Pb Erreur chasseur

Résolu
sukky -  
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Bonjour,
j'ai actuellement des problemes avec mon ordi.
- A chaque ouverture de mon ordi, j'ai une fenêtre qui s'affiche concernant "Erreur chasseur"
- J'ai des pbs avec des certificats de sécurité.
Je peux joindre un rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:35:52, on 05/02/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Gantet\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CIEIntegrator Object - {D3B4C621-6024-410B-9F0F-22CBD6981F5E} - C:\Program Files\VirusGarde\Addons\popupg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 5276 bytes

Pouvez vous m'aider !!!!!

Merci
Configuration: Windows XP
Internet Explorer 7.0

43 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Problème récurrent à l'ouverture de l'ordinateur: une fenêtre d'alerte 'Erreur chasseur' s'affiche et des soucis de certificats de sécurité apparaissent, motivant l'analyse via un rapport HijackThis.
Des intervenants proposent des procédures de nettoyage incluant OTMoveIt, CCleaner, AVG Anti-Spyware, et la désactivation du rootkit, puis un redémarrage en mode sans échec et l'envoi de rapports.
La procédure recommandée prévoit aussi la suppression des éléments gênants trouvés par HijackThis et la désinstallation/réinstallation d'antivirus, avec remédiation via des scans et rapports validés.
D'autres conseils évoquent l'usage d'Avira et la vérification des services au démarrage, avec l'importance du redémarrage en mode sans échec pour prévenir les interactions des programmes actifs.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonjour Suky

    Besoin d un autre rapport avant d attaquer

    Un smitfraudFix

    Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    * Installe le à la racine de C

    * double clic sur l'exe pour le décompresser et lancer le fix.
    Utilisation ----- option 1 - Recherche :
    * Double clique sur smitfraudfix.cmd
    * Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
    * Poste le rapport ici


    process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus
    .
    0
  2. sukky
     
    Bonsoir,

    Après avoirdemandé de l'aide sur ce forum, j'ai exécuté le Smitfraudfix comme demandé par Lesioux et je vous l'ai transmis.
    Depuis, je n'ai plus de réponse.
    Pouvez vous me dire ce que je dois faire.
    Merci pour votre aide
    Cordialement

    Sukky
    0
  3. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir Sukky

    ??

    Je n ai aucune trace de ce rapport que j attends pour pouvoir passer a la suite...

    C est ici qu il faut copier / coller ce dernier si tu veux que je puisse t'aider.

    @+
    0
  4. sukky
     
    @ECHO OFF

    REM Smitfraud Fix by S!Ri
    REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
    REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
    REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
    REM and all the ones I forgot who submit files, analyses, help users...
    REM Miekiemoes' Shudder key fix added.
    REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
    REM Reboot.exe by Shadowwar/Option^Explicit added.
    REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
    REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
    REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
    REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
    REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
    REM unzip.exe - info-zip (http://www.info-zip.org)
    REM SmiUpdate.exe - Sebdraluorg
    REM exit.exe - MAD - Malware Analysis and Diagnostic

    set fixname=SmitFraudFix
    set fixvers=v2.274

    VER|find "Windows 95">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows 98">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows Millennium">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows XP">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Windows 2000">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Version 5.2.3790">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Version 6.0">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "version 6.0">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    if %OS%==Windows_NT goto NT
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Version non support^‚e.
    echo Windows 2000 / XP requis !
    echo.
    echo Unsupported Version.
    echo Windows 2000 / XP required !
    echo.
    pause
    goto exit

    :Win
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Version non support^‚e.
    echo Windows 2000 / XP requis !
    echo.
    echo Unsupported Version.
    echo Windows 2000 / XP required !
    echo.
    pause
    goto exit

    :NT
    set DoReboot=0
    set DoRestart=0
    set syspath=%windir%\system32

    echo Option Explicit>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo Dim Shell>>GetPaths.vbs
    echo Dim KeyPath>>GetPaths.vbs
    echo Dim ObjFileSystem>>GetPaths.vbs
    echo Dim ObjOutputFile>>GetPaths.vbs
    echo Dim ObjRegExp>>GetPaths.vbs
    echo Dim File>>GetPaths.vbs
    echo Dim TmpVar>>GetPaths.vbs
    echo Dim TmpCounter>>GetPaths.vbs
    echo Dim Var>>GetPaths.vbs
    echo Dim Accent>>GetPaths.vbs

    echo.>>GetPaths.vbs
    echo KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
    echo File = "SetPaths.bat">>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo Set Shell = WScript.CreateObject("WScript.Shell")>>GetPaths.vbs
    echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>GetPaths.vbs
    echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>GetPaths.vbs
    echo Set ObjRegExp = New RegExp>>GetPaths.vbs
    echo.>>GetPaths.vbs

    echo Function ShortFileName(Path)>>GetPaths.vbs
    echo Dim f>>GetPaths.vbs
    echo Set f = ObjFileSystem.GetFolder(Path)>>GetPaths.vbs
    echo ShortFileName = f.ShortPath>>GetPaths.vbs
    echo End Function>>GetPaths.vbs

    echo Function Accents(Str)>>GetPaths.vbs
    echo ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]">>GetPaths.vbs
    echo ObjRegExp.IgnoreCase = True>>GetPaths.vbs
    echo ObjRegExp.Global = True>>GetPaths.vbs
    echo Accents = ObjRegExp.Replace(Str, "?")>>GetPaths.vbs
    echo End Function>>GetPaths.vbs

    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Desktop")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo Var = "Set desktop=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Favorites")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo Var = "Set favorites=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Programs")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
    echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
    echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
    echo End If>>GetPaths.vbs
    echo Next>>GetPaths.vbs
    echo Var = "Set startprg=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Start Menu")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
    echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
    echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
    echo End If>>GetPaths.vbs
    echo Next>>GetPaths.vbs
    echo Var = "Set startm=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Startup")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
    echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
    echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
    echo End If>>GetPaths.vbs
    echo Next>>GetPaths.vbs
    echo Var = "Set startup=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs

    echo KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Common Desktop")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo Var = "Set audesktop=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Common Favorites")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo Var = "Set aufavorites=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Common Programs")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
    echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
    echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
    echo End If>>GetPaths.vbs
    echo Next>>GetPaths.vbs
    echo Var = "Set austartprg=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Common Start Menu")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
    echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
    echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
    echo End If>>GetPaths.vbs
    echo Next>>GetPaths.vbs
    echo Var = "Set austartm=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo TmpVar = Shell.RegRead (KeyPath ^& "Common Startup")>>GetPaths.vbs
    echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
    echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
    echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
    echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
    echo End If>>GetPaths.vbs
    echo Next>>GetPaths.vbs
    echo Var = "Set austartup=" ^& TmpVar>>GetPaths.vbs
    echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
    echo.>>GetPaths.vbs
    echo ObjOutputFile.Close>>GetPaths.vbs
    echo Set objFileSystem = Nothing>>GetPaths.vbs
    echo Set Shell = Nothing>>GetPaths.vbs
    echo Set ObjRegExp = nothing>>GetPaths.vbs
    echo.>>GetPaths.vbs
    cscript //I //nologo GetPaths.vbs
    del GetPaths.vbs
    Call SetPaths.bat
    del SetPaths.bat

    if exist "%userprofile%\Bureau" (
    set lang=fra
    ) else (
    set lang=int
    )

    goto test

    :test
    if not exist Process.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier Process.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo Process.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist swreg.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier swreg.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo swreg.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist swsc.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier swsc.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo swsc.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist SrchSTS.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier SrchSTS.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo SrchSTS.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist Reboot.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier Reboot.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo Reboot.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist restart.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier restart.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo restart.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist GenericRenosFix.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier GenericRenosFix.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo GenericRenosFix.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist dumphive.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier dumphive.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo dumphive.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist unzip.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier unzip.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo unzip.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist SmiUpdate.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier SmiUpdate.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo SmiUpdate.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist swxcacls.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier swxcacls.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo swxcacls.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist VCCLSID.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier VCCLSID.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo VCCLSID.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist WS2Fix.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier WS2Fix.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo WS2Fix.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if not exist IEDFix.exe (
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Fichier IEDFix.exe absent !
    echo Dezippez la totalit^‚ de l'archive dans un dossier.
    echo.
    echo IEDFix.exe file missing !
    echo Unzip all the archive in a folder.
    echo.
    pause
    goto exit
    )

    if exist Update.cmd del Update.cmd
    if not exist %syspath%\Process.exe copy Process.exe %syspath%\Process.exe >NUL
    if not exist %syspath%\swreg.exe copy swreg.exe %syspath%\swreg.exe >NUL
    if not exist %syspath%\swsc.exe copy swsc.exe %syspath%\swsc.exe >NUL
    if not exist %syspath%\SrchSTS.exe copy SrchSTS.exe %syspath%\SrchSTS.exe >NUL
    if not exist %syspath%\dumphive.exe copy dumphive.exe %syspath%\dumphive.exe >NUL
    if not exist %syspath%\swxcacls.exe copy swxcacls.exe %syspath%\swxcacls.exe >NUL
    if not exist %syspath%\VCCLSID.exe copy VCCLSID.exe %syspath%\VCCLSID.exe >NUL
    if not exist %syspath%\WS2Fix.exe copy WS2Fix.exe %syspath%\WS2Fix.exe >NUL
    if not exist %syspath%\IEDFix.exe copy IEDFix.exe %syspath%\IEDFix.exe >NUL

    if exist tmp.txt del tmp.txt
    if exist tmp2.txt del tmp2.txt
    if exist tmp3.txt del tmp3.txt
    chkntfs %systemdrive% | find /V "%systemdrive%">tmp.txt
    type tmp.txt | find /i "NTFS">tmp2.txt
    for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
    if exist tmp3.txt set FSType=NTFS
    if exist tmp3.txt del tmp3.txt
    type tmp.txt | find /i "FAT32">tmp2.txt
    for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
    if exist tmp3.txt set FSType=FAT32
    if exist tmp.txt del tmp.txt
    if exist tmp2.txt del tmp2.txt
    if exist tmp3.txt del tmp3.txt

    goto notice

    :notice
    color 17
    cls
    if %lang%==fra (
    echo.
    echo.
    echo.
    echo.
    echo.
    echo.
    echo.
    echo.
    echo joedanger n'est pas affili^‚ avec SmitfraudFix!
    echo.
    echo Cet outil a ^‚t^‚ cr^‚^‚ par S!Ri pour une utilisation GRATUITE.
    echo Des dons seront accept^‚s par S!Ri, uniquement sur son site Web principal
    echo N'importe qui d'autre essayant d'en tirer profit
    echo ou qui sollicite de l'argent est impliqu^‚ dans une fraude.
    echo.
    echo.
    echo Appuyez sur une touche pour continuer...
    echo.
    ) else (
    echo.
    echo.
    echo.
    echo.
    echo.
    echo.
    echo.
    echo.
    echo joedanger is NOT involved with Smitfraudfix in any way!
    echo.
    echo This tool was created by S!Ri, and is available for FREE.
    echo Voluntary donations will be accepted by S!Ri, at his main website only.
    echo Anyone, other than the creator, trying to make a profit
    echo or solicit money from its use would be involved in fraudulent activity.
    echo.
    echo.
    echo Press a key to continue...
    echo.
    )
    pause>NUL
    goto menu

    :menu
    color 17
    cls

    if %lang%==fra (
    set sChoice=Entrez votre choix
    set sScanDate=Rapport fait à
    set sRunFrom=Executé à partir de
    set sFSType=Le type du système de fichiers est
    set SafeMWarn=Fix executé en mode normal
    set SafeMDisp=Fix executé en mode sans echec
    set sSearch=Recherche
    set sFound=PRESENT !
    set sFoundLSP=Détecté, utiliser LSPFix.exe pour supprimer !
    set sDel=supprimé
    set sRen=Redemarrez et Executez SmitfraudFix option 2 encore une fois SVP.
    set sInfect=infecté !
    set sInfect2=infect^‚ !
    set KDMess=détecté !
    set sHOSTS=Fichier hosts corrompu !
    set RKScan=utilisez un scanner de Rootkit
    set xpdxMess=xpdx détecté, utilisez un scanner de Rootkit
    set xpdtMess=xpdt détecté, utilisez un scanner de Rootkit
    set pe386Mess=pe386 détecté, utilisez un scanner de Rootkit
    set lzx32Mess=lzx32 détecté, utilisez un scanner de Rootkit
    set huy32Mess=huy32 détecté, utilisez un scanner de Rootkit
    set msguardMess=msguard détecté, utilisez un scanner de Rootkit
    set DNSHJ=Votre ordinateur est certainement victime d'un détournement de DNS
    set CleanDNS=Voules vous reconfigurer votre réseau avec des IP dynamiques -DHCP- ?
    set CancelDNS=Configuration annulée. Vérifiez les paramètres de votre réseau.
    set sWiniSearch=Recherche wininet.dll de remplacement
    set sEnd=Fin
    set sProcess=Arret des processus
    set sError=Problème suppression
    set sNotFound=non trouvé
    set sTempFolder=Suppression Fichiers Temporaires
    set sRegCleanQ=Voulez-vous nettoyer le registre ? ^(o/n^)
    set sRegClean=Nettoyage du registre
    set sWininetQ=Corriger le fichier infect^‚ ? ^(o/n^)
    set sTrustQ=R^‚initialiser la liste des sites de confiance et sensibles ? ^(o/n^)
    set sTrustBackUp=Copie de sauvegarde
    set sTrustDone=Sites de confiance et sensibles effac^‚s.
    set sTrustError=*** Erreur : zone.reg non trouv^‚ ***

    echo.
    echo.
    echo %fixname% %fixvers%
    echo.
    echo.
    echo.
    echo 1. Recherche
    echo 2. Nettoyage ^( mode sans echec recommand^‚ ^)
    echo 3. Effacer les sites de confiance et sensibles
    echo 4. V^‚rifier les Mises ^… jour
    echo 5. Recherche et suppression d^‚tournement DNS
    echo L. Langue Anglaise
    echo Q. Quitter
    echo.
    echo.
    echo Fermez tous les programmes
    echo un red^‚marrage peut-^ˆtre n^‚cessaire
    echo.
    echo.
    echo.
    ) else (
    set sChoice=Enter your choice
    set sScanDate=Scan done at
    set sRunFrom=Run from
    set sFSType=The filesystem type is
    set SafeMWarn=Fix run in normal mode
    set SafeMDisp=Fix run in safe mode
    set sSearch=Scanning
    set sFound=FOUND !
    set sFoundLSP=Detected, use LSPFix.exe to delete !
    set sDel=Deleted
    set sRen=Please, Reboot and Run SmitfraudFix option 2 once again.
    set sInfect=infected !
    set sInfect2=infected !
    set KDMess=detected !
    set sHOSTS=hosts file corrupted !
    set RKScan=use a Rootkit scanner
    set xpdxMess=xpdx detected, use a Rootkit scanner
    set xpdtMess=xpdt detected, use a Rootkit scanner
    set pe386Mess=pe386 detected, use a Rootkit scanner
    set lzx32Mess=lzx32 detected, use a Rootkit scanner
    set huy32Mess=huy32 detected, use a Rootkit scanner
    set msguardMess=msguard detected, use a Rootkit scanner
    set DNSHJ=Your computer may be victim of a DNS Hijack
    set CleanDNS=Do you want to set your network to dynamic -DHCP- Server ?
    set CancelDNS=Configuration canceled. Check your network settings.
    set sWiniSearch=Scanning for wininet.dll backup
    set sEnd=End
    set sProcess=Killing process
    set sError=Problem while deleting
    set sNotFound=not found
    set sTempFolder=Deleting Temp Files
    set sRegCleanQ=Do you want to clean the registry ? ^(y/n^)
    set sRegClean=Registry Cleaning
    set sWininetQ=Replace infected file ? ^(y/n^)
    set sTrustQ=Restore Trusted Zone ? ^(y/n^)
    set sTrustBackUp=Saving BackUp
    set sTrustDone=Trusted Zone deleted.
    set sTrustError=*** Error : zone.reg not found ***

    echo.
    echo.
    echo %fixname% %fixvers%
    echo.
    echo.
    echo.
    echo 1. Search
    echo 2. Clean ^(safe mode recommended^)
    echo 3. Delete Trusted zone
    echo 4. Check for updates
    echo 5. Search and clean DNS Hijack
    echo L. French Language
    echo Q. Quit
    echo.
    echo.
    echo Close all applications
    echo Computer may reboot
    echo.
    echo.
    echo.
    )
    set ChoixMenu=''
    set /p ChoixMenu=%sChoice% (1,2,3,4,5,L,Q) :
    if '%ChoixMenu%'=='l' GOTO SwappL
    if '%ChoixMenu%'=='L' GOTO SwappL
    if '%ChoixMenu%'=='q' GOTO exit
    if '%ChoixMenu%'=='Q' GOTO exit
    if '%ChoixMenu%'=='1' GOTO search
    if '%ChoixMenu%'=='2' GOTO fix
    if '%ChoixMenu%'=='3' GOTO zonefix
    if '%ChoixMenu%'=='4' GOTO update
    if '%ChoixMenu%'=='5' GOTO DNSSearchFix
    goto menu

    :SwappL
    if '%lang%'=='fra' (
    set lang=int
    ) else (
    set lang=fra
    )
    goto notice

    :search
    cls
    echo %fixname% %fixvers%
    echo %fixname% %fixvers%>%systemdrive%\rapport.txt
    echo.
    echo.>>%systemdrive%\rapport.txt
    echo %sScanDate% %time%, %date%>>%systemdrive%\rapport.txt
    for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
    echo %sRunFrom% %CurDir%>>%systemdrive%\rapport.txt
    IF ERRORLEVEL 1 (
    echo %sRunFrom% >>%systemdrive%\rapport.txt
    cd >>%systemdrive%\rapport.txt
    )
    for /f "Tokens=*" %%i in ('ver') do set Version=%%i
    echo OS: %Version% - %OS%>>%systemdrive%\rapport.txt
    echo %sFSType% %FSType%>>%systemdrive%\rapport.txt
    if not defined safeboot_option echo %SafeMWarn%>>%systemdrive%\rapport.txt
    if defined safeboot_option echo %SafeMDisp%>>%systemdrive%\rapport.txt

    echo.>>%systemdrive%\rapport.txt
    echo %sSearch% Process...
    echo »»»»»»»»»»»»»»»»»»»»»»»» Process>>%systemdrive%\rapport.txt
    echo.>>%systemdrive%\rapport.txt

    echo Option Explicit>ProcessList.vbs
    echo.>>ProcessList.vbs
    echo Dim File>>ProcessList.vbs
    echo Dim ObjFileSystem>>ProcessList.vbs
    echo Dim ObjOutputFile>>ProcessList.vbs
    echo Dim objWMIService>>ProcessList.vbs
    echo Dim oproc>>ProcessList.vbs
    echo Dim Var>>ProcessList.vbs
    echo.>>ProcessList.vbs
    echo File = "Process.txt">>ProcessList.vbs
    echo.>>ProcessList.vbs
    echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>ProcessList.vbs
    echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>ProcessList.vbs
    echo.>>ProcessList.vbs
    echo Set objWMIService = GetObject("winmgmts:\root\cimv2")>>ProcessList.vbs
    echo Set oproc = objWMIService.ExecQuery("Select * from Win32_Process",,48)>>ProcessList.vbs
    echo.>>ProcessList.vbs
    echo For Each oproc In oproc>>ProcessList.vbs
    echo Var = oproc.ExecutablePath>>ProcessList.vbs
    echo if Var ^<^> "" then>>ProcessList.vbs
    echo ObjOutputFile.WriteLine(Var)>>ProcessList.vbs
    echo End If>>ProcessList.vbs
    echo Next>>ProcessList.vbs
    echo.>>ProcessList.vbs
    echo ObjOutputFile.Close>>ProcessList.vbs
    echo Set objFileSystem = Nothing>>ProcessList.vbs
    echo Set oproc = Nothing>>ProcessList.vbs
    echo Set objWMIService = Nothing>>ProcessList.vbs
    echo.>>ProcessList.vbs
    cscript //I //nologo ProcessList.vbs
    del ProcessList.vbs
    type Process.txt | find /v "cscript.exe" >>%systemdrive%\rapport.txt
    del Process.txt

    echo.>>%systemdrive%\rapport.txt
    echo %sSearch% hosts...
    echo »»»»»»»»»»»»»»»»»»»»»»»» hosts>>%systemdrive%\rapport.txt
    echo.>>%systemdrive%\rapport.txt

    if exist tmp.txt del tmp.txt
    if exist tmp2.txt del tmp2.txt

    type %syspath%\drivers\etc\hosts | find /i "arovax.com">tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "bleepingcomputer.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "boskak.za.net">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "bullguard.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "castlecops.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "compu-docs.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "computing.net">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "dell.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "depannetonpc.net">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "digitaltrends.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "ewido.net">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "geekstogo.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "greyknight17.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "idg.pl">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "infos-du-net.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "innovative-sol.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "lavasoftsupport.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "lockergnome.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "majorgeeks.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "microsoft.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "mytechsupport.ca">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "pandasoftware.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "prevx.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "siri.urz.free.fr">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "spybot.info">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "stevengould.org">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "sunbelt-software.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "spywareinfo.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "spywareinfo.dk">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "superantispyware.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "techguy.org">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "techsupportforum.com">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "tomcoyote.org">>tmp.txt
    type %syspath%\drivers\etc\hosts | find /i "wilderssecurity.com">>tmp.txt

    for /f "tokens=* delims=" %%a in (tmp.txt) do echo %%a>tmp2.txt
    if exist tmp2.txt goto ScanHosts_Found
    goto ScanHosts_End

    :ScanHosts_Found
    echo %sHOSTS%>>%systemdrive%\rapport.txt
    echo.>>%systemdrive%\rapport.txt
    type tmp.txt>>%systemdrive%\rapport.txt

    :ScanHosts_End
    if exist tmp.txt del tmp.txt
    if exist tmp2.txt del tmp2.txt

    echo.>>%systemdrive%\rapport.txt
    echo %sSearch% %HOMEDRIVE%\...
    echo »»»»»»»»»»»»»»»»»»»»»»»» %HOMEDRIVE%\>>%systemdrive%\rapport.txt
    echo.>>%systemdrive%\rapport.txt

    pushd %HOMEDRIVE%\

    if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist config.sy_ (echo %HOMEDRIVE%\config.sy_ %sFound%>>%systemdrive%\rapport.txt)
    if exist contextplus.exe (echo %HOMEDRIVE%\contextplus.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist country.exe (echo %HOMEDRIVE%\country.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist defender??.exe (echo %HOMEDRIVE%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist dfndr.exe (echo %HOMEDRIVE%\dfndr.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist dfndra.exe (echo %HOMEDRIVE%\dfndra.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist dfndr?_?.exe (echo %HOMEDRIVE%\dfndr?_?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartload?.exe (echo %HOMEDRIVE%\drsmartload?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartload??.exe (echo %HOMEDRIVE%\drsmartload??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartload???.exe (echo %HOMEDRIVE%\drsmartload???.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartload????.exe (echo %HOMEDRIVE%\drsmartload????.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ecsiin.stub.exe (echo %HOMEDRIVE%\ecsiin.stub.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist exit (echo %HOMEDRIVE%\exit %sFound%>>%systemdrive%\rapport.txt)
    if exist gimmysmileys.exe (echo %HOMEDRIVE%\gimmysmileys.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist gimmysmileys?.exe (echo %HOMEDRIVE%\gimmysmileys?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist keyboard.exe (echo %HOMEDRIVE%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist keyboard?.exe (echo %HOMEDRIVE%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist keyboard??.exe (echo %HOMEDRIVE%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist kl1.exe (echo %HOMEDRIVE%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist kybrd.exe (echo %HOMEDRIVE%\kybrd.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist kybrd_?.exe (echo %HOMEDRIVE%\kybrd_?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist kybrd?_?.exe (echo %HOMEDRIVE%\kybrd?_?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist loader.exe (echo %HOMEDRIVE%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mousepad.exe (echo %HOMEDRIVE%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mousepad?.exe (echo %HOMEDRIVE%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mousepad??.exe (echo %HOMEDRIVE%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist MTE3NDI6ODoxNg.exe (echo %HOMEDRIVE%\MTE3NDI6ODoxNg.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist nwnm.exe (echo %HOMEDRIVE%\nwnm.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist nwnm_?.exe (echo %HOMEDRIVE%\nwnm_?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist nwnm?_?.exe (echo %HOMEDRIVE%\nwnm?_?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist newname?.exe (echo %HOMEDRIVE%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist newname??.exe (echo %HOMEDRIVE%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ntps.exe (echo %HOMEDRIVE%\ntps.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ntnc.exe (echo %HOMEDRIVE%\ntnc.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ms1.exe (echo %HOMEDRIVE%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist r.exe (echo %HOMEDRIVE%\r.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist secure32.html (echo %HOMEDRIVE%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
    if exist stub_113_4_0_4_0.exe (echo %HOMEDRIVE%\stub_113_4_0_4_0.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist tool1.exe (echo %HOMEDRIVE%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist tool2.exe (echo %HOMEDRIVE%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist tool3.exe (echo %HOMEDRIVE%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist tool4.exe (echo %HOMEDRIVE%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist tool5.exe (echo %HOMEDRIVE%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist toolbar.exe (echo %HOMEDRIVE%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist uniq (echo %HOMEDRIVE%\uniq %sFound%>>%systemdrive%\rapport.txt)
    if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp %sFound%>>%systemdrive%\rapport.txt)
    if exist wp.exe (echo %HOMEDRIVE%\wp.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist xxx.exe (echo %HOMEDRIVE%\xxx.exe %sFound%>>%systemdrive%\rapport.txt)

    if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ %sFound%>>%systemdrive%\rapport.txt

    popd

    echo.>>%systemdrive%\rapport.txt
    echo %sSearch% %windir%\...
    echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%>>%systemdrive%\rapport.txt
    echo.>>%systemdrive%\rapport.txt

    pushd %windir%

    if exist ".protected" (echo %windir%\.protected %sFound%>>%systemdrive%\rapport.txt)
    if exist aapfr.exe (echo %windir%\aapfr.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist accesss.exe (echo %windir%\accesss.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ads.js (echo %windir%\ads.js %sFound%>>%systemdrive%\rapport.txt)
    if exist adsldpbc.dll (echo %windir%\adsldpbc.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist adsldpbd.dll (echo %windir%\adsldpbd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist adsldpbe.dll (echo %windir%\adsldpbe.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist adsldpbf.dll (echo %windir%\adsldpbf.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist adsldpbj.dll (echo %windir%\adsldpbj.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist adtech2005.exe (echo %windir%\adtech2005.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist adtech2006a.exe (echo %windir%\adtech2006a.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist advrepdow.dll (echo %windir%\advrepdow.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist advrepgds.dll (echo %windir%\advrepgds.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist advrepgpd.dll (echo %windir%\advrepgpd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist advrepkon.dll (echo %windir%\advrepkon.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist advrepnok.dll (echo %windir%\advrepnok.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist advreprwd.dll (echo %windir%\advreprwd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist advrepvto.dll (echo %windir%\advrepvto.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist adw.htm (echo %windir%\adw.htm %sFound%>>%systemdrive%\rapport.txt)
    if exist "adware-sheriff-box.gif" (echo %windir%\adware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "adware-sheriff-header.gif" (echo %windir%\adware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist afxp.dll (echo %windir%\afxp.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist alexaie.dll (echo %windir%\alexaie.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist alxie328.dll (echo %windir%\alxie328.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist alxtb1.dll (echo %windir%\alxtb1.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist "antispylab-logo.gif" (echo %windir%\antispylab-logo.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist about_spyware_bg.gif (echo %windir%\about_spyware_bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist about_spyware_bottom.gif (echo %windir%\about_spyware_bottom.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist as.gif (echo %windir%\as.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist as_header.gif (echo %windir%\as_header.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist astctl32.ocx (echo %windir%\astctl32.ocx %sFound%>>%systemdrive%\rapport.txt)
    if exist avp.exe (echo %windir%\avp.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist avpcc.dll (echo %windir%\avpcc.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist azesearch.bmp (echo %windir%\azesearch.bmp %sFound%>>%systemdrive%\rapport.txt)
    if exist back.gif (echo %windir%\back.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist bandserv.dll (echo %windir%\bandserv.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist batserv2.exe (echo %windir%\batserv2.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist bg.gif (echo %windir%\bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist bg_bg.gif (echo %windir%\bg_bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist big_red_x.gif (echo %windir%\big_red_x.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist bindmod.dll (echo %windir%\bindmod.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist binret.exe (echo %windir%\binret.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist blank.mht (echo %windir%\blank.mht %sFound%>>%systemdrive%\rapport.txt)
    if exist blopenv???.dll (echo %windir%\blopenv???.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist "blue-bg.gif" (echo %windir%\blue-bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrdkq.dll (echo %windir%\bndsrdkq.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrfst.dll (echo %windir%\bndsrfst.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrgxt.dll (echo %windir%\bndsrgxt.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrkwm.dll (echo %windir%\bndsrkwm.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsronw.dll (echo %windir%\bndsronw.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrpfn.dll (echo %windir%\bndsrpfn.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrsvk.dll (echo %windir%\bndsrsvk.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrtvd.dll (echo %windir%\bndsrtvd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrvnl.dll (echo %windir%\bndsrvnl.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrvqt.dll (echo %windir%\bndsrvqt.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bndsrwlq.dll (echo %windir%\bndsrwlq.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist box_1.gif (echo %windir%\box_1.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist box_2.gif (echo %windir%\box_2.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist box_3.gif (echo %windir%\box_3.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist bonsws.dll (echo %windir%\bonsws.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bonrep.dll (echo %windir%\bonrep.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist browsers.dll (echo %windir%\browsers.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist BTGrab.dll (echo %windir%\BTGrab.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist button_buynow.gif (echo %windir%\button_buynow.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist button_freescan.gif (echo %windir%\button_freescan.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist buy.gif (echo %windir%\buy.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist buy_now.gif (echo %windir%\buy_now.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "buy-now-btn.gif" (echo %windir%\buy-now-btn.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist bxsbang.dll (echo %windir%\bxsbang.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist bxproxy.exe (echo %windir%\bxproxy.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist click_for_free_scan.gif (echo %windir%\click_for_free_scan.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist close_ico.gif (echo %windir%\close_ico.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "close-bar.gif" (echo %windir%\close-bar.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist clrssn.exe (echo %windir%\clrssn.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist "corner-left.gif" (echo %windir%\corner-left.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "corner-right.gif" (echo %windir%\corner-right.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist country.exe (echo %windir%\country.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist cpan.dll (echo %windir%\cpan.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist d3dn32.exe (echo %windir%\d3dn32.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist d3??.dll (echo %windir%\d3??.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist d3pb.exe (echo %windir%\d3pb.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ddkret.dll (echo %windir%\ddkret.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist defender??.exe (echo %windir%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist desktop.html (echo %windir%\desktop.html %sFound%>>%systemdrive%\rapport.txt)
    if exist ddesupport.dll (echo %windir%\ddesupport.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist dialup.exe (echo %windir%\dialup.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist div32.dll (echo %windir%\div32.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist dxdiag.dll (echo %windir%\dxdiag.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist dlmax.dll (echo %windir%\dlmax.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist download.gif (echo %windir%\download.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist download_box.gif (echo %windir%\download_box.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist download_product.gif (echo %windir%\download_product.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "download-btn.gif" (echo %windir%\download-btn.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist dr.exe (echo %windir%\dr.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartload.dat (echo %windir%\drsmartload.dat %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartload2.dat (echo %windir%\drsmartload2.dat %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartload95a.exe (echo %windir%\drsmartload95a.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist drsmartloadb1.dat (echo %windir%\drsmartloadb1.dat %sFound%>>%systemdrive%\rapport.txt)
    if exist drvsvp.dll (echo %windir%\drvsvp.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist duocore.dll (echo %windir%\duocore.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist exploeee.exe (echo %windir%\exploeee.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist expro.dll (echo %windir%\expro.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist "facts.gif" (echo %windir%\facts.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist features.gif (echo %windir%\features.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "footer.gif" (echo %windir%\footer.giff %sFound%>>%systemdrive%\rapport.txt)
    if exist footer_back.gif (echo %windir%\footer_back.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist footer_back.jpg (echo %windir%\footer_back.jpg %sFound%>>%systemdrive%\rapport.txt)
    if exist free_scan_red_btn.gif (echo %windir%\free_scan_red_btn.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "free-scan-btn.gif" (echo %windir%\free-scan-btn.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist gimmygames.dat (echo %windir%\gimmygames.dat %sFound%>>%systemdrive%\rapport.txt)
    if exist gormet.dll (echo %windir%\gormet.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist "h-line-gradient.gif" (echo %windir%\h-line-gradient.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist header_1.gif (echo %windir%\header_1.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist header_2.gif (echo %windir%\header_2.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist header_3.gif (echo %windir%\header_3.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist header_4.gif (echo %windir%\header_4.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "header-bg.gif" (echo %windir%\header-bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist hdtip.dll (echo %windir%\hdtip.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist hjoqor.dll (echo %windir%\hjoqor.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist hostctrl.dll (echo %windir%\hostctrl.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist hstsys.dll (echo %windir%\hstsys.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist hupsrv.dll (echo %windir%\hupsrv.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist icon_warning_big.gif (echo %windir%\icon_warning_big.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist icont.exe (echo %windir%\icont.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist iebrowser.dll (echo %windir%\iebrowser.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iecontext.dll (echo %windir%\iecontext.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iedebug.dll (echo %windir%\iedebug.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iedns.dll (echo %windir%\iedns.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iedrives.dll (echo %windir%\iedrives.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iedrv.exe (echo %windir%\iedrv.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist iedrvctrl.exe (echo %windir%\iedrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ielocales.dll (echo %windir%\ielocales.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ieproxy.dll (echo %windir%\ieproxy.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iereport.dll (echo %windir%\iereport.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iesettings.dll (echo %windir%\iesettings.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iesupport.dll (echo %windir%\iesupport.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iexploree.dll (echo %windir%\iexploree.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist iexplorer.exe (echo %windir%\iexplorer.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ieyi.dll (echo %windir%\ieyi.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ieyi.exe (echo %windir%\ieyi.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist inetdctr.dll (echo %windir%\inetdctr.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist inetloader.dll (echo %windir%\inetloader.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist "infected.gif" (echo %windir%\infected.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist infected_top_bg.gif (echo %windir%\infected_top_bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "info.gif" (echo %windir%\info.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist ipwypkmg.dll (echo %windir%\ipwypkmg.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ipwypktx.dll (echo %windir%\ipwypktx.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ipwypwpk.dll (echo %windir%\ipwypwpk.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist jetctrl.dll (echo %windir%\jetctrl.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist jokvip.exe (echo %windir%\jokvip.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist jokwmp.dll (echo %windir%\jokwmp.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist kbdctrl.dll (echo %windir%\kbdctrl.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist keyboard.exe (echo %windir%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist keyboard?.exe (echo %windir%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist keyboard1.dat (echo %windir%\keyboard1.dat %sFound%>>%systemdrive%\rapport.txt)
    if exist keyboard??.exe (echo %windir%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist kl.exe (echo %windir%\kl.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist kl1.exe (echo %windir%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist kopmet.dll (echo %windir%\kopmet.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist kthemup.exe (echo %windir%\kthemup.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist leorop.dll (echo %windir%\leorop.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist leosrv.dll (echo %windir%\leosrv.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist loader.exe (echo %windir%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist loadadv728.exe (echo %windir%\loadadv728.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist local.html (echo %windir%\local.html %sFound%>>%systemdrive%\rapport.txt)
    if exist logo.gif (echo %windir%\logo.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist main_back.gif (echo %windir%\main_back.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist main_uninstaller.exe (echo %windir%\main_uninstaller.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mgrs.exe (echo %windir%\mgrs.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist monhop.exe (echo %windir%\monhop.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mousepad.exe (echo %windir%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mousepad?.exe (echo %windir%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mousepad??.exe (echo %windir%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist movctrlfqd.dll (echo %windir%\movctrlfqd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist movctrlknq.dll (echo %windir%\movctrlknq.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist movctrlnkd.dll (echo %windir%\movctrlnkd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist movctrlqtn.dll (echo %windir%\movctrlqtn.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist movctrlswd.dll (echo %windir%\movctrlswd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist movctrlwxq.dll (echo %windir%\movctrlwxq.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist mscore.dll (echo %windir%\mscore.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msddx.dll (echo %windir%\msddx.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msdn.dll (echo %windir%\msdn.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msdns.dll (echo %windir%\msdns.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msdn32.dll (echo %windir%\msdn32.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msdrv.exe (echo %windir%\msdrv.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist msdrvctrl.exe (echo %windir%\msdrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist msmduo.dll (echo %windir%\msmduo.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msmduo2.dll (echo %windir%\msmduo2.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msie.dll (echo %windir%\msie.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist mslog.exe (echo %windir%\mslog.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist msole.dll (echo %windir%\msole.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msdde.dll (echo %windir%\msdde.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msmdev.dll (echo %windir%\msmdev.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msmhost.dll (echo %windir%\msmhost.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msqnx.dll (echo %windir%\msqnx.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist mssmart.dll (echo %windir%\mssmart.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist mssql.dll (echo %windir%\mssql.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist msvb.dll (echo %windir%\msvb.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist mtwirl32.dll (echo %windir%\mtwirl32.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist mxd.exe (echo %windir%\mxd.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist mxduo.dll (echo %windir%\mxduo.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist navibar_bg.gif (echo %windir%\navibar_bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist navibar_corner_left.gif (echo %windir%\navibar_corner_left.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist navibar_corner_right.gif (echo %windir%\navibar_corner_right.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist neobus.dll (echo %windir%\neobus.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist netadv.dll (echo %windir%\netadv.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist newname.dat (echo %windir%\newname.dat %sFound%>>%systemdrive%\rapport.txt)
    if exist newname?.exe (echo %windir%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist newname??.exe (echo %windir%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ms1.exe (echo %windir%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist "no-icon.gif" (echo %windir%\no-icon.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist nopctrl.dll (echo %windir%\nopctrl.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist nopzet.dll (echo %windir%\nopzet.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist notepad.com (echo %windir%\notepad.com %sFound%>>%systemdrive%\rapport.txt)
    if exist notepad32.exe (echo %windir%\notepad32.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist nretcip.exe (echo %windir%\nretcip.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist nsduo.dll (echo %windir%\nsduo.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist nssfrch.dll (echo %windir%\nssfrch.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ntspkfnd.dll (echo %windir%\ntspkfnd.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ntspklqs.dll (echo %windir%\ntspklqs.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ntspknlg.dll (echo %windir%\ntspknlg.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist ocgrep.dll (echo %windir%\ocgrep.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist onlineshopping.ico (echo %windir%\onlineshopping.ico %sFound%>>%systemdrive%\rapport.txt)
    if exist olehelp.exe (echo %windir%\olehelp.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist oprevgkx.dll (echo %windir%\oprevgkx.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist oprevnpx.dll (echo %windir%\oprevnpx.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist oprevpfm.dll (echo %windir%\oprevpfm.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist oprevxlw.dll (echo %windir%\oprevxlw.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist osaupd.exe (echo %windir%\osaupd.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist ossmart.dll (echo %windir%\ossmart.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist pmkret.dll (echo %windir%\pmkret.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist policies.dll (echo %windir%\policies.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist policyverifier.exe (echo %windir%\policyverifier.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist pop06ap2.exe (echo %windir%\pop06ap2.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist popnetkqw.dll (echo %windir%\popnetkqw.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist popnetmtq.dll (echo %windir%\popnetmtq.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist popnetnlf.dll (echo %windir%\popnetnlf.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist popuper.exe (echo %windir%\popuper.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist privacy_danger (echo %windir%\privacy_danger %sFound%>>%systemdrive%\rapport.txt)
    if exist processes.txt (echo %windir%\processes.txt %sFound%>>%systemdrive%\rapport.txt)
    if exist product_box.gif (echo %windir%\product_box.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist psg.exe (echo %windir%\psg.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist pssms.dll (echo %windir%\pssms.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist Pynix.dll (echo %windir%\Pynix.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist qdertu.exe (echo %windir%\qdertu.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist qnxplugin.dll (echo %windir%\qnxplugin.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist q*_disk.dll (echo %windir%\q*_disk.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist red_warning_ico.gif (echo %windir%\red_warning_ico.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "reg-freeze-box.gif" (echo %windir%\reg-freeze-box.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "reg-freeze-header.gif" (echo %windir%\reg-freeze-header.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist remove_spyware_header.gif (echo %windir%\remove_spyware_header.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "remove-spyware-btn.gif" (echo %windir%\remove-spyware-btn.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist removeadware.ico (echo %windir%\removeadware.ico %sFound%>>%systemdrive%\rapport.txt)
    if exist retnsrp.dll (echo %windir%\retnsrp.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist rf.gif (echo %windir%\rf.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist rf_header.gif (echo %windir%\rf_header.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist rmvgor.dll (echo %windir%\rmvgor.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist rzs.exe (echo %windir%\rzs.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist runwin32.exe (echo %windir%\runwin32.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist sachostx.exe (echo %windir%\sachostx.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist safe_and_trusted.gif (echo %windir%\safe_and_trusted.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist sapnet.dll (echo %windir%\sapnet.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist sawkip.exe (echo %windir%\sawkip.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist scan_btn.gif (echo %windir%\scan_btn.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist sconf32.dll (echo %windir%\sconf32.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist screen.html (echo %windir%\screen.html %sFound%>>%systemdrive%\rapport.txt)
    if exist se_spoof.dll (echo %windir%\se_spoof.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist sec.exe (echo %windir%\sec.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist "security-center-bg.gif" (echo %windir%\security-center-bg.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "security-center-logo.gif" (echo %windir%\security-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist security_center_caption.gif (echo %windir%\security_center_caption.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist sep_hor.gif (echo %windir%\sep_hor.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist sep_vert.gif (echo %windir%\sep_vert.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist service.dll (echo %windir%\service.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist sexpersonals.ico (echo %windir%\sexpersonals.ico %sFound%>>%systemdrive%\rapport.txt)
    if exist sdkcb.dll (echo %windir%\sdkcb.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist sdkqq.exe (echo %windir%\sdkqq.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist sdrmod.dll (echo %windir%\sdrmod.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist secure32.html (echo %windir%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
    if exist shell.exe (echo %windir%\shell.exe %sFound%>>%systemdrive%\rapport.txt)
    if exist sites.ini (echo %windir%\sites.ini %sFound%>>%systemdrive%\rapport.txt)
    if exist slassac.dll (echo %windir%\slassac.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist sounddrv.dll (echo %windir%\sounddrv.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist soundplugin.dll (echo %windir%\soundplugin.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist spp3.dll (echo %windir%\spp3.dll %sFound%>>%systemdrive%\rapport.txt)
    if exist spacer.gif (echo %windir%\spacer.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "spacer.gif'" (echo %windir%\spacer.gif' %sFound%>>%systemdrive%\rapport.txt)
    if exist spyware_detected.gif (echo %windir%\spyware_detected.gif %sFound%>>%systemdrive%\rapport.txt)
    if exist "spyware-det
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sukky
     
    @ECHO OFF

    REM Smitfraud Fix by S!Ri
    REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
    REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
    REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
    REM and all the ones I forgot who submit files, analyses, help users...
    REM Miekiemoes' Shudder key fix added.
    REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
    REM Reboot.exe by Shadowwar/Option^Explicit added.
    REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
    REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
    REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
    REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
    REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
    REM unzip.exe - info-zip (http://www.info-zip.org)
    REM SmiUpdate.exe - Sebdraluorg
    REM exit.exe - MAD - Malware Analysis and Diagnostic

    set fixname=SmitFraudFix
    set fixvers=v2.274

    VER|find "Windows 95">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows 98">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows Millennium">NUL
    IF NOT ERRORLEVEL 1 GOTO Win
    VER|find "Windows XP">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Windows 2000">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Version 5.2.3790">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "Version 6.0">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    VER|find "version 6.0">NUL
    IF NOT ERRORLEVEL 1 GOTO NT
    if %OS%==Windows_NT goto NT
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Version non support^‚e.
    echo Windows 2000 / XP requis !
    echo.
    echo Unsupported Version.
    echo Windows 2000 / XP required !
    echo.
    pause
    goto exit

    :Win
    color 47
    echo %fixname% %fixvers%
    echo.
    echo Version non support^‚e.
    echo Windows 2000 / XP requis !
    echo.
    echo Unsupported Version.
    echo Windows 2000 / XP required !
    echo.
    pause
    goto exit

    :NT
    set DoReboot=0
    set DoRestart=0
    set syspath=%windir%\system32
    0
  7. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonjour tout d'abord !

    Rien a voir avec ce que j'attends ...
    0
  8. sukky
     
    Est-ce que cela vous convient ?

    SmitFraudFix v2.274

    Rapport fait à 14:12:22,40, 01/05/2002
    Executé à partir de C:\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\AstSrv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\Explorer.EXE
    C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
    C:\windows\system32\hqeoaplvcb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\VirusGarde\pgs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gantet

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gantet\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gantet\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce MCP Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{932E27AD-4825-4E80-AAF3-20D65B446F7B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{932E27AD-4825-4E80-AAF3-20D65B446F7B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  9. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Yes, ce coup ci c est le bon, sauf que je reste un peu étonné de son résultat ..

    Sinon, tu peux me tutoyer ;)

    2 rogues de présents sur ton PC WinAntiVirus Pro 2006 http://assiste.com.free.fr/p/craptheque/winantivirus_pro_2006.html

    et VirusGarde http://assiste.com.free.fr/p/craptheque/virusguard.html

    Télécharge RogueRemover free

    https://www.malwarebytes.com/for-home/products/

    Tuto de Malekal_Morte :http://www.malekal.com/tutorial_RogueRemover.php

    Installe le, puis effectue les mises à jour et lance le scan ensuite coche :

    WinAntiVirus Pro 2006 et VirusGarde puis clique sur remove selected.

    (précise moi si il a trouvé autre chose stp.)

    Laisse le finir son travail puis ferme le quand terminé.

    Poste en réponse le rapport de RogueRemoversitué dans C:\Program Files\RogueRemover free\RRLogxxx.txt ainsi qu'un nouveau rapport HijackThis.

    @ suivre.
    0
  10. sukky
     
    voilà le rapport seul WinAntiVirus Pro 2006 a été supprimé, virus garde n'est pas apparu bien qu'on le possède.
    cordialement
    Malwarebytes' RogueRemover
    Malwarebytes ©2007 https://www.malwarebytes.com/
    6653 total fingerprints loaded.

    Loading database ...
    Expanding environmental variables ...

    Scanning files ... [ 100% ].
    Scanning folders ... [ 100% ].
    Scanning registry keys ... [ 100% ].
    Scanning registry values ... [ 100% ].

    RogueRemover has detected rogue antispyware components! Results below...

    Type: File
    Vendor: TrustedProtection
    Location: C:\WINDOWS\system32\drivers\fopf.sys
    Selected for removal: No

    Type: File
    Vendor: WinAntiVirus 2006
    Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
    Selected for removal: Yes

    Type: Folder
    Vendor: WinAntiVirus 2006
    Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
    Selected for removal: Yes

    Type: Folder
    Vendor: BestsellerAntivirus
    Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor
    Selected for removal: No

    Type: Folder
    Vendor: BestsellerAntivirus
    Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data
    Selected for removal: No

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\AppID\WinPGI.DLL
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\WAP6.PCheck
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\WAP6.PCheck.1
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\AVExplorer.ShellExtension
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\AVExplorer.ShellExtension.2
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\AppID\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_CLASSES_ROOT\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FOPN
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf_HK
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VxD\VSPF_HK
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_HK
    Selected for removal: Yes

    Type: Registry Key
    Vendor: WinAntiVirus 2006
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK
    Selected for removal: Yes

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\AppID\{7F7775D5-1EC8-4c0d-9BD7-6F3380959861}
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\AppID\PopupG.DLL
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator.1
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\CLSID\{C4514FE1-54AA-42f0-B212-BA8065206F8F}
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\CLSID\{D3B4C621-6024-410b-9F0F-22CBD6981F5E}
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\G.Object
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\G.Object.1
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\Interface\{D961C9CA-59B3-46DD-9CEE-47714CFE2831}
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\TypeLib\{55B49019-E69E-47FD-A67F-F28D83E5B695}
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_CLASSES_ROOT\TypeLib\{7F7775D5-1EC8-4C0D-9BD7-6F3380959861}
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FOPF
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPF
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPF
    Selected for removal: No

    Type: Registry Key
    Vendor: TrustedProtection
    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPF
    Selected for removal: No

    Type: Registry Key
    Vendor: ErrClean
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair
    Selected for removal: No

    Type: Registry Value
    Vendor: ErrorProtector
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Salestart
    Selected for removal: No

    RogueRemover has found the objects above.
    0
  11. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir Sukky

    Bien joué, je reste étonné que Rogueremover n'est pas proposé de supprimer VirusGarde

    Désinstallation de VirusGarde

    Démarrer / Paramètres /Panneau de config et dans Ajout/Suppression de programme , clique sur la ligne du programme a désinstaller VirusGarde puis clique sur supprimer et suis les demandes de la boite de dialogue qui s'ouvrira afin d'amener la désinstallation a son terme.

    Fais redémarrer ton PC si demander et jette ensuite le dossier dans C:\Program Files\VirusGarde >--- le dossier.

    Poste ensuite un nouveau rapport HijackThis et dis moi si tu constates des améliorations.

    @ suivre
    0
  12. sukky
     
    Bonjour,

    Tu trouveras ci-joint le rapport Hijackthis
    Cordialement

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13:21:07, on 02/05/2002
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\AstSrv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\Explorer.EXE
    C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Gantet\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    0
  13. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonjour

    Tu utilises Logfile of Trend Micro HijackThis v2.0.0 (BETA) ...


    1) Désinstallation de la version beta


    Lancer hjt "Open misc tools section" avec la flèche a droite descendre jusqu' a "uninstall HijackThis&exit puis supprimer le dossier Hjt qui se trouve sur ton Bureau.

    2) Installation HijackThis 2.0.2

    Télécharge hijackthis sur ton Bureau.


    Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.


    Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .

    Puis clique sur "Do a system scan and save a logfile"

    Ferme HijackThis et fait un copier-coller du rapport en entier et poste le ici en réponse.

    Note : le rapport se trouve dans c:\Program Files\Trend Micro\HijackThis

    Fais cela stp ensuite on passe a "l attaque" ;)

    Le probleme se trouve la ;) :

    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com

    @ suivre
    0
  14. sukky
     
    Voilà le rapport Hijackthis
    Cordialement

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:45:12, on 02/05/2002
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\AstSrv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  15. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Bien joué

    ****Je ne vois pas Antivir se lancer au démarrage ? as tu son parapluie ouvert dans la barre des taches en bas a droite ?*****

    Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
    (Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
    Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
    Si un élément te paraît obscur, demande des explications avant de commencer la désinfection


    1) Télécharge

    OTMoveIt (de Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    N'y touche pas pour le moment.

    2) Redémarre en mode sans échec

    Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
    Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
    Sélectionner "Mode sans échec" et appuie sur [Entrée]
    Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

    Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

    3) Lance HijackThis.

    Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

    Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
    Clique sur Scan Only et coche les lignes suivantes :

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.
    Clique sur Fix Checked puis clique sur OK
    Puis ferme hijackthis.

    4) OTMoveIt (de Old_Timer)

    Double clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe

    Clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaîtra dans le cadre Results.
    Clique sur Exit pour fermer.

    Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
    si c'est le cas accepte par Yes.


    5) Rapports

    Fais redémarrer ton PC en mode normal puis poste en réponse :

    * Le rapport d’OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
    * Un nouveau rapport HijackThis.

    @ suivre
    0
  16. sukky
     
    Rapport d’OTMoveIt
    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe moved successfully.

    Created on 05/02/2002 14:18:03

    rapport HijackThis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:35:10, on 02/05/2002
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\AstSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Neuf\Kit\9diags.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  17. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    J en avais bien peur, Demarrer /tous les programmes Antivir PersonnalEdition Classisc ?start Antivir PersonnalEdition puis tu clique sur Activate a droite d' Antivir guard

    Le gardien d'Abntivir doit se redeclencher,tu dois avoir leparapluie dansla barre des taches;

    Si ce n'est toujours pas le cas Demarrer / executer tapes msconfig une fenetre va s ouvrir, clique sur l'onglet demarrage et verifie avgnt q--> u'antiir y est coché pour se lancer au demarrage, si ce n est pas le cas coche et signalemoi le en réponse.

    Redemarre le PC et dis moi si Antivir est maintenant présent dans la barre des tache ...

    Puis

    OTMoveIt (de Old_Timer)

    Double clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    C:\Program Files\Fichiers communs\ErreurChasseur


    Clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaîtra dans le cadre Results.
    Clique sur Exit pour fermer.

    Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
    si c'est le cas accepte par Yes.


    --> Poste le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)

    @ suivre
    0
  18. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Re

    Ok, ta punition , lol ;)

    1)Télécharge Avira antivir

    -- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien :
    https://www.avira.com/ sur ton bureau.

    Mets toi hors connexion débranche ton cable ou coupe ta wifi

    2) Désinstallation d'Antivir</gras>


    Mets toi hors connexion
    , puis désinstalle Antivir via démarrer /panneau de config/ ajout et suppression de programmes , redémarre ton pc comme demandé s

    3) Installe et paramètre puis mets a jour Antivir

    Double clique sur son set up sur ton bureau pour lancer l’installation.

    Une fois celui ci installé, remets la connexion et

    Effectue sa mise a jour puis ferme ce programme pour l’instant.

    Puis paramètre le comme indiqué ici :
    http://speedweb1.free.fr/frames2.php?page=tuto5
    ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/

    4) Redémarre en mode sans échec

    Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
    Sélectionner "Mode sans échec" et appuyer sur [Entrée]
    Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

    Voir si besoin C) https://forum.pcastuces.com/sujet.asp?f=25&s=3902

    5) Scan Antivirus et nettoyage avec Avira Antivir


    Lance Avira antivir en faisant un double-clique sur le raccourci d’Antivir sur ton Bureau (ou via Demarrer /tous les programmes /Antivir) puis « start Antivir »
    Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
    Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
    Mets tout ce qu il trouve en "quarantine"
    Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton bureau..

    6) Rapport

    Redémarre en mode normal puis poste le rapport d'Antivir (que tu as sauvegardé sur ton bureau).

    Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php

    @ suivre
    0
  • 1
  • 2
  • 3