamcap.exe (echo %syspath%\0mcamcap.exe %sFound%>>%systemdrive%\rapport.txt)
if exist 977efcdb.exe (echo %syspath%\977efcdb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist a.exe (echo %syspath%\a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ace16win.dll (echo %syspath%\ace16win.dll %sFound%>>%systemdrive%\rapport.txt)
if exist acvgxw.dll (echo %syspath%\acvgxw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adobepnl.dll (echo %syspath%\adobepnl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "Air Tickets.ico" (echo %syspath%\Air Tickets.ico %sFound%>>%systemdrive%\rapport.txt)
if exist AdService.dll (echo %syspath%\AdService.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsmart.exe (echo %syspath%\adsmart.exe %sFound%>>%systemdrive%\rapport.txt)
if exist alxres.dll (echo %syspath%\alxres.dll %sFound%>>%systemdrive%\rapport.txt)
if exist anti_troj.exe (echo %syspath%\anti_troj.exe %sFound%>>%systemdrive%\rapport.txt)
if exist AntiSpy.exe (echo %syspath%\AntiSpy.exe %sFound%>>%systemdrive%\rapport.txt)
if exist antzozc.dll (echo %syspath%\antzozc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist appmagr.dll (echo %syspath%\appmagr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist asxbbx.dll (echo %syspath%\asxbbx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist atmclk.exe (echo %syspath%\atmclk.exe %sFound%>>%systemdrive%\rapport.txt)
if exist autodisc32.dll (echo %syspath%\autodisc32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist autosys.exe (echo %syspath%\autosys.exe %sFound%>>%systemdrive%\rapport.txt)
if exist axlet.dll (echo %syspath%\axlet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bhoimpl.dll (echo %syspath%\bhoimpl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bhoSearchSpy.dll (echo %syspath%\bhoSearchSpy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bikini.exe (echo %syspath%\bikini.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bin29a.log (echo %syspath%\bin29a.log %sFound%>>%systemdrive%\rapport.txt)
if exist "Big Tits.ico" (echo %syspath%\Big Tits.ico %sFound%>>%systemdrive%\rapport.txt)
if exist birdihuy.dll (echo %syspath%\birdihuy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist birdihuy32.dll (echo %syspath%\birdihuy32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist Blackjack.ico (echo %syspath%\Blackjack.ico %sFound%>>%systemdrive%\rapport.txt)
if exist bnmsrv.exe (echo %syspath%\bnmsrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bolnyz.dll (echo %syspath%\bolnyz.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bre.dll (echo %syspath%\bre.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bre32.dll (echo %syspath%\bre32.dll %sFound%>
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 30
Utilisateur anonyme
 
ce n'est pas ça...
ce que tu m'a collé c'est le contenu du script !
il se trouve à la racine de ton disk(la racine veut dire le début, en c:\rapport.txt
si tu ne sais pas y aller, fais une recherche....
il m'est impossible de mieux expliquer mieux que sur ma page ici:
https://leblogdeclaude.blogspot.com/2007/04/informatique-procdure-smitfraud.html
il sagit de faire un double clic sur Smitfraud.cmd, une fenêtre noire s'ouvre, ensuite une fenêtre bleue (appuyer sur enter), ensuite tu arrive à un menu, là choisir l'option1....
ce n'est pas chinois....tu dois y arriver.
Si pas demande de l'aide.
Le rapport se trouve en c:\rapport.txt

-1
lise
 
bonjour

c'est mon souci depuis le début...quand je clique sur smirfraud.cmd j'ai pas la page que tu dis...j'ai ceci...
SmitFraudFix v2.189

Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing !
Unzip all the archive in a folder.

Appuyez sur une touche pour continuer...



alors voilà, je ne peux pas cliquer sur l'option 1 puisque je ne l'ai pas

Merci
0
Réponse 26 / 30
Utilisateur anonyme
 
je parie que tu as décompressé rien que Smitfraud.cmd et pas toute l'archive complète....c'est ça ?
Dans le dossier Smitfraudfix tu dois avoir ceci:
http://bp1.blogger.com/...
si t'as pas ça...évidemment tu tournes en rond !
Tu as donwnloadé ceci comme il est indiqué ?
https://www.01net.com/telecharger/windows/Utilitaire/compression_et_decompression/fiches/27887.html
si non, fais le ... :-/
ensuite tu doubles-clic sur l'archive zip que tu as donwloadé...
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Izarc va l'ouvrir...sisi !
tu fais juste extraire.....
et normalement tu as toute l'archive en entier...:-)
lis et relis ceci....
https://leblogdeclaude.blogspot.com/2007/04/informatique-procdure-smitfraud.html
t'as fait un mauvaise manip qualque part ...
http://gifs.yatou.net/images/informatique/gif-informatique-007.gif

-1
lise
 
voilà, je pense que c'est bon. Et maintenant stp ? merci

SmitFraudFix v2.190

Rapport fait à 19:31:59,70, 03/06/2007
Executé à partir de C:\Documents and Settings\cmarinelli\Local Settings\Temporary Internet Files\Content.IE5\598Q47T9\SmitfraudFix[2]\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\IZARC\IZARC.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\cmarinelli


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\cmarinelli\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CMARIN~1\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kddeg.exe"

kddeg.exe détecté !
utilisez un scanner de Rootkit


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8925A5D3-1834-4F12-89E5-589872227F84}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8925A5D3-1834-4F12-89E5-589872227F84}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 27 / 30
Utilisateur anonyme
 
fais ceci:
https://leblogdeclaude.blogspot.com/2007/02/informatique-coller-un-rapport.html
colles le rapport blacklight
-1
lise
 
ok merci
le voici
06/03/07 21:10:15 [Info]: BlackLight Engine 1.0.61 initialized
06/03/07 21:10:15 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/03/07 21:10:16 [Note]: 7019 4
06/03/07 21:10:16 [Note]: 7005 0
06/03/07 21:10:18 [Note]: 7006 0
06/03/07 21:10:18 [Note]: 7011 2724
06/03/07 21:10:19 [Note]: 7026 0
06/03/07 21:10:19 [Note]: 7026 0
06/03/07 21:10:24 [Note]: FSRAW library version 1.7.1021
06/03/07 21:10:52 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\KDDEG.EXE
06/03/07 21:10:52 [Note]: 7002 32
06/03/07 21:10:52 [Note]: 7003 1
06/03/07 21:12:02 [Note]: 7006 0
06/03/07 21:12:02 [Note]: 7011 2724
06/03/07 21:12:02 [Note]: 7026 0
06/03/07 21:12:02 [Note]: 7026 0
06/03/07 21:12:04 [Note]: FSRAW library version 1.7.1021
06/03/07 21:12:32 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\KDDEG.EXE
06/03/07 21:12:32 [Note]: 7002 32
06/03/07 21:12:32 [Note]: 7003 1
06/03/07 21:14:42 [Note]: 7007 0
0
Réponse 28 / 30
Utilisateur anonyme
 
ok, fais ceci:
------Faites ceci-->
Cliquer sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Cocher « afficher les fichiers et dossiers cachés »
Décocher la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher « masquer les extensions dont le type est connu »
Puis faire «Ok» pour valider les changements.
---------------------------
recherches ceci----->

KDDEG.EXE
quand tu l'auras trouvé, normalement il est dans :
c:\WINDOWS\SYSTEM32\KDDEG.EXE
supprimes-le en faisant ceci:
https://leblogdeclaude.blogspot.com/2007/03/informatique-supprimer-un-programme.html

-1
gest
 
bonsoir Philo

ce que je dois cocher était déjà fait et décocher aussi
en revanche, je ne peux pas décocher "masquer les fichiers protégés du système d'exploitation", j'ai un message qui me dit que l'ordinateur sera inutilisable si je décoche.
pour le dossier recherché, à cet instant, je ne l'ai pas encore trouvé...patience, patience...merci bcp
0
lise
 
bonsoir Philo

ce que je dois cocher était déjà fait et décocher aussi
en revanche, je ne peux pas décocher "masquer les fichiers protégés du système d'exploitation", j'ai un message qui me dit que l'ordinateur sera inutilisable si je décoche.
pour le dossier recherché, à cet instant, je ne l'ai pas encore trouvé...patience, patience...merci bcp
----------------------------------------------------------------------------
0
lise
 
Philo
j'ai recherché dans gestionnaire de travaux et hijackthis et il n'y a pas le fichier que tu me dis. Il ne figure nulle part.
Que faire stp ?
MERCI
0
Réponse 29 / 30
Utilisateur anonyme
 
évidemment il est caché....
conclusion du dois faire la manip:
"ok, fais ceci:
------Faites ceci-->
Cliquer sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Cocher « afficher les fichiers et dossiers cachés »
Décocher la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher « masquer les extensions dont le type est connu »
Puis faire «Ok» pour valider les changements. "
et ne pas tenir compte du message d'alerte de xp....
sinon....tu ne vas jamais le trouver...

-1
lise
 
Bonsoir Philo

ok j'ai fait mais le fichier demandé n'y figure pas. J'ai fait les deux solutions avec panneau de configuration et hijackthis...est ce bien celui là stp ?

merci
0
Réponse 30 / 30
Utilisateur anonyme
 
Que veux-tu dire exactement ?
"J'ai fait les deux solutions avec panneau de configuration et hijackthis...est ce bien celui là stp ?
"
-1
lise
 
Bonjour,

Je ne trouve pas le fichier que tu m'as écrit...j'ai cherché dans le gestionnaire des travaux et j'ai ouvert le processus parallèlement dans hijackthis pour vérifier et je ne l'ai pas trouvé non plus. Il y en a d'autres system 32 mais pas celui dont tu me dis de chercher.

Je ne sais pas si je suis claire....sourires...

Merci encore et bonne journée
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
FOTOSE (allemagne)
lix -
Yves -

13 réponses
ATTENTION : escroquerie à la carte bleue !!
dvrg -
dvrg -

80 réponses