Pb Erreur chasseur
Résolu/Fermé
sukky
-
20 oct. 2007 à 07:59
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 6 janv. 2008 à 09:31
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 6 janv. 2008 à 09:31
A voir également:
- Pb Erreur chasseur
- Erreur 0x80070643 - Accueil - Windows
- Erreur 0x80070643 Windows 10 : comment résoudre le problème de la mise à jour KB5001716 - Accueil - Windows
- Erreur 1001 outlook - Accueil - Bureautique
- Erreur 38 free ✓ - Forum Mobile
- Erreur g030 - Forum Bbox Bouygues
43 réponses
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
20 oct. 2007 à 08:17
20 oct. 2007 à 08:17
Bonjour Suky
Besoin d un autre rapport avant d attaquer
Un smitfraudFix
Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
* Installe le à la racine de C
* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Besoin d un autre rapport avant d attaquer
Un smitfraudFix
Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
* Installe le à la racine de C
* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Bonsoir,
Après avoirdemandé de l'aide sur ce forum, j'ai exécuté le Smitfraudfix comme demandé par Lesioux et je vous l'ai transmis.
Depuis, je n'ai plus de réponse.
Pouvez vous me dire ce que je dois faire.
Merci pour votre aide
Cordialement
Sukky
Après avoirdemandé de l'aide sur ce forum, j'ai exécuté le Smitfraudfix comme demandé par Lesioux et je vous l'ai transmis.
Depuis, je n'ai plus de réponse.
Pouvez vous me dire ce que je dois faire.
Merci pour votre aide
Cordialement
Sukky
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
15 nov. 2007 à 20:36
15 nov. 2007 à 20:36
Bonsoir Sukky
??
Je n ai aucune trace de ce rapport que j attends pour pouvoir passer a la suite...
C est ici qu il faut copier / coller ce dernier si tu veux que je puisse t'aider.
@+
??
Je n ai aucune trace de ce rapport que j attends pour pouvoir passer a la suite...
C est ici qu il faut copier / coller ce dernier si tu veux que je puisse t'aider.
@+
@ECHO OFF
REM Smitfraud Fix by S!Ri
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip
REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
REM and all the ones I forgot who submit files, analyses, help users...
REM Miekiemoes' Shudder key fix added.
REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
REM Reboot.exe by Shadowwar/Option^Explicit added.
REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
REM unzip.exe - info-zip (http://www.info-zip.org)
REM SmiUpdate.exe - Sebdraluorg
REM exit.exe - MAD - Malware Analysis and Diagnostic
set fixname=SmitFraudFix
set fixvers=v2.274
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 5.2.3790">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
if %OS%==Windows_NT goto NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:NT
set DoReboot=0
set DoRestart=0
set syspath=%windir%\system32
echo Option Explicit>GetPaths.vbs
echo.>>GetPaths.vbs
echo Dim Shell>>GetPaths.vbs
echo Dim KeyPath>>GetPaths.vbs
echo Dim ObjFileSystem>>GetPaths.vbs
echo Dim ObjOutputFile>>GetPaths.vbs
echo Dim ObjRegExp>>GetPaths.vbs
echo Dim File>>GetPaths.vbs
echo Dim TmpVar>>GetPaths.vbs
echo Dim TmpCounter>>GetPaths.vbs
echo Dim Var>>GetPaths.vbs
echo Dim Accent>>GetPaths.vbs
echo.>>GetPaths.vbs
echo KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo File = "SetPaths.bat">>GetPaths.vbs
echo.>>GetPaths.vbs
echo Set Shell = WScript.CreateObject("WScript.Shell")>>GetPaths.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>GetPaths.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>GetPaths.vbs
echo Set ObjRegExp = New RegExp>>GetPaths.vbs
echo.>>GetPaths.vbs
echo Function ShortFileName(Path)>>GetPaths.vbs
echo Dim f>>GetPaths.vbs
echo Set f = ObjFileSystem.GetFolder(Path)>>GetPaths.vbs
echo ShortFileName = f.ShortPath>>GetPaths.vbs
echo End Function>>GetPaths.vbs
echo Function Accents(Str)>>GetPaths.vbs
echo ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]">>GetPaths.vbs
echo ObjRegExp.IgnoreCase = True>>GetPaths.vbs
echo ObjRegExp.Global = True>>GetPaths.vbs
echo Accents = ObjRegExp.Replace(Str, "?")>>GetPaths.vbs
echo End Function>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set desktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set favorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set startprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set startm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set startup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set audesktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set aufavorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set austartprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set austartm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set austartup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo ObjOutputFile.Close>>GetPaths.vbs
echo Set objFileSystem = Nothing>>GetPaths.vbs
echo Set Shell = Nothing>>GetPaths.vbs
echo Set ObjRegExp = nothing>>GetPaths.vbs
echo.>>GetPaths.vbs
cscript //I //nologo GetPaths.vbs
del GetPaths.vbs
Call SetPaths.bat
del SetPaths.bat
if exist "%userprofile%\Bureau" (
set lang=fra
) else (
set lang=int
)
goto test
:test
if not exist Process.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Process.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Process.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist swreg.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swreg.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swreg.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist swsc.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swsc.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swsc.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist SrchSTS.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SrchSTS.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SrchSTS.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist Reboot.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Reboot.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Reboot.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist restart.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier restart.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo restart.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist GenericRenosFix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier GenericRenosFix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo GenericRenosFix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist dumphive.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier dumphive.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo dumphive.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist unzip.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier unzip.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo unzip.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist SmiUpdate.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SmiUpdate.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SmiUpdate.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist swxcacls.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swxcacls.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swxcacls.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist VCCLSID.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier VCCLSID.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo VCCLSID.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist WS2Fix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier WS2Fix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo WS2Fix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist IEDFix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier IEDFix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo IEDFix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if exist Update.cmd del Update.cmd
if not exist %syspath%\Process.exe copy Process.exe %syspath%\Process.exe >NUL
if not exist %syspath%\swreg.exe copy swreg.exe %syspath%\swreg.exe >NUL
if not exist %syspath%\swsc.exe copy swsc.exe %syspath%\swsc.exe >NUL
if not exist %syspath%\SrchSTS.exe copy SrchSTS.exe %syspath%\SrchSTS.exe >NUL
if not exist %syspath%\dumphive.exe copy dumphive.exe %syspath%\dumphive.exe >NUL
if not exist %syspath%\swxcacls.exe copy swxcacls.exe %syspath%\swxcacls.exe >NUL
if not exist %syspath%\VCCLSID.exe copy VCCLSID.exe %syspath%\VCCLSID.exe >NUL
if not exist %syspath%\WS2Fix.exe copy WS2Fix.exe %syspath%\WS2Fix.exe >NUL
if not exist %syspath%\IEDFix.exe copy IEDFix.exe %syspath%\IEDFix.exe >NUL
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt
chkntfs %systemdrive% | find /V "%systemdrive%">tmp.txt
type tmp.txt | find /i "NTFS">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=NTFS
if exist tmp3.txt del tmp3.txt
type tmp.txt | find /i "FAT32">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=FAT32
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt
goto notice
:notice
color 17
cls
if %lang%==fra (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger n'est pas affili^‚ avec SmitfraudFix!
echo.
echo Cet outil a ^‚t^‚ cr^‚^‚ par S!Ri pour une utilisation GRATUITE.
echo Des dons seront accept^‚s par S!Ri, uniquement sur son site Web principal
echo N'importe qui d'autre essayant d'en tirer profit
echo ou qui sollicite de l'argent est impliqu^‚ dans une fraude.
echo.
echo.
echo Appuyez sur une touche pour continuer...
echo.
) else (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger is NOT involved with Smitfraudfix in any way!
echo.
echo This tool was created by S!Ri, and is available for FREE.
echo Voluntary donations will be accepted by S!Ri, at his main website only.
echo Anyone, other than the creator, trying to make a profit
echo or solicit money from its use would be involved in fraudulent activity.
echo.
echo.
echo Press a key to continue...
echo.
)
pause>NUL
goto menu
:menu
color 17
cls
if %lang%==fra (
set sChoice=Entrez votre choix
set sScanDate=Rapport fait à
set sRunFrom=Executé à partir de
set sFSType=Le type du système de fichiers est
set SafeMWarn=Fix executé en mode normal
set SafeMDisp=Fix executé en mode sans echec
set sSearch=Recherche
set sFound=PRESENT !
set sFoundLSP=Détecté, utiliser LSPFix.exe pour supprimer !
set sDel=supprimé
set sRen=Redemarrez et Executez SmitfraudFix option 2 encore une fois SVP.
set sInfect=infecté !
set sInfect2=infect^‚ !
set KDMess=détecté !
set sHOSTS=Fichier hosts corrompu !
set RKScan=utilisez un scanner de Rootkit
set xpdxMess=xpdx détecté, utilisez un scanner de Rootkit
set xpdtMess=xpdt détecté, utilisez un scanner de Rootkit
set pe386Mess=pe386 détecté, utilisez un scanner de Rootkit
set lzx32Mess=lzx32 détecté, utilisez un scanner de Rootkit
set huy32Mess=huy32 détecté, utilisez un scanner de Rootkit
set msguardMess=msguard détecté, utilisez un scanner de Rootkit
set DNSHJ=Votre ordinateur est certainement victime d'un détournement de DNS
set CleanDNS=Voules vous reconfigurer votre réseau avec des IP dynamiques -DHCP- ?
set CancelDNS=Configuration annulée. Vérifiez les paramètres de votre réseau.
set sWiniSearch=Recherche wininet.dll de remplacement
set sEnd=Fin
set sProcess=Arret des processus
set sError=Problème suppression
set sNotFound=non trouvé
set sTempFolder=Suppression Fichiers Temporaires
set sRegCleanQ=Voulez-vous nettoyer le registre ? ^(o/n^)
set sRegClean=Nettoyage du registre
set sWininetQ=Corriger le fichier infect^‚ ? ^(o/n^)
set sTrustQ=R^‚initialiser la liste des sites de confiance et sensibles ? ^(o/n^)
set sTrustBackUp=Copie de sauvegarde
set sTrustDone=Sites de confiance et sensibles effac^‚s.
set sTrustError=*** Erreur : zone.reg non trouv^‚ ***
echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Recherche
echo 2. Nettoyage ^( mode sans echec recommand^‚ ^)
echo 3. Effacer les sites de confiance et sensibles
echo 4. V^‚rifier les Mises ^… jour
echo 5. Recherche et suppression d^‚tournement DNS
echo L. Langue Anglaise
echo Q. Quitter
echo.
echo.
echo Fermez tous les programmes
echo un red^‚marrage peut-^ˆtre n^‚cessaire
echo.
echo.
echo.
) else (
set sChoice=Enter your choice
set sScanDate=Scan done at
set sRunFrom=Run from
set sFSType=The filesystem type is
set SafeMWarn=Fix run in normal mode
set SafeMDisp=Fix run in safe mode
set sSearch=Scanning
set sFound=FOUND !
set sFoundLSP=Detected, use LSPFix.exe to delete !
set sDel=Deleted
set sRen=Please, Reboot and Run SmitfraudFix option 2 once again.
set sInfect=infected !
set sInfect2=infected !
set KDMess=detected !
set sHOSTS=hosts file corrupted !
set RKScan=use a Rootkit scanner
set xpdxMess=xpdx detected, use a Rootkit scanner
set xpdtMess=xpdt detected, use a Rootkit scanner
set pe386Mess=pe386 detected, use a Rootkit scanner
set lzx32Mess=lzx32 detected, use a Rootkit scanner
set huy32Mess=huy32 detected, use a Rootkit scanner
set msguardMess=msguard detected, use a Rootkit scanner
set DNSHJ=Your computer may be victim of a DNS Hijack
set CleanDNS=Do you want to set your network to dynamic -DHCP- Server ?
set CancelDNS=Configuration canceled. Check your network settings.
set sWiniSearch=Scanning for wininet.dll backup
set sEnd=End
set sProcess=Killing process
set sError=Problem while deleting
set sNotFound=not found
set sTempFolder=Deleting Temp Files
set sRegCleanQ=Do you want to clean the registry ? ^(y/n^)
set sRegClean=Registry Cleaning
set sWininetQ=Replace infected file ? ^(y/n^)
set sTrustQ=Restore Trusted Zone ? ^(y/n^)
set sTrustBackUp=Saving BackUp
set sTrustDone=Trusted Zone deleted.
set sTrustError=*** Error : zone.reg not found ***
echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Search
echo 2. Clean ^(safe mode recommended^)
echo 3. Delete Trusted zone
echo 4. Check for updates
echo 5. Search and clean DNS Hijack
echo L. French Language
echo Q. Quit
echo.
echo.
echo Close all applications
echo Computer may reboot
echo.
echo.
echo.
)
set ChoixMenu=''
set /p ChoixMenu=%sChoice% (1,2,3,4,5,L,Q) :
if '%ChoixMenu%'=='l' GOTO SwappL
if '%ChoixMenu%'=='L' GOTO SwappL
if '%ChoixMenu%'=='q' GOTO exit
if '%ChoixMenu%'=='Q' GOTO exit
if '%ChoixMenu%'=='1' GOTO search
if '%ChoixMenu%'=='2' GOTO fix
if '%ChoixMenu%'=='3' GOTO zonefix
if '%ChoixMenu%'=='4' GOTO update
if '%ChoixMenu%'=='5' GOTO DNSSearchFix
goto menu
:SwappL
if '%lang%'=='fra' (
set lang=int
) else (
set lang=fra
)
goto notice
:search
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>%systemdrive%\rapport.txt
echo.
echo.>>%systemdrive%\rapport.txt
echo %sScanDate% %time%, %date%>>%systemdrive%\rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo %sRunFrom% %CurDir%>>%systemdrive%\rapport.txt
IF ERRORLEVEL 1 (
echo %sRunFrom% >>%systemdrive%\rapport.txt
cd >>%systemdrive%\rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version% - %OS%>>%systemdrive%\rapport.txt
echo %sFSType% %FSType%>>%systemdrive%\rapport.txt
if not defined safeboot_option echo %SafeMWarn%>>%systemdrive%\rapport.txt
if defined safeboot_option echo %SafeMDisp%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
echo %sSearch% Process...
echo »»»»»»»»»»»»»»»»»»»»»»»» Process>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
echo Option Explicit>ProcessList.vbs
echo.>>ProcessList.vbs
echo Dim File>>ProcessList.vbs
echo Dim ObjFileSystem>>ProcessList.vbs
echo Dim ObjOutputFile>>ProcessList.vbs
echo Dim objWMIService>>ProcessList.vbs
echo Dim oproc>>ProcessList.vbs
echo Dim Var>>ProcessList.vbs
echo.>>ProcessList.vbs
echo File = "Process.txt">>ProcessList.vbs
echo.>>ProcessList.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>ProcessList.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>ProcessList.vbs
echo.>>ProcessList.vbs
echo Set objWMIService = GetObject("winmgmts:\root\cimv2")>>ProcessList.vbs
echo Set oproc = objWMIService.ExecQuery("Select * from Win32_Process",,48)>>ProcessList.vbs
echo.>>ProcessList.vbs
echo For Each oproc In oproc>>ProcessList.vbs
echo Var = oproc.ExecutablePath>>ProcessList.vbs
echo if Var ^<^> "" then>>ProcessList.vbs
echo ObjOutputFile.WriteLine(Var)>>ProcessList.vbs
echo End If>>ProcessList.vbs
echo Next>>ProcessList.vbs
echo.>>ProcessList.vbs
echo ObjOutputFile.Close>>ProcessList.vbs
echo Set objFileSystem = Nothing>>ProcessList.vbs
echo Set oproc = Nothing>>ProcessList.vbs
echo Set objWMIService = Nothing>>ProcessList.vbs
echo.>>ProcessList.vbs
cscript //I //nologo ProcessList.vbs
del ProcessList.vbs
type Process.txt | find /v "cscript.exe" >>%systemdrive%\rapport.txt
del Process.txt
echo.>>%systemdrive%\rapport.txt
echo %sSearch% hosts...
echo »»»»»»»»»»»»»»»»»»»»»»»» hosts>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
type %syspath%\drivers\etc\hosts | find /i "arovax.com">tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bleepingcomputer.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "boskak.za.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bullguard.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "castlecops.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "compu-docs.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "computing.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "dell.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "depannetonpc.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "digitaltrends.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "ewido.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "geekstogo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "greyknight17.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "idg.pl">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "infos-du-net.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "innovative-sol.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lavasoftsupport.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lockergnome.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "majorgeeks.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "microsoft.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "mytechsupport.ca">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "pandasoftware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "prevx.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "siri.urz.free.fr">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spybot.info">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "stevengould.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "sunbelt-software.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.dk">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "superantispyware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techguy.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techsupportforum.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "tomcoyote.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "wilderssecurity.com">>tmp.txt
for /f "tokens=* delims=" %%a in (tmp.txt) do echo %%a>tmp2.txt
if exist tmp2.txt goto ScanHosts_Found
goto ScanHosts_End
:ScanHosts_Found
echo %sHOSTS%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
type tmp.txt>>%systemdrive%\rapport.txt
:ScanHosts_End
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
echo.>>%systemdrive%\rapport.txt
echo %sSearch% %HOMEDRIVE%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %HOMEDRIVE%\>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
pushd %HOMEDRIVE%\
if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe %sFound%>>%systemdrive%\rapport.txt)
if exist config.sy_ (echo %HOMEDRIVE%\config.sy_ %sFound%>>%systemdrive%\rapport.txt)
if exist contextplus.exe (echo %HOMEDRIVE%\contextplus.exe %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %HOMEDRIVE%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %HOMEDRIVE%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr.exe (echo %HOMEDRIVE%\dfndr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndra.exe (echo %HOMEDRIVE%\dfndra.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr?_?.exe (echo %HOMEDRIVE%\dfndr?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload?.exe (echo %HOMEDRIVE%\drsmartload?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload??.exe (echo %HOMEDRIVE%\drsmartload??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload???.exe (echo %HOMEDRIVE%\drsmartload???.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload????.exe (echo %HOMEDRIVE%\drsmartload????.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ecsiin.stub.exe (echo %HOMEDRIVE%\ecsiin.stub.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exit (echo %HOMEDRIVE%\exit %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys.exe (echo %HOMEDRIVE%\gimmysmileys.exe %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys?.exe (echo %HOMEDRIVE%\gimmysmileys?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %HOMEDRIVE%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %HOMEDRIVE%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %HOMEDRIVE%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %HOMEDRIVE%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd.exe (echo %HOMEDRIVE%\kybrd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd_?.exe (echo %HOMEDRIVE%\kybrd_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd?_?.exe (echo %HOMEDRIVE%\kybrd?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %HOMEDRIVE%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %HOMEDRIVE%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %HOMEDRIVE%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %HOMEDRIVE%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist MTE3NDI6ODoxNg.exe (echo %HOMEDRIVE%\MTE3NDI6ODoxNg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm.exe (echo %HOMEDRIVE%\nwnm.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm_?.exe (echo %HOMEDRIVE%\nwnm_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm?_?.exe (echo %HOMEDRIVE%\nwnm?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %HOMEDRIVE%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %HOMEDRIVE%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntps.exe (echo %HOMEDRIVE%\ntps.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntnc.exe (echo %HOMEDRIVE%\ntnc.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %HOMEDRIVE%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist r.exe (echo %HOMEDRIVE%\r.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %HOMEDRIVE%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist stub_113_4_0_4_0.exe (echo %HOMEDRIVE%\stub_113_4_0_4_0.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %HOMEDRIVE%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %HOMEDRIVE%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %HOMEDRIVE%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %HOMEDRIVE%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %HOMEDRIVE%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %HOMEDRIVE%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uniq (echo %HOMEDRIVE%\uniq %sFound%>>%systemdrive%\rapport.txt)
if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe %sFound%>>%systemdrive%\rapport.txt)
if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist wp.exe (echo %HOMEDRIVE%\wp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xxx.exe (echo %HOMEDRIVE%\xxx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ %sFound%>>%systemdrive%\rapport.txt
popd
echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
pushd %windir%
if exist ".protected" (echo %windir%\.protected %sFound%>>%systemdrive%\rapport.txt)
if exist aapfr.exe (echo %windir%\aapfr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist accesss.exe (echo %windir%\accesss.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ads.js (echo %windir%\ads.js %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbc.dll (echo %windir%\adsldpbc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbd.dll (echo %windir%\adsldpbd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbe.dll (echo %windir%\adsldpbe.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbf.dll (echo %windir%\adsldpbf.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbj.dll (echo %windir%\adsldpbj.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2005.exe (echo %windir%\adtech2005.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2006a.exe (echo %windir%\adtech2006a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist advrepdow.dll (echo %windir%\advrepdow.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepgds.dll (echo %windir%\advrepgds.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepgpd.dll (echo %windir%\advrepgpd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepkon.dll (echo %windir%\advrepkon.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepnok.dll (echo %windir%\advrepnok.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advreprwd.dll (echo %windir%\advreprwd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepvto.dll (echo %windir%\advrepvto.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adw.htm (echo %windir%\adw.htm %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-box.gif" (echo %windir%\adware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-header.gif" (echo %windir%\adware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist afxp.dll (echo %windir%\afxp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alexaie.dll (echo %windir%\alexaie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxie328.dll (echo %windir%\alxie328.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxtb1.dll (echo %windir%\alxtb1.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "antispylab-logo.gif" (echo %windir%\antispylab-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bg.gif (echo %windir%\about_spyware_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bottom.gif (echo %windir%\about_spyware_bottom.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as.gif (echo %windir%\as.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as_header.gif (echo %windir%\as_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist astctl32.ocx (echo %windir%\astctl32.ocx %sFound%>>%systemdrive%\rapport.txt)
if exist avp.exe (echo %windir%\avp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist avpcc.dll (echo %windir%\avpcc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist azesearch.bmp (echo %windir%\azesearch.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist back.gif (echo %windir%\back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bandserv.dll (echo %windir%\bandserv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist batserv2.exe (echo %windir%\batserv2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bg.gif (echo %windir%\bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bg_bg.gif (echo %windir%\bg_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist big_red_x.gif (echo %windir%\big_red_x.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bindmod.dll (echo %windir%\bindmod.dll %sFound%>>%systemdrive%\rapport.txt)
if exist binret.exe (echo %windir%\binret.exe %sFound%>>%systemdrive%\rapport.txt)
if exist blank.mht (echo %windir%\blank.mht %sFound%>>%systemdrive%\rapport.txt)
if exist blopenv???.dll (echo %windir%\blopenv???.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "blue-bg.gif" (echo %windir%\blue-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrdkq.dll (echo %windir%\bndsrdkq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrfst.dll (echo %windir%\bndsrfst.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrgxt.dll (echo %windir%\bndsrgxt.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrkwm.dll (echo %windir%\bndsrkwm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsronw.dll (echo %windir%\bndsronw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrpfn.dll (echo %windir%\bndsrpfn.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrsvk.dll (echo %windir%\bndsrsvk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrtvd.dll (echo %windir%\bndsrtvd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrvnl.dll (echo %windir%\bndsrvnl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrvqt.dll (echo %windir%\bndsrvqt.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrwlq.dll (echo %windir%\bndsrwlq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist box_1.gif (echo %windir%\box_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_2.gif (echo %windir%\box_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_3.gif (echo %windir%\box_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bonsws.dll (echo %windir%\bonsws.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bonrep.dll (echo %windir%\bonrep.dll %sFound%>>%systemdrive%\rapport.txt)
if exist browsers.dll (echo %windir%\browsers.dll %sFound%>>%systemdrive%\rapport.txt)
if exist BTGrab.dll (echo %windir%\BTGrab.dll %sFound%>>%systemdrive%\rapport.txt)
if exist button_buynow.gif (echo %windir%\button_buynow.gif %sFound%>>%systemdrive%\rapport.txt)
if exist button_freescan.gif (echo %windir%\button_freescan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy.gif (echo %windir%\buy.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy_now.gif (echo %windir%\buy_now.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "buy-now-btn.gif" (echo %windir%\buy-now-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bxsbang.dll (echo %windir%\bxsbang.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bxproxy.exe (echo %windir%\bxproxy.exe %sFound%>>%systemdrive%\rapport.txt)
if exist click_for_free_scan.gif (echo %windir%\click_for_free_scan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist close_ico.gif (echo %windir%\close_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "close-bar.gif" (echo %windir%\close-bar.gif %sFound%>>%systemdrive%\rapport.txt)
if exist clrssn.exe (echo %windir%\clrssn.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-left.gif" (echo %windir%\corner-left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-right.gif" (echo %windir%\corner-right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %windir%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cpan.dll (echo %windir%\cpan.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3dn32.exe (echo %windir%\d3dn32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist d3??.dll (echo %windir%\d3??.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3pb.exe (echo %windir%\d3pb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ddkret.dll (echo %windir%\ddkret.dll %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %windir%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist desktop.html (echo %windir%\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist ddesupport.dll (echo %windir%\ddesupport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dialup.exe (echo %windir%\dialup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist div32.dll (echo %windir%\div32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dxdiag.dll (echo %windir%\dxdiag.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dlmax.dll (echo %windir%\dlmax.dll %sFound%>>%systemdrive%\rapport.txt)
if exist download.gif (echo %windir%\download.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_box.gif (echo %windir%\download_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_product.gif (echo %windir%\download_product.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "download-btn.gif" (echo %windir%\download-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist dr.exe (echo %windir%\dr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload.dat (echo %windir%\drsmartload.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload2.dat (echo %windir%\drsmartload2.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload95a.exe (echo %windir%\drsmartload95a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartloadb1.dat (echo %windir%\drsmartloadb1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drvsvp.dll (echo %windir%\drvsvp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist duocore.dll (echo %windir%\duocore.dll %sFound%>>%systemdrive%\rapport.txt)
if exist exploeee.exe (echo %windir%\exploeee.exe %sFound%>>%systemdrive%\rapport.txt)
if exist expro.dll (echo %windir%\expro.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "facts.gif" (echo %windir%\facts.gif %sFound%>>%systemdrive%\rapport.txt)
if exist features.gif (echo %windir%\features.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "footer.gif" (echo %windir%\footer.giff %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.gif (echo %windir%\footer_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.jpg (echo %windir%\footer_back.jpg %sFound%>>%systemdrive%\rapport.txt)
if exist free_scan_red_btn.gif (echo %windir%\free_scan_red_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "free-scan-btn.gif" (echo %windir%\free-scan-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist gimmygames.dat (echo %windir%\gimmygames.dat %sFound%>>%systemdrive%\rapport.txt)
if exist gormet.dll (echo %windir%\gormet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "h-line-gradient.gif" (echo %windir%\h-line-gradient.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_1.gif (echo %windir%\header_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_2.gif (echo %windir%\header_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_3.gif (echo %windir%\header_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_4.gif (echo %windir%\header_4.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "header-bg.gif" (echo %windir%\header-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist hdtip.dll (echo %windir%\hdtip.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hjoqor.dll (echo %windir%\hjoqor.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hostctrl.dll (echo %windir%\hostctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hstsys.dll (echo %windir%\hstsys.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hupsrv.dll (echo %windir%\hupsrv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist icon_warning_big.gif (echo %windir%\icon_warning_big.gif %sFound%>>%systemdrive%\rapport.txt)
if exist icont.exe (echo %windir%\icont.exe %sFound%>>%systemdrive%\rapport.txt)
if exist iebrowser.dll (echo %windir%\iebrowser.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iecontext.dll (echo %windir%\iecontext.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedebug.dll (echo %windir%\iedebug.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedns.dll (echo %windir%\iedns.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedrives.dll (echo %windir%\iedrives.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedrv.exe (echo %windir%\iedrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist iedrvctrl.exe (echo %windir%\iedrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ielocales.dll (echo %windir%\ielocales.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieproxy.dll (echo %windir%\ieproxy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iereport.dll (echo %windir%\iereport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iesettings.dll (echo %windir%\iesettings.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iesupport.dll (echo %windir%\iesupport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iexploree.dll (echo %windir%\iexploree.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iexplorer.exe (echo %windir%\iexplorer.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.dll (echo %windir%\ieyi.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.exe (echo %windir%\ieyi.exe %sFound%>>%systemdrive%\rapport.txt)
if exist inetdctr.dll (echo %windir%\inetdctr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist inetloader.dll (echo %windir%\inetloader.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "infected.gif" (echo %windir%\infected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist infected_top_bg.gif (echo %windir%\infected_top_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "info.gif" (echo %windir%\info.gif %sFound%>>%systemdrive%\rapport.txt)
if exist ipwypkmg.dll (echo %windir%\ipwypkmg.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ipwypktx.dll (echo %windir%\ipwypktx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ipwypwpk.dll (echo %windir%\ipwypwpk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist jetctrl.dll (echo %windir%\jetctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist jokvip.exe (echo %windir%\jokvip.exe %sFound%>>%systemdrive%\rapport.txt)
if exist jokwmp.dll (echo %windir%\jokwmp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist kbdctrl.dll (echo %windir%\kbdctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %windir%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %windir%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard1.dat (echo %windir%\keyboard1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %windir%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl.exe (echo %windir%\kl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %windir%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kopmet.dll (echo %windir%\kopmet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist kthemup.exe (echo %windir%\kthemup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist leorop.dll (echo %windir%\leorop.dll %sFound%>>%systemdrive%\rapport.txt)
if exist leosrv.dll (echo %windir%\leosrv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %windir%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loadadv728.exe (echo %windir%\loadadv728.exe %sFound%>>%systemdrive%\rapport.txt)
if exist local.html (echo %windir%\local.html %sFound%>>%systemdrive%\rapport.txt)
if exist logo.gif (echo %windir%\logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist main_back.gif (echo %windir%\main_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist main_uninstaller.exe (echo %windir%\main_uninstaller.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mgrs.exe (echo %windir%\mgrs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist monhop.exe (echo %windir%\monhop.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %windir%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %windir%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %windir%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlfqd.dll (echo %windir%\movctrlfqd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlknq.dll (echo %windir%\movctrlknq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlnkd.dll (echo %windir%\movctrlnkd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlqtn.dll (echo %windir%\movctrlqtn.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlswd.dll (echo %windir%\movctrlswd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlwxq.dll (echo %windir%\movctrlwxq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mscore.dll (echo %windir%\mscore.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msddx.dll (echo %windir%\msddx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdn.dll (echo %windir%\msdn.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdns.dll (echo %windir%\msdns.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdn32.dll (echo %windir%\msdn32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdrv.exe (echo %windir%\msdrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msdrvctrl.exe (echo %windir%\msdrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msmduo.dll (echo %windir%\msmduo.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msmduo2.dll (echo %windir%\msmduo2.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msie.dll (echo %windir%\msie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mslog.exe (echo %windir%\mslog.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msole.dll (echo %windir%\msole.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdde.dll (echo %windir%\msdde.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msmdev.dll (echo %windir%\msmdev.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msmhost.dll (echo %windir%\msmhost.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msqnx.dll (echo %windir%\msqnx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mssmart.dll (echo %windir%\mssmart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mssql.dll (echo %windir%\mssql.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msvb.dll (echo %windir%\msvb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mtwirl32.dll (echo %windir%\mtwirl32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mxd.exe (echo %windir%\mxd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mxduo.dll (echo %windir%\mxduo.dll %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_bg.gif (echo %windir%\navibar_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_left.gif (echo %windir%\navibar_corner_left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_right.gif (echo %windir%\navibar_corner_right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist neobus.dll (echo %windir%\neobus.dll %sFound%>>%systemdrive%\rapport.txt)
if exist netadv.dll (echo %windir%\netadv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist newname.dat (echo %windir%\newname.dat %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %windir%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %windir%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %windir%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "no-icon.gif" (echo %windir%\no-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist nopctrl.dll (echo %windir%\nopctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist nopzet.dll (echo %windir%\nopzet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist notepad.com (echo %windir%\notepad.com %sFound%>>%systemdrive%\rapport.txt)
if exist notepad32.exe (echo %windir%\notepad32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nretcip.exe (echo %windir%\nretcip.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nsduo.dll (echo %windir%\nsduo.dll %sFound%>>%systemdrive%\rapport.txt)
if exist nssfrch.dll (echo %windir%\nssfrch.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ntspkfnd.dll (echo %windir%\ntspkfnd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ntspklqs.dll (echo %windir%\ntspklqs.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ntspknlg.dll (echo %windir%\ntspknlg.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ocgrep.dll (echo %windir%\ocgrep.dll %sFound%>>%systemdrive%\rapport.txt)
if exist onlineshopping.ico (echo %windir%\onlineshopping.ico %sFound%>>%systemdrive%\rapport.txt)
if exist olehelp.exe (echo %windir%\olehelp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist oprevgkx.dll (echo %windir%\oprevgkx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oprevnpx.dll (echo %windir%\oprevnpx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oprevpfm.dll (echo %windir%\oprevpfm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oprevxlw.dll (echo %windir%\oprevxlw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist osaupd.exe (echo %windir%\osaupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ossmart.dll (echo %windir%\ossmart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist pmkret.dll (echo %windir%\pmkret.dll %sFound%>>%systemdrive%\rapport.txt)
if exist policies.dll (echo %windir%\policies.dll %sFound%>>%systemdrive%\rapport.txt)
if exist policyverifier.exe (echo %windir%\policyverifier.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pop06ap2.exe (echo %windir%\pop06ap2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist popnetkqw.dll (echo %windir%\popnetkqw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist popnetmtq.dll (echo %windir%\popnetmtq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist popnetnlf.dll (echo %windir%\popnetnlf.dll %sFound%>>%systemdrive%\rapport.txt)
if exist popuper.exe (echo %windir%\popuper.exe %sFound%>>%systemdrive%\rapport.txt)
if exist privacy_danger (echo %windir%\privacy_danger %sFound%>>%systemdrive%\rapport.txt)
if exist processes.txt (echo %windir%\processes.txt %sFound%>>%systemdrive%\rapport.txt)
if exist product_box.gif (echo %windir%\product_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist psg.exe (echo %windir%\psg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pssms.dll (echo %windir%\pssms.dll %sFound%>>%systemdrive%\rapport.txt)
if exist Pynix.dll (echo %windir%\Pynix.dll %sFound%>>%systemdrive%\rapport.txt)
if exist qdertu.exe (echo %windir%\qdertu.exe %sFound%>>%systemdrive%\rapport.txt)
if exist qnxplugin.dll (echo %windir%\qnxplugin.dll %sFound%>>%systemdrive%\rapport.txt)
if exist q*_disk.dll (echo %windir%\q*_disk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist red_warning_ico.gif (echo %windir%\red_warning_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-box.gif" (echo %windir%\reg-freeze-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-header.gif" (echo %windir%\reg-freeze-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist remove_spyware_header.gif (echo %windir%\remove_spyware_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "remove-spyware-btn.gif" (echo %windir%\remove-spyware-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist removeadware.ico (echo %windir%\removeadware.ico %sFound%>>%systemdrive%\rapport.txt)
if exist retnsrp.dll (echo %windir%\retnsrp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist rf.gif (echo %windir%\rf.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rf_header.gif (echo %windir%\rf_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rmvgor.dll (echo %windir%\rmvgor.dll %sFound%>>%systemdrive%\rapport.txt)
if exist rzs.exe (echo %windir%\rzs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist runwin32.exe (echo %windir%\runwin32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachostx.exe (echo %windir%\sachostx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist safe_and_trusted.gif (echo %windir%\safe_and_trusted.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sapnet.dll (echo %windir%\sapnet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sawkip.exe (echo %windir%\sawkip.exe %sFound%>>%systemdrive%\rapport.txt)
if exist scan_btn.gif (echo %windir%\scan_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sconf32.dll (echo %windir%\sconf32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist screen.html (echo %windir%\screen.html %sFound%>>%systemdrive%\rapport.txt)
if exist se_spoof.dll (echo %windir%\se_spoof.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sec.exe (echo %windir%\sec.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-bg.gif" (echo %windir%\security-center-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-logo.gif" (echo %windir%\security-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist security_center_caption.gif (echo %windir%\security_center_caption.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_hor.gif (echo %windir%\sep_hor.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_vert.gif (echo %windir%\sep_vert.gif %sFound%>>%systemdrive%\rapport.txt)
if exist service.dll (echo %windir%\service.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sexpersonals.ico (echo %windir%\sexpersonals.ico %sFound%>>%systemdrive%\rapport.txt)
if exist sdkcb.dll (echo %windir%\sdkcb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sdkqq.exe (echo %windir%\sdkqq.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sdrmod.dll (echo %windir%\sdrmod.dll %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %windir%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist shell.exe (echo %windir%\shell.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sites.ini (echo %windir%\sites.ini %sFound%>>%systemdrive%\rapport.txt)
if exist slassac.dll (echo %windir%\slassac.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sounddrv.dll (echo %windir%\sounddrv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist soundplugin.dll (echo %windir%\soundplugin.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spp3.dll (echo %windir%\spp3.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spacer.gif (echo %windir%\spacer.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spacer.gif'" (echo %windir%\spacer.gif' %sFound%>>%systemdrive%\rapport.txt)
if exist spyware_detected.gif (echo %windir%\spyware_detected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-det
REM Smitfraud Fix by S!Ri
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip
REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
REM and all the ones I forgot who submit files, analyses, help users...
REM Miekiemoes' Shudder key fix added.
REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
REM Reboot.exe by Shadowwar/Option^Explicit added.
REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
REM unzip.exe - info-zip (http://www.info-zip.org)
REM SmiUpdate.exe - Sebdraluorg
REM exit.exe - MAD - Malware Analysis and Diagnostic
set fixname=SmitFraudFix
set fixvers=v2.274
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 5.2.3790">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
if %OS%==Windows_NT goto NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:NT
set DoReboot=0
set DoRestart=0
set syspath=%windir%\system32
echo Option Explicit>GetPaths.vbs
echo.>>GetPaths.vbs
echo Dim Shell>>GetPaths.vbs
echo Dim KeyPath>>GetPaths.vbs
echo Dim ObjFileSystem>>GetPaths.vbs
echo Dim ObjOutputFile>>GetPaths.vbs
echo Dim ObjRegExp>>GetPaths.vbs
echo Dim File>>GetPaths.vbs
echo Dim TmpVar>>GetPaths.vbs
echo Dim TmpCounter>>GetPaths.vbs
echo Dim Var>>GetPaths.vbs
echo Dim Accent>>GetPaths.vbs
echo.>>GetPaths.vbs
echo KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo File = "SetPaths.bat">>GetPaths.vbs
echo.>>GetPaths.vbs
echo Set Shell = WScript.CreateObject("WScript.Shell")>>GetPaths.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>GetPaths.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>GetPaths.vbs
echo Set ObjRegExp = New RegExp>>GetPaths.vbs
echo.>>GetPaths.vbs
echo Function ShortFileName(Path)>>GetPaths.vbs
echo Dim f>>GetPaths.vbs
echo Set f = ObjFileSystem.GetFolder(Path)>>GetPaths.vbs
echo ShortFileName = f.ShortPath>>GetPaths.vbs
echo End Function>>GetPaths.vbs
echo Function Accents(Str)>>GetPaths.vbs
echo ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]">>GetPaths.vbs
echo ObjRegExp.IgnoreCase = True>>GetPaths.vbs
echo ObjRegExp.Global = True>>GetPaths.vbs
echo Accents = ObjRegExp.Replace(Str, "?")>>GetPaths.vbs
echo End Function>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set desktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set favorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set startprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set startm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set startup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\">>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Desktop")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set audesktop=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Favorites")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo Var = "Set aufavorites=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Programs")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set austartprg=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Start Menu")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set austartm=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo TmpVar = Shell.RegRead (KeyPath ^& "Common Startup")>>GetPaths.vbs
echo TmpVar = ShortFileName(TmpVar)>>GetPaths.vbs
echo For TmpCounter = 1 to Len(TmpVar)>>GetPaths.vbs
echo If mid(TmpVar,TmpCounter,1)="É" Or mid(TmpVar,TmpCounter,1)="é" Then>>GetPaths.vbs
echo TmpVar = Left(TmpVar,TmpCounter-1) ^& "?" ^& Right(TmpVar,Len(TmpVar)-TmpCounter)>>GetPaths.vbs
echo End If>>GetPaths.vbs
echo Next>>GetPaths.vbs
echo Var = "Set austartup=" ^& TmpVar>>GetPaths.vbs
echo ObjOutputFile.WriteLine(Var)>>GetPaths.vbs
echo.>>GetPaths.vbs
echo ObjOutputFile.Close>>GetPaths.vbs
echo Set objFileSystem = Nothing>>GetPaths.vbs
echo Set Shell = Nothing>>GetPaths.vbs
echo Set ObjRegExp = nothing>>GetPaths.vbs
echo.>>GetPaths.vbs
cscript //I //nologo GetPaths.vbs
del GetPaths.vbs
Call SetPaths.bat
del SetPaths.bat
if exist "%userprofile%\Bureau" (
set lang=fra
) else (
set lang=int
)
goto test
:test
if not exist Process.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Process.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Process.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist swreg.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swreg.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swreg.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist swsc.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swsc.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swsc.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist SrchSTS.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SrchSTS.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SrchSTS.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist Reboot.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier Reboot.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo Reboot.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist restart.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier restart.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo restart.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist GenericRenosFix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier GenericRenosFix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo GenericRenosFix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist dumphive.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier dumphive.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo dumphive.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist unzip.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier unzip.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo unzip.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist SmiUpdate.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier SmiUpdate.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo SmiUpdate.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist swxcacls.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier swxcacls.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo swxcacls.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist VCCLSID.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier VCCLSID.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo VCCLSID.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist WS2Fix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier WS2Fix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo WS2Fix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if not exist IEDFix.exe (
color 47
echo %fixname% %fixvers%
echo.
echo Fichier IEDFix.exe absent !
echo Dezippez la totalit^‚ de l'archive dans un dossier.
echo.
echo IEDFix.exe file missing !
echo Unzip all the archive in a folder.
echo.
pause
goto exit
)
if exist Update.cmd del Update.cmd
if not exist %syspath%\Process.exe copy Process.exe %syspath%\Process.exe >NUL
if not exist %syspath%\swreg.exe copy swreg.exe %syspath%\swreg.exe >NUL
if not exist %syspath%\swsc.exe copy swsc.exe %syspath%\swsc.exe >NUL
if not exist %syspath%\SrchSTS.exe copy SrchSTS.exe %syspath%\SrchSTS.exe >NUL
if not exist %syspath%\dumphive.exe copy dumphive.exe %syspath%\dumphive.exe >NUL
if not exist %syspath%\swxcacls.exe copy swxcacls.exe %syspath%\swxcacls.exe >NUL
if not exist %syspath%\VCCLSID.exe copy VCCLSID.exe %syspath%\VCCLSID.exe >NUL
if not exist %syspath%\WS2Fix.exe copy WS2Fix.exe %syspath%\WS2Fix.exe >NUL
if not exist %syspath%\IEDFix.exe copy IEDFix.exe %syspath%\IEDFix.exe >NUL
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt
chkntfs %systemdrive% | find /V "%systemdrive%">tmp.txt
type tmp.txt | find /i "NTFS">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=NTFS
if exist tmp3.txt del tmp3.txt
type tmp.txt | find /i "FAT32">tmp2.txt
for /f "tokens=* delims=" %%a in (tmp2.txt) do echo %%a>tmp3.txt
if exist tmp3.txt set FSType=FAT32
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
if exist tmp3.txt del tmp3.txt
goto notice
:notice
color 17
cls
if %lang%==fra (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger n'est pas affili^‚ avec SmitfraudFix!
echo.
echo Cet outil a ^‚t^‚ cr^‚^‚ par S!Ri pour une utilisation GRATUITE.
echo Des dons seront accept^‚s par S!Ri, uniquement sur son site Web principal
echo N'importe qui d'autre essayant d'en tirer profit
echo ou qui sollicite de l'argent est impliqu^‚ dans une fraude.
echo.
echo.
echo Appuyez sur une touche pour continuer...
echo.
) else (
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo joedanger is NOT involved with Smitfraudfix in any way!
echo.
echo This tool was created by S!Ri, and is available for FREE.
echo Voluntary donations will be accepted by S!Ri, at his main website only.
echo Anyone, other than the creator, trying to make a profit
echo or solicit money from its use would be involved in fraudulent activity.
echo.
echo.
echo Press a key to continue...
echo.
)
pause>NUL
goto menu
:menu
color 17
cls
if %lang%==fra (
set sChoice=Entrez votre choix
set sScanDate=Rapport fait à
set sRunFrom=Executé à partir de
set sFSType=Le type du système de fichiers est
set SafeMWarn=Fix executé en mode normal
set SafeMDisp=Fix executé en mode sans echec
set sSearch=Recherche
set sFound=PRESENT !
set sFoundLSP=Détecté, utiliser LSPFix.exe pour supprimer !
set sDel=supprimé
set sRen=Redemarrez et Executez SmitfraudFix option 2 encore une fois SVP.
set sInfect=infecté !
set sInfect2=infect^‚ !
set KDMess=détecté !
set sHOSTS=Fichier hosts corrompu !
set RKScan=utilisez un scanner de Rootkit
set xpdxMess=xpdx détecté, utilisez un scanner de Rootkit
set xpdtMess=xpdt détecté, utilisez un scanner de Rootkit
set pe386Mess=pe386 détecté, utilisez un scanner de Rootkit
set lzx32Mess=lzx32 détecté, utilisez un scanner de Rootkit
set huy32Mess=huy32 détecté, utilisez un scanner de Rootkit
set msguardMess=msguard détecté, utilisez un scanner de Rootkit
set DNSHJ=Votre ordinateur est certainement victime d'un détournement de DNS
set CleanDNS=Voules vous reconfigurer votre réseau avec des IP dynamiques -DHCP- ?
set CancelDNS=Configuration annulée. Vérifiez les paramètres de votre réseau.
set sWiniSearch=Recherche wininet.dll de remplacement
set sEnd=Fin
set sProcess=Arret des processus
set sError=Problème suppression
set sNotFound=non trouvé
set sTempFolder=Suppression Fichiers Temporaires
set sRegCleanQ=Voulez-vous nettoyer le registre ? ^(o/n^)
set sRegClean=Nettoyage du registre
set sWininetQ=Corriger le fichier infect^‚ ? ^(o/n^)
set sTrustQ=R^‚initialiser la liste des sites de confiance et sensibles ? ^(o/n^)
set sTrustBackUp=Copie de sauvegarde
set sTrustDone=Sites de confiance et sensibles effac^‚s.
set sTrustError=*** Erreur : zone.reg non trouv^‚ ***
echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Recherche
echo 2. Nettoyage ^( mode sans echec recommand^‚ ^)
echo 3. Effacer les sites de confiance et sensibles
echo 4. V^‚rifier les Mises ^… jour
echo 5. Recherche et suppression d^‚tournement DNS
echo L. Langue Anglaise
echo Q. Quitter
echo.
echo.
echo Fermez tous les programmes
echo un red^‚marrage peut-^ˆtre n^‚cessaire
echo.
echo.
echo.
) else (
set sChoice=Enter your choice
set sScanDate=Scan done at
set sRunFrom=Run from
set sFSType=The filesystem type is
set SafeMWarn=Fix run in normal mode
set SafeMDisp=Fix run in safe mode
set sSearch=Scanning
set sFound=FOUND !
set sFoundLSP=Detected, use LSPFix.exe to delete !
set sDel=Deleted
set sRen=Please, Reboot and Run SmitfraudFix option 2 once again.
set sInfect=infected !
set sInfect2=infected !
set KDMess=detected !
set sHOSTS=hosts file corrupted !
set RKScan=use a Rootkit scanner
set xpdxMess=xpdx detected, use a Rootkit scanner
set xpdtMess=xpdt detected, use a Rootkit scanner
set pe386Mess=pe386 detected, use a Rootkit scanner
set lzx32Mess=lzx32 detected, use a Rootkit scanner
set huy32Mess=huy32 detected, use a Rootkit scanner
set msguardMess=msguard detected, use a Rootkit scanner
set DNSHJ=Your computer may be victim of a DNS Hijack
set CleanDNS=Do you want to set your network to dynamic -DHCP- Server ?
set CancelDNS=Configuration canceled. Check your network settings.
set sWiniSearch=Scanning for wininet.dll backup
set sEnd=End
set sProcess=Killing process
set sError=Problem while deleting
set sNotFound=not found
set sTempFolder=Deleting Temp Files
set sRegCleanQ=Do you want to clean the registry ? ^(y/n^)
set sRegClean=Registry Cleaning
set sWininetQ=Replace infected file ? ^(y/n^)
set sTrustQ=Restore Trusted Zone ? ^(y/n^)
set sTrustBackUp=Saving BackUp
set sTrustDone=Trusted Zone deleted.
set sTrustError=*** Error : zone.reg not found ***
echo.
echo.
echo %fixname% %fixvers%
echo.
echo.
echo.
echo 1. Search
echo 2. Clean ^(safe mode recommended^)
echo 3. Delete Trusted zone
echo 4. Check for updates
echo 5. Search and clean DNS Hijack
echo L. French Language
echo Q. Quit
echo.
echo.
echo Close all applications
echo Computer may reboot
echo.
echo.
echo.
)
set ChoixMenu=''
set /p ChoixMenu=%sChoice% (1,2,3,4,5,L,Q) :
if '%ChoixMenu%'=='l' GOTO SwappL
if '%ChoixMenu%'=='L' GOTO SwappL
if '%ChoixMenu%'=='q' GOTO exit
if '%ChoixMenu%'=='Q' GOTO exit
if '%ChoixMenu%'=='1' GOTO search
if '%ChoixMenu%'=='2' GOTO fix
if '%ChoixMenu%'=='3' GOTO zonefix
if '%ChoixMenu%'=='4' GOTO update
if '%ChoixMenu%'=='5' GOTO DNSSearchFix
goto menu
:SwappL
if '%lang%'=='fra' (
set lang=int
) else (
set lang=fra
)
goto notice
:search
cls
echo %fixname% %fixvers%
echo %fixname% %fixvers%>%systemdrive%\rapport.txt
echo.
echo.>>%systemdrive%\rapport.txt
echo %sScanDate% %time%, %date%>>%systemdrive%\rapport.txt
for /f "Tokens=*" %%i in ('cd') do set CurDir=%%i
echo %sRunFrom% %CurDir%>>%systemdrive%\rapport.txt
IF ERRORLEVEL 1 (
echo %sRunFrom% >>%systemdrive%\rapport.txt
cd >>%systemdrive%\rapport.txt
)
for /f "Tokens=*" %%i in ('ver') do set Version=%%i
echo OS: %Version% - %OS%>>%systemdrive%\rapport.txt
echo %sFSType% %FSType%>>%systemdrive%\rapport.txt
if not defined safeboot_option echo %SafeMWarn%>>%systemdrive%\rapport.txt
if defined safeboot_option echo %SafeMDisp%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
echo %sSearch% Process...
echo »»»»»»»»»»»»»»»»»»»»»»»» Process>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
echo Option Explicit>ProcessList.vbs
echo.>>ProcessList.vbs
echo Dim File>>ProcessList.vbs
echo Dim ObjFileSystem>>ProcessList.vbs
echo Dim ObjOutputFile>>ProcessList.vbs
echo Dim objWMIService>>ProcessList.vbs
echo Dim oproc>>ProcessList.vbs
echo Dim Var>>ProcessList.vbs
echo.>>ProcessList.vbs
echo File = "Process.txt">>ProcessList.vbs
echo.>>ProcessList.vbs
echo Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")>>ProcessList.vbs
echo Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)>>ProcessList.vbs
echo.>>ProcessList.vbs
echo Set objWMIService = GetObject("winmgmts:\root\cimv2")>>ProcessList.vbs
echo Set oproc = objWMIService.ExecQuery("Select * from Win32_Process",,48)>>ProcessList.vbs
echo.>>ProcessList.vbs
echo For Each oproc In oproc>>ProcessList.vbs
echo Var = oproc.ExecutablePath>>ProcessList.vbs
echo if Var ^<^> "" then>>ProcessList.vbs
echo ObjOutputFile.WriteLine(Var)>>ProcessList.vbs
echo End If>>ProcessList.vbs
echo Next>>ProcessList.vbs
echo.>>ProcessList.vbs
echo ObjOutputFile.Close>>ProcessList.vbs
echo Set objFileSystem = Nothing>>ProcessList.vbs
echo Set oproc = Nothing>>ProcessList.vbs
echo Set objWMIService = Nothing>>ProcessList.vbs
echo.>>ProcessList.vbs
cscript //I //nologo ProcessList.vbs
del ProcessList.vbs
type Process.txt | find /v "cscript.exe" >>%systemdrive%\rapport.txt
del Process.txt
echo.>>%systemdrive%\rapport.txt
echo %sSearch% hosts...
echo »»»»»»»»»»»»»»»»»»»»»»»» hosts>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
type %syspath%\drivers\etc\hosts | find /i "arovax.com">tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bleepingcomputer.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "boskak.za.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "bullguard.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "castlecops.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "compu-docs.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "computing.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "dell.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "depannetonpc.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "digitaltrends.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "ewido.net">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "geekstogo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "greyknight17.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "idg.pl">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "infos-du-net.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "innovative-sol.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lavasoftsupport.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "lockergnome.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "majorgeeks.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "microsoft.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "mytechsupport.ca">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "pandasoftware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "prevx.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "siri.urz.free.fr">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spybot.info">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "stevengould.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "sunbelt-software.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "spywareinfo.dk">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "superantispyware.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techguy.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "techsupportforum.com">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "tomcoyote.org">>tmp.txt
type %syspath%\drivers\etc\hosts | find /i "wilderssecurity.com">>tmp.txt
for /f "tokens=* delims=" %%a in (tmp.txt) do echo %%a>tmp2.txt
if exist tmp2.txt goto ScanHosts_Found
goto ScanHosts_End
:ScanHosts_Found
echo %sHOSTS%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
type tmp.txt>>%systemdrive%\rapport.txt
:ScanHosts_End
if exist tmp.txt del tmp.txt
if exist tmp2.txt del tmp2.txt
echo.>>%systemdrive%\rapport.txt
echo %sSearch% %HOMEDRIVE%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %HOMEDRIVE%\>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
pushd %HOMEDRIVE%\
if exist bsw.exe (echo %HOMEDRIVE%\bsw.exe %sFound%>>%systemdrive%\rapport.txt)
if exist config.sy_ (echo %HOMEDRIVE%\config.sy_ %sFound%>>%systemdrive%\rapport.txt)
if exist contextplus.exe (echo %HOMEDRIVE%\contextplus.exe %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %HOMEDRIVE%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %HOMEDRIVE%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr.exe (echo %HOMEDRIVE%\dfndr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndra.exe (echo %HOMEDRIVE%\dfndra.exe %sFound%>>%systemdrive%\rapport.txt)
if exist dfndr?_?.exe (echo %HOMEDRIVE%\dfndr?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload?.exe (echo %HOMEDRIVE%\drsmartload?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload??.exe (echo %HOMEDRIVE%\drsmartload??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload???.exe (echo %HOMEDRIVE%\drsmartload???.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload????.exe (echo %HOMEDRIVE%\drsmartload????.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ecsiin.stub.exe (echo %HOMEDRIVE%\ecsiin.stub.exe %sFound%>>%systemdrive%\rapport.txt)
if exist exit (echo %HOMEDRIVE%\exit %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys.exe (echo %HOMEDRIVE%\gimmysmileys.exe %sFound%>>%systemdrive%\rapport.txt)
if exist gimmysmileys?.exe (echo %HOMEDRIVE%\gimmysmileys?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %HOMEDRIVE%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %HOMEDRIVE%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %HOMEDRIVE%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %HOMEDRIVE%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd.exe (echo %HOMEDRIVE%\kybrd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd_?.exe (echo %HOMEDRIVE%\kybrd_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kybrd?_?.exe (echo %HOMEDRIVE%\kybrd?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %HOMEDRIVE%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %HOMEDRIVE%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %HOMEDRIVE%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %HOMEDRIVE%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist MTE3NDI6ODoxNg.exe (echo %HOMEDRIVE%\MTE3NDI6ODoxNg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm.exe (echo %HOMEDRIVE%\nwnm.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm_?.exe (echo %HOMEDRIVE%\nwnm_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nwnm?_?.exe (echo %HOMEDRIVE%\nwnm?_?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %HOMEDRIVE%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %HOMEDRIVE%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntdetecd.exe (echo %HOMEDRIVE%\ntdetecd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntps.exe (echo %HOMEDRIVE%\ntps.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ntnc.exe (echo %HOMEDRIVE%\ntnc.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %HOMEDRIVE%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist r.exe (echo %HOMEDRIVE%\r.exe %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %HOMEDRIVE%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist stub_113_4_0_4_0.exe (echo %HOMEDRIVE%\stub_113_4_0_4_0.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool1.exe (echo %HOMEDRIVE%\tool1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool2.exe (echo %HOMEDRIVE%\tool2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool3.exe (echo %HOMEDRIVE%\tool3.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool4.exe (echo %HOMEDRIVE%\tool4.exe %sFound%>>%systemdrive%\rapport.txt)
if exist tool5.exe (echo %HOMEDRIVE%\tool5.exe %sFound%>>%systemdrive%\rapport.txt)
if exist toolbar.exe (echo %HOMEDRIVE%\toolbar.exe %sFound%>>%systemdrive%\rapport.txt)
if exist uniq (echo %HOMEDRIVE%\uniq %sFound%>>%systemdrive%\rapport.txt)
if exist winstall.exe (echo %HOMEDRIVE%\winstall.exe %sFound%>>%systemdrive%\rapport.txt)
if exist wp.bmp (echo %HOMEDRIVE%\wp.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist wp.exe (echo %HOMEDRIVE%\wp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist xxx.exe (echo %HOMEDRIVE%\xxx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "%HOMEDRIVE%\spywarevanisher-free" echo %HOMEDRIVE%\spywarevanisher-free\ %sFound%>>%systemdrive%\rapport.txt
popd
echo.>>%systemdrive%\rapport.txt
echo %sSearch% %windir%\...
echo »»»»»»»»»»»»»»»»»»»»»»»» %windir%>>%systemdrive%\rapport.txt
echo.>>%systemdrive%\rapport.txt
pushd %windir%
if exist ".protected" (echo %windir%\.protected %sFound%>>%systemdrive%\rapport.txt)
if exist aapfr.exe (echo %windir%\aapfr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist accesss.exe (echo %windir%\accesss.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ads.js (echo %windir%\ads.js %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbc.dll (echo %windir%\adsldpbc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbd.dll (echo %windir%\adsldpbd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbe.dll (echo %windir%\adsldpbe.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbf.dll (echo %windir%\adsldpbf.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adsldpbj.dll (echo %windir%\adsldpbj.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2005.exe (echo %windir%\adtech2005.exe %sFound%>>%systemdrive%\rapport.txt)
if exist adtech2006a.exe (echo %windir%\adtech2006a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist advrepdow.dll (echo %windir%\advrepdow.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepgds.dll (echo %windir%\advrepgds.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepgpd.dll (echo %windir%\advrepgpd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepkon.dll (echo %windir%\advrepkon.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepnok.dll (echo %windir%\advrepnok.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advreprwd.dll (echo %windir%\advreprwd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist advrepvto.dll (echo %windir%\advrepvto.dll %sFound%>>%systemdrive%\rapport.txt)
if exist adw.htm (echo %windir%\adw.htm %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-box.gif" (echo %windir%\adware-sheriff-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "adware-sheriff-header.gif" (echo %windir%\adware-sheriff-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist afxp.dll (echo %windir%\afxp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alexaie.dll (echo %windir%\alexaie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxie328.dll (echo %windir%\alxie328.dll %sFound%>>%systemdrive%\rapport.txt)
if exist alxtb1.dll (echo %windir%\alxtb1.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "antispylab-logo.gif" (echo %windir%\antispylab-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bg.gif (echo %windir%\about_spyware_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist about_spyware_bottom.gif (echo %windir%\about_spyware_bottom.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as.gif (echo %windir%\as.gif %sFound%>>%systemdrive%\rapport.txt)
if exist as_header.gif (echo %windir%\as_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist astctl32.ocx (echo %windir%\astctl32.ocx %sFound%>>%systemdrive%\rapport.txt)
if exist avp.exe (echo %windir%\avp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist avpcc.dll (echo %windir%\avpcc.dll %sFound%>>%systemdrive%\rapport.txt)
if exist azesearch.bmp (echo %windir%\azesearch.bmp %sFound%>>%systemdrive%\rapport.txt)
if exist back.gif (echo %windir%\back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bandserv.dll (echo %windir%\bandserv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist batserv2.exe (echo %windir%\batserv2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist bg.gif (echo %windir%\bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bg_bg.gif (echo %windir%\bg_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist big_red_x.gif (echo %windir%\big_red_x.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bindmod.dll (echo %windir%\bindmod.dll %sFound%>>%systemdrive%\rapport.txt)
if exist binret.exe (echo %windir%\binret.exe %sFound%>>%systemdrive%\rapport.txt)
if exist blank.mht (echo %windir%\blank.mht %sFound%>>%systemdrive%\rapport.txt)
if exist blopenv???.dll (echo %windir%\blopenv???.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "blue-bg.gif" (echo %windir%\blue-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrdkq.dll (echo %windir%\bndsrdkq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrfst.dll (echo %windir%\bndsrfst.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrgxt.dll (echo %windir%\bndsrgxt.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrkwm.dll (echo %windir%\bndsrkwm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsronw.dll (echo %windir%\bndsronw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrpfn.dll (echo %windir%\bndsrpfn.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrsvk.dll (echo %windir%\bndsrsvk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrtvd.dll (echo %windir%\bndsrtvd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrvnl.dll (echo %windir%\bndsrvnl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrvqt.dll (echo %windir%\bndsrvqt.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bndsrwlq.dll (echo %windir%\bndsrwlq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist box_1.gif (echo %windir%\box_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_2.gif (echo %windir%\box_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist box_3.gif (echo %windir%\box_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bonsws.dll (echo %windir%\bonsws.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bonrep.dll (echo %windir%\bonrep.dll %sFound%>>%systemdrive%\rapport.txt)
if exist browsers.dll (echo %windir%\browsers.dll %sFound%>>%systemdrive%\rapport.txt)
if exist BTGrab.dll (echo %windir%\BTGrab.dll %sFound%>>%systemdrive%\rapport.txt)
if exist button_buynow.gif (echo %windir%\button_buynow.gif %sFound%>>%systemdrive%\rapport.txt)
if exist button_freescan.gif (echo %windir%\button_freescan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy.gif (echo %windir%\buy.gif %sFound%>>%systemdrive%\rapport.txt)
if exist buy_now.gif (echo %windir%\buy_now.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "buy-now-btn.gif" (echo %windir%\buy-now-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist bxsbang.dll (echo %windir%\bxsbang.dll %sFound%>>%systemdrive%\rapport.txt)
if exist bxproxy.exe (echo %windir%\bxproxy.exe %sFound%>>%systemdrive%\rapport.txt)
if exist click_for_free_scan.gif (echo %windir%\click_for_free_scan.gif %sFound%>>%systemdrive%\rapport.txt)
if exist close_ico.gif (echo %windir%\close_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "close-bar.gif" (echo %windir%\close-bar.gif %sFound%>>%systemdrive%\rapport.txt)
if exist clrssn.exe (echo %windir%\clrssn.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-left.gif" (echo %windir%\corner-left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "corner-right.gif" (echo %windir%\corner-right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist country.exe (echo %windir%\country.exe %sFound%>>%systemdrive%\rapport.txt)
if exist cpan.dll (echo %windir%\cpan.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3dn32.exe (echo %windir%\d3dn32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist d3??.dll (echo %windir%\d3??.dll %sFound%>>%systemdrive%\rapport.txt)
if exist d3pb.exe (echo %windir%\d3pb.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ddkret.dll (echo %windir%\ddkret.dll %sFound%>>%systemdrive%\rapport.txt)
if exist defender??.exe (echo %windir%\defender??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist desktop.html (echo %windir%\desktop.html %sFound%>>%systemdrive%\rapport.txt)
if exist ddesupport.dll (echo %windir%\ddesupport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dialup.exe (echo %windir%\dialup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist div32.dll (echo %windir%\div32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dxdiag.dll (echo %windir%\dxdiag.dll %sFound%>>%systemdrive%\rapport.txt)
if exist dlmax.dll (echo %windir%\dlmax.dll %sFound%>>%systemdrive%\rapport.txt)
if exist download.gif (echo %windir%\download.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_box.gif (echo %windir%\download_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist download_product.gif (echo %windir%\download_product.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "download-btn.gif" (echo %windir%\download-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist dr.exe (echo %windir%\dr.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload.dat (echo %windir%\drsmartload.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload2.dat (echo %windir%\drsmartload2.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartload95a.exe (echo %windir%\drsmartload95a.exe %sFound%>>%systemdrive%\rapport.txt)
if exist drsmartloadb1.dat (echo %windir%\drsmartloadb1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist drvsvp.dll (echo %windir%\drvsvp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist duocore.dll (echo %windir%\duocore.dll %sFound%>>%systemdrive%\rapport.txt)
if exist exploeee.exe (echo %windir%\exploeee.exe %sFound%>>%systemdrive%\rapport.txt)
if exist expro.dll (echo %windir%\expro.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "facts.gif" (echo %windir%\facts.gif %sFound%>>%systemdrive%\rapport.txt)
if exist features.gif (echo %windir%\features.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "footer.gif" (echo %windir%\footer.giff %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.gif (echo %windir%\footer_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist footer_back.jpg (echo %windir%\footer_back.jpg %sFound%>>%systemdrive%\rapport.txt)
if exist free_scan_red_btn.gif (echo %windir%\free_scan_red_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "free-scan-btn.gif" (echo %windir%\free-scan-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist gimmygames.dat (echo %windir%\gimmygames.dat %sFound%>>%systemdrive%\rapport.txt)
if exist gormet.dll (echo %windir%\gormet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "h-line-gradient.gif" (echo %windir%\h-line-gradient.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_1.gif (echo %windir%\header_1.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_2.gif (echo %windir%\header_2.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_3.gif (echo %windir%\header_3.gif %sFound%>>%systemdrive%\rapport.txt)
if exist header_4.gif (echo %windir%\header_4.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "header-bg.gif" (echo %windir%\header-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist hdtip.dll (echo %windir%\hdtip.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hjoqor.dll (echo %windir%\hjoqor.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hostctrl.dll (echo %windir%\hostctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hstsys.dll (echo %windir%\hstsys.dll %sFound%>>%systemdrive%\rapport.txt)
if exist hupsrv.dll (echo %windir%\hupsrv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist icon_warning_big.gif (echo %windir%\icon_warning_big.gif %sFound%>>%systemdrive%\rapport.txt)
if exist icont.exe (echo %windir%\icont.exe %sFound%>>%systemdrive%\rapport.txt)
if exist iebrowser.dll (echo %windir%\iebrowser.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iecontext.dll (echo %windir%\iecontext.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedebug.dll (echo %windir%\iedebug.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedns.dll (echo %windir%\iedns.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedrives.dll (echo %windir%\iedrives.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iedrv.exe (echo %windir%\iedrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist iedrvctrl.exe (echo %windir%\iedrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ielocales.dll (echo %windir%\ielocales.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieproxy.dll (echo %windir%\ieproxy.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iereport.dll (echo %windir%\iereport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iesettings.dll (echo %windir%\iesettings.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iesupport.dll (echo %windir%\iesupport.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iexploree.dll (echo %windir%\iexploree.dll %sFound%>>%systemdrive%\rapport.txt)
if exist iexplorer.exe (echo %windir%\iexplorer.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.dll (echo %windir%\ieyi.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ieyi.exe (echo %windir%\ieyi.exe %sFound%>>%systemdrive%\rapport.txt)
if exist inetdctr.dll (echo %windir%\inetdctr.dll %sFound%>>%systemdrive%\rapport.txt)
if exist inetloader.dll (echo %windir%\inetloader.dll %sFound%>>%systemdrive%\rapport.txt)
if exist "infected.gif" (echo %windir%\infected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist infected_top_bg.gif (echo %windir%\infected_top_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "info.gif" (echo %windir%\info.gif %sFound%>>%systemdrive%\rapport.txt)
if exist ipwypkmg.dll (echo %windir%\ipwypkmg.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ipwypktx.dll (echo %windir%\ipwypktx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ipwypwpk.dll (echo %windir%\ipwypwpk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist jetctrl.dll (echo %windir%\jetctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist jokvip.exe (echo %windir%\jokvip.exe %sFound%>>%systemdrive%\rapport.txt)
if exist jokwmp.dll (echo %windir%\jokwmp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist kbdctrl.dll (echo %windir%\kbdctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard.exe (echo %windir%\keyboard.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard?.exe (echo %windir%\keyboard?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard1.dat (echo %windir%\keyboard1.dat %sFound%>>%systemdrive%\rapport.txt)
if exist keyboard??.exe (echo %windir%\keyboard??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl.exe (echo %windir%\kl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kl1.exe (echo %windir%\kl1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist kopmet.dll (echo %windir%\kopmet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist kthemup.exe (echo %windir%\kthemup.exe %sFound%>>%systemdrive%\rapport.txt)
if exist leorop.dll (echo %windir%\leorop.dll %sFound%>>%systemdrive%\rapport.txt)
if exist leosrv.dll (echo %windir%\leosrv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist loader.exe (echo %windir%\loader.exe %sFound%>>%systemdrive%\rapport.txt)
if exist loadadv728.exe (echo %windir%\loadadv728.exe %sFound%>>%systemdrive%\rapport.txt)
if exist local.html (echo %windir%\local.html %sFound%>>%systemdrive%\rapport.txt)
if exist logo.gif (echo %windir%\logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist main_back.gif (echo %windir%\main_back.gif %sFound%>>%systemdrive%\rapport.txt)
if exist main_uninstaller.exe (echo %windir%\main_uninstaller.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mgrs.exe (echo %windir%\mgrs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist monhop.exe (echo %windir%\monhop.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad.exe (echo %windir%\mousepad.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad?.exe (echo %windir%\mousepad?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mousepad??.exe (echo %windir%\mousepad??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlfqd.dll (echo %windir%\movctrlfqd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlknq.dll (echo %windir%\movctrlknq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlnkd.dll (echo %windir%\movctrlnkd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlqtn.dll (echo %windir%\movctrlqtn.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlswd.dll (echo %windir%\movctrlswd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist movctrlwxq.dll (echo %windir%\movctrlwxq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mscore.dll (echo %windir%\mscore.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msddx.dll (echo %windir%\msddx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdn.dll (echo %windir%\msdn.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdns.dll (echo %windir%\msdns.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdn32.dll (echo %windir%\msdn32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdrv.exe (echo %windir%\msdrv.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msdrvctrl.exe (echo %windir%\msdrvctrl.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msmduo.dll (echo %windir%\msmduo.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msmduo2.dll (echo %windir%\msmduo2.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msie.dll (echo %windir%\msie.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mslog.exe (echo %windir%\mslog.exe %sFound%>>%systemdrive%\rapport.txt)
if exist msole.dll (echo %windir%\msole.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msdde.dll (echo %windir%\msdde.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msmdev.dll (echo %windir%\msmdev.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msmhost.dll (echo %windir%\msmhost.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msqnx.dll (echo %windir%\msqnx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mssmart.dll (echo %windir%\mssmart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mssql.dll (echo %windir%\mssql.dll %sFound%>>%systemdrive%\rapport.txt)
if exist msvb.dll (echo %windir%\msvb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mtwirl32.dll (echo %windir%\mtwirl32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist mxd.exe (echo %windir%\mxd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist mxduo.dll (echo %windir%\mxduo.dll %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_bg.gif (echo %windir%\navibar_bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_left.gif (echo %windir%\navibar_corner_left.gif %sFound%>>%systemdrive%\rapport.txt)
if exist navibar_corner_right.gif (echo %windir%\navibar_corner_right.gif %sFound%>>%systemdrive%\rapport.txt)
if exist neobus.dll (echo %windir%\neobus.dll %sFound%>>%systemdrive%\rapport.txt)
if exist netadv.dll (echo %windir%\netadv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist newname.dat (echo %windir%\newname.dat %sFound%>>%systemdrive%\rapport.txt)
if exist newname?.exe (echo %windir%\newname?.exe %sFound%>>%systemdrive%\rapport.txt)
if exist newname??.exe (echo %windir%\newname??.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ms1.exe (echo %windir%\ms1.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "no-icon.gif" (echo %windir%\no-icon.gif %sFound%>>%systemdrive%\rapport.txt)
if exist nopctrl.dll (echo %windir%\nopctrl.dll %sFound%>>%systemdrive%\rapport.txt)
if exist nopzet.dll (echo %windir%\nopzet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist notepad.com (echo %windir%\notepad.com %sFound%>>%systemdrive%\rapport.txt)
if exist notepad32.exe (echo %windir%\notepad32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nretcip.exe (echo %windir%\nretcip.exe %sFound%>>%systemdrive%\rapport.txt)
if exist nsduo.dll (echo %windir%\nsduo.dll %sFound%>>%systemdrive%\rapport.txt)
if exist nssfrch.dll (echo %windir%\nssfrch.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ntspkfnd.dll (echo %windir%\ntspkfnd.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ntspklqs.dll (echo %windir%\ntspklqs.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ntspknlg.dll (echo %windir%\ntspknlg.dll %sFound%>>%systemdrive%\rapport.txt)
if exist ocgrep.dll (echo %windir%\ocgrep.dll %sFound%>>%systemdrive%\rapport.txt)
if exist onlineshopping.ico (echo %windir%\onlineshopping.ico %sFound%>>%systemdrive%\rapport.txt)
if exist olehelp.exe (echo %windir%\olehelp.exe %sFound%>>%systemdrive%\rapport.txt)
if exist oprevgkx.dll (echo %windir%\oprevgkx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oprevnpx.dll (echo %windir%\oprevnpx.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oprevpfm.dll (echo %windir%\oprevpfm.dll %sFound%>>%systemdrive%\rapport.txt)
if exist oprevxlw.dll (echo %windir%\oprevxlw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist osaupd.exe (echo %windir%\osaupd.exe %sFound%>>%systemdrive%\rapport.txt)
if exist ossmart.dll (echo %windir%\ossmart.dll %sFound%>>%systemdrive%\rapport.txt)
if exist pmkret.dll (echo %windir%\pmkret.dll %sFound%>>%systemdrive%\rapport.txt)
if exist policies.dll (echo %windir%\policies.dll %sFound%>>%systemdrive%\rapport.txt)
if exist policyverifier.exe (echo %windir%\policyverifier.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pop06ap2.exe (echo %windir%\pop06ap2.exe %sFound%>>%systemdrive%\rapport.txt)
if exist popnetkqw.dll (echo %windir%\popnetkqw.dll %sFound%>>%systemdrive%\rapport.txt)
if exist popnetmtq.dll (echo %windir%\popnetmtq.dll %sFound%>>%systemdrive%\rapport.txt)
if exist popnetnlf.dll (echo %windir%\popnetnlf.dll %sFound%>>%systemdrive%\rapport.txt)
if exist popuper.exe (echo %windir%\popuper.exe %sFound%>>%systemdrive%\rapport.txt)
if exist privacy_danger (echo %windir%\privacy_danger %sFound%>>%systemdrive%\rapport.txt)
if exist processes.txt (echo %windir%\processes.txt %sFound%>>%systemdrive%\rapport.txt)
if exist product_box.gif (echo %windir%\product_box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist psg.exe (echo %windir%\psg.exe %sFound%>>%systemdrive%\rapport.txt)
if exist pssms.dll (echo %windir%\pssms.dll %sFound%>>%systemdrive%\rapport.txt)
if exist Pynix.dll (echo %windir%\Pynix.dll %sFound%>>%systemdrive%\rapport.txt)
if exist qdertu.exe (echo %windir%\qdertu.exe %sFound%>>%systemdrive%\rapport.txt)
if exist qnxplugin.dll (echo %windir%\qnxplugin.dll %sFound%>>%systemdrive%\rapport.txt)
if exist q*_disk.dll (echo %windir%\q*_disk.dll %sFound%>>%systemdrive%\rapport.txt)
if exist red_warning_ico.gif (echo %windir%\red_warning_ico.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-box.gif" (echo %windir%\reg-freeze-box.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "reg-freeze-header.gif" (echo %windir%\reg-freeze-header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist remove_spyware_header.gif (echo %windir%\remove_spyware_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "remove-spyware-btn.gif" (echo %windir%\remove-spyware-btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist removeadware.ico (echo %windir%\removeadware.ico %sFound%>>%systemdrive%\rapport.txt)
if exist retnsrp.dll (echo %windir%\retnsrp.dll %sFound%>>%systemdrive%\rapport.txt)
if exist rf.gif (echo %windir%\rf.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rf_header.gif (echo %windir%\rf_header.gif %sFound%>>%systemdrive%\rapport.txt)
if exist rmvgor.dll (echo %windir%\rmvgor.dll %sFound%>>%systemdrive%\rapport.txt)
if exist rzs.exe (echo %windir%\rzs.exe %sFound%>>%systemdrive%\rapport.txt)
if exist runwin32.exe (echo %windir%\runwin32.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sachostx.exe (echo %windir%\sachostx.exe %sFound%>>%systemdrive%\rapport.txt)
if exist safe_and_trusted.gif (echo %windir%\safe_and_trusted.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sapnet.dll (echo %windir%\sapnet.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sawkip.exe (echo %windir%\sawkip.exe %sFound%>>%systemdrive%\rapport.txt)
if exist scan_btn.gif (echo %windir%\scan_btn.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sconf32.dll (echo %windir%\sconf32.dll %sFound%>>%systemdrive%\rapport.txt)
if exist screen.html (echo %windir%\screen.html %sFound%>>%systemdrive%\rapport.txt)
if exist se_spoof.dll (echo %windir%\se_spoof.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sec.exe (echo %windir%\sec.exe %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-bg.gif" (echo %windir%\security-center-bg.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "security-center-logo.gif" (echo %windir%\security-center-logo.gif %sFound%>>%systemdrive%\rapport.txt)
if exist security_center_caption.gif (echo %windir%\security_center_caption.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_hor.gif (echo %windir%\sep_hor.gif %sFound%>>%systemdrive%\rapport.txt)
if exist sep_vert.gif (echo %windir%\sep_vert.gif %sFound%>>%systemdrive%\rapport.txt)
if exist service.dll (echo %windir%\service.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sexpersonals.ico (echo %windir%\sexpersonals.ico %sFound%>>%systemdrive%\rapport.txt)
if exist sdkcb.dll (echo %windir%\sdkcb.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sdkqq.exe (echo %windir%\sdkqq.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sdrmod.dll (echo %windir%\sdrmod.dll %sFound%>>%systemdrive%\rapport.txt)
if exist secure32.html (echo %windir%\secure32.html %sFound%>>%systemdrive%\rapport.txt)
if exist shell.exe (echo %windir%\shell.exe %sFound%>>%systemdrive%\rapport.txt)
if exist sites.ini (echo %windir%\sites.ini %sFound%>>%systemdrive%\rapport.txt)
if exist slassac.dll (echo %windir%\slassac.dll %sFound%>>%systemdrive%\rapport.txt)
if exist sounddrv.dll (echo %windir%\sounddrv.dll %sFound%>>%systemdrive%\rapport.txt)
if exist soundplugin.dll (echo %windir%\soundplugin.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spp3.dll (echo %windir%\spp3.dll %sFound%>>%systemdrive%\rapport.txt)
if exist spacer.gif (echo %windir%\spacer.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spacer.gif'" (echo %windir%\spacer.gif' %sFound%>>%systemdrive%\rapport.txt)
if exist spyware_detected.gif (echo %windir%\spyware_detected.gif %sFound%>>%systemdrive%\rapport.txt)
if exist "spyware-det
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
@ECHO OFF
REM Smitfraud Fix by S!Ri
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip
REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
REM and all the ones I forgot who submit files, analyses, help users...
REM Miekiemoes' Shudder key fix added.
REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
REM Reboot.exe by Shadowwar/Option^Explicit added.
REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
REM unzip.exe - info-zip (http://www.info-zip.org)
REM SmiUpdate.exe - Sebdraluorg
REM exit.exe - MAD - Malware Analysis and Diagnostic
set fixname=SmitFraudFix
set fixvers=v2.274
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 5.2.3790">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
if %OS%==Windows_NT goto NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:NT
set DoReboot=0
set DoRestart=0
set syspath=%windir%\system32
REM Smitfraud Fix by S!Ri
REM http://siri.urz.free.fr/Fix/SmitfraudFix.zip
REM Thanks, Help: atribune, balltrap34, Beamerke, derek, Grinler, ipl_001, LonnyRJones, MAD,
REM Malekal_morte, Marckie, moe31, ~Mark, Miekiemoes, Ruby, Roel, Sebdraluorg,
REM sUBs, Suzi, tirol, TonyKlein, Vazkor,
REM and all the ones I forgot who submit files, analyses, help users...
REM Miekiemoes' Shudder key fix added.
REM Process.exe by Craig.Peacock added (http://www.beyondlogic.org)
REM Reboot.exe by Shadowwar/Option^Explicit added.
REM swreg.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swsc.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM swxcacls.exe by SteelWerx (https://fstaal01.home.xs4all.nl/commandline-us.html
REM restart.exe - SuperFast Shutdown (http://www.xp-smoker.com/freeware.html
REM dumphive.exe - Markus Stephany (http://www.mirkes.de)
REM unzip.exe - info-zip (http://www.info-zip.org)
REM SmiUpdate.exe - Sebdraluorg
REM exit.exe - MAD - Malware Analysis and Diagnostic
set fixname=SmitFraudFix
set fixvers=v2.274
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO Win
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 5.2.3790">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "version 6.0">NUL
IF NOT ERRORLEVEL 1 GOTO NT
if %OS%==Windows_NT goto NT
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:Win
color 47
echo %fixname% %fixvers%
echo.
echo Version non support^‚e.
echo Windows 2000 / XP requis !
echo.
echo Unsupported Version.
echo Windows 2000 / XP required !
echo.
pause
goto exit
:NT
set DoReboot=0
set DoRestart=0
set syspath=%windir%\system32
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
28 déc. 2007 à 08:58
28 déc. 2007 à 08:58
Bonjour tout d'abord !
Rien a voir avec ce que j'attends ...
Rien a voir avec ce que j'attends ...
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
28 déc. 2007 à 09:19
28 déc. 2007 à 09:19
Re
Exemple de rapport poste 5 http://www.commentcamarche.net/forum/affich 4401263 panneau configuration perdu#0
Exemple de rapport poste 5 http://www.commentcamarche.net/forum/affich 4401263 panneau configuration perdu#0
Est-ce que cela vous convient ?
SmitFraudFix v2.274
Rapport fait à 14:12:22,40, 01/05/2002
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\windows\system32\hqeoaplvcb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VirusGarde\pgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gantet
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gantet\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gantet\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce MCP Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{932E27AD-4825-4E80-AAF3-20D65B446F7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{932E27AD-4825-4E80-AAF3-20D65B446F7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.274
Rapport fait à 14:12:22,40, 01/05/2002
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\windows\system32\hqeoaplvcb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VirusGarde\pgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gantet
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gantet\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gantet\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce MCP Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{932E27AD-4825-4E80-AAF3-20D65B446F7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{932E27AD-4825-4E80-AAF3-20D65B446F7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
28 déc. 2007 à 10:00
28 déc. 2007 à 10:00
Re
Yes, ce coup ci c est le bon, sauf que je reste un peu étonné de son résultat ..
Sinon, tu peux me tutoyer ;)
2 rogues de présents sur ton PC WinAntiVirus Pro 2006 http://assiste.com.free.fr/p/craptheque/winantivirus_pro_2006.html
et VirusGarde http://assiste.com.free.fr/p/craptheque/virusguard.html
Télécharge RogueRemover free
https://www.malwarebytes.com/for-home/products/
Tuto de Malekal_Morte :http://www.malekal.com/tutorial_RogueRemover.php
Installe le, puis effectue les mises à jour et lance le scan ensuite coche :
WinAntiVirus Pro 2006 et VirusGarde puis clique sur remove selected.
(précise moi si il a trouvé autre chose stp.)
Laisse le finir son travail puis ferme le quand terminé.
Poste en réponse le rapport de RogueRemoversitué dans C:\Program Files\RogueRemover free\RRLogxxx.txt ainsi qu'un nouveau rapport HijackThis.
@ suivre.
Yes, ce coup ci c est le bon, sauf que je reste un peu étonné de son résultat ..
Sinon, tu peux me tutoyer ;)
2 rogues de présents sur ton PC WinAntiVirus Pro 2006 http://assiste.com.free.fr/p/craptheque/winantivirus_pro_2006.html
et VirusGarde http://assiste.com.free.fr/p/craptheque/virusguard.html
Télécharge RogueRemover free
https://www.malwarebytes.com/for-home/products/
Tuto de Malekal_Morte :http://www.malekal.com/tutorial_RogueRemover.php
Installe le, puis effectue les mises à jour et lance le scan ensuite coche :
WinAntiVirus Pro 2006 et VirusGarde puis clique sur remove selected.
(précise moi si il a trouvé autre chose stp.)
Laisse le finir son travail puis ferme le quand terminé.
Poste en réponse le rapport de RogueRemoversitué dans C:\Program Files\RogueRemover free\RRLogxxx.txt ainsi qu'un nouveau rapport HijackThis.
@ suivre.
voilà le rapport seul WinAntiVirus Pro 2006 a été supprimé, virus garde n'est pas apparu bien qu'on le possède.
cordialement
Malwarebytes' RogueRemover
Malwarebytes ©2007 https://www.malwarebytes.com/
6653 total fingerprints loaded.
Loading database ...
Expanding environmental variables ...
Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].
RogueRemover has detected rogue antispyware components! Results below...
Type: File
Vendor: TrustedProtection
Location: C:\WINDOWS\system32\drivers\fopf.sys
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Folder
Vendor: BestsellerAntivirus
Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor
Selected for removal: No
Type: Folder
Vendor: BestsellerAntivirus
Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data
Selected for removal: No
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AppID\WinPGI.DLL
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\WAP6.PCheck
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\WAP6.PCheck.1
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AVExplorer.ShellExtension
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AVExplorer.ShellExtension.2
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AppID\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf_HK
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VxD\VSPF_HK
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_HK
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK
Selected for removal: Yes
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AppID\{7F7775D5-1EC8-4c0d-9BD7-6F3380959861}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AppID\PopupG.DLL
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator.1
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\CLSID\{C4514FE1-54AA-42f0-B212-BA8065206F8F}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\CLSID\{D3B4C621-6024-410b-9F0F-22CBD6981F5E}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\G.Object
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\G.Object.1
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\Interface\{D961C9CA-59B3-46DD-9CEE-47714CFE2831}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\TypeLib\{55B49019-E69E-47FD-A67F-F28D83E5B695}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\TypeLib\{7F7775D5-1EC8-4C0D-9BD7-6F3380959861}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FOPF
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPF
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPF
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPF
Selected for removal: No
Type: Registry Key
Vendor: ErrClean
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair
Selected for removal: No
Type: Registry Value
Vendor: ErrorProtector
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Salestart
Selected for removal: No
RogueRemover has found the objects above.
cordialement
Malwarebytes' RogueRemover
Malwarebytes ©2007 https://www.malwarebytes.com/
6653 total fingerprints loaded.
Loading database ...
Expanding environmental variables ...
Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].
RogueRemover has detected rogue antispyware components! Results below...
Type: File
Vendor: TrustedProtection
Location: C:\WINDOWS\system32\drivers\fopf.sys
Selected for removal: No
Type: File
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
Selected for removal: Yes
Type: Folder
Vendor: WinAntiVirus 2006
Location: C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Folder
Vendor: BestsellerAntivirus
Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor
Selected for removal: No
Type: Folder
Vendor: BestsellerAntivirus
Location: C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data
Selected for removal: No
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AppID\WinPGI.DLL
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\WAP6.PCheck
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\WAP6.PCheck.1
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AVExplorer.ShellExtension
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AVExplorer.ShellExtension.2
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\AppID\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_CLASSES_ROOT\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf_HK
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VxD\VSPF_HK
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_HK
Selected for removal: Yes
Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK
Selected for removal: Yes
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AppID\{7F7775D5-1EC8-4c0d-9BD7-6F3380959861}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AppID\PopupG.DLL
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator.1
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\CLSID\{C4514FE1-54AA-42f0-B212-BA8065206F8F}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\CLSID\{D3B4C621-6024-410b-9F0F-22CBD6981F5E}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\G.Object
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\G.Object.1
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\Interface\{D961C9CA-59B3-46DD-9CEE-47714CFE2831}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\TypeLib\{55B49019-E69E-47FD-A67F-F28D83E5B695}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_CLASSES_ROOT\TypeLib\{7F7775D5-1EC8-4C0D-9BD7-6F3380959861}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FOPF
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPF
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPF
Selected for removal: No
Type: Registry Key
Vendor: TrustedProtection
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPF
Selected for removal: No
Type: Registry Key
Vendor: ErrClean
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair
Selected for removal: No
Type: Registry Value
Vendor: ErrorProtector
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Salestart
Selected for removal: No
RogueRemover has found the objects above.
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
28 déc. 2007 à 22:56
28 déc. 2007 à 22:56
Bonsoir Sukky
Bien joué, je reste étonné que Rogueremover n'est pas proposé de supprimer VirusGarde
Désinstallation de VirusGarde
Démarrer / Paramètres /Panneau de config et dans Ajout/Suppression de programme , clique sur la ligne du programme a désinstaller VirusGarde puis clique sur supprimer et suis les demandes de la boite de dialogue qui s'ouvrira afin d'amener la désinstallation a son terme.
Fais redémarrer ton PC si demander et jette ensuite le dossier dans C:\Program Files\VirusGarde >--- le dossier.
Poste ensuite un nouveau rapport HijackThis et dis moi si tu constates des améliorations.
@ suivre
Bien joué, je reste étonné que Rogueremover n'est pas proposé de supprimer VirusGarde
Désinstallation de VirusGarde
Démarrer / Paramètres /Panneau de config et dans Ajout/Suppression de programme , clique sur la ligne du programme a désinstaller VirusGarde puis clique sur supprimer et suis les demandes de la boite de dialogue qui s'ouvrira afin d'amener la désinstallation a son terme.
Fais redémarrer ton PC si demander et jette ensuite le dossier dans C:\Program Files\VirusGarde >--- le dossier.
Poste ensuite un nouveau rapport HijackThis et dis moi si tu constates des améliorations.
@ suivre
Bonjour,
Tu trouveras ci-joint le rapport Hijackthis
Cordialement
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:21:07, on 02/05/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gantet\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Tu trouveras ci-joint le rapport Hijackthis
Cordialement
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:21:07, on 02/05/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gantet\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
29 déc. 2007 à 08:46
29 déc. 2007 à 08:46
Bonjour
Tu utilises Logfile of Trend Micro HijackThis v2.0.0 (BETA) ...
1) Désinstallation de la version beta
Lancer hjt "Open misc tools section" avec la flèche a droite descendre jusqu' a "uninstall HijackThis&exit puis supprimer le dossier Hjt qui se trouve sur ton Bureau.
2) Installation HijackThis 2.0.2
Télécharge hijackthis sur ton Bureau.
Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.
Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .
Puis clique sur "Do a system scan and save a logfile"
Ferme HijackThis et fait un copier-coller du rapport en entier et poste le ici en réponse.
Note : le rapport se trouve dans c:\Program Files\Trend Micro\HijackThis
Fais cela stp ensuite on passe a "l attaque" ;)
Le probleme se trouve la ;) :
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
@ suivre
Tu utilises Logfile of Trend Micro HijackThis v2.0.0 (BETA) ...
1) Désinstallation de la version beta
Lancer hjt "Open misc tools section" avec la flèche a droite descendre jusqu' a "uninstall HijackThis&exit puis supprimer le dossier Hjt qui se trouve sur ton Bureau.
2) Installation HijackThis 2.0.2
Télécharge hijackthis sur ton Bureau.
Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.
Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .
Puis clique sur "Do a system scan and save a logfile"
Ferme HijackThis et fait un copier-coller du rapport en entier et poste le ici en réponse.
Note : le rapport se trouve dans c:\Program Files\Trend Micro\HijackThis
Fais cela stp ensuite on passe a "l attaque" ;)
Le probleme se trouve la ;) :
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
@ suivre
Voilà le rapport Hijackthis
Cordialement
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:12, on 02/05/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Cordialement
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:12, on 02/05/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
29 déc. 2007 à 09:10
29 déc. 2007 à 09:10
Re
Bien joué
****Je ne vois pas Antivir se lancer au démarrage ? as tu son parapluie ouvert dans la barre des taches en bas a droite ?*****
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection
1) Télécharge
OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
N'y touche pas pour le moment.
2) Redémarre en mode sans échec
Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Lance HijackThis.
Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.
Clique sur Fix Checked puis clique sur OK
Puis ferme hijackthis.
4) OTMoveIt (de Old_Timer)
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.
5) Rapports
Fais redémarrer ton PC en mode normal puis poste en réponse :
* Le rapport d’OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
* Un nouveau rapport HijackThis.
@ suivre
Bien joué
****Je ne vois pas Antivir se lancer au démarrage ? as tu son parapluie ouvert dans la barre des taches en bas a droite ?*****
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection
1) Télécharge
OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
N'y touche pas pour le moment.
2) Redémarre en mode sans échec
Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Lance HijackThis.
Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.
Clique sur Fix Checked puis clique sur OK
Puis ferme hijackthis.
4) OTMoveIt (de Old_Timer)
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.
5) Rapports
Fais redémarrer ton PC en mode normal puis poste en réponse :
* Le rapport d’OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
* Un nouveau rapport HijackThis.
@ suivre
Rapport d’OTMoveIt
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe moved successfully.
Created on 05/02/2002 14:18:03
rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:10, on 02/05/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Neuf\Kit\9diags.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe moved successfully.
Created on 05/02/2002 14:18:03
rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:10, on 02/05/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Neuf\Kit\9diags.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
29 déc. 2007 à 10:37
29 déc. 2007 à 10:37
Re
J en avais bien peur, Demarrer /tous les programmes Antivir PersonnalEdition Classisc ?start Antivir PersonnalEdition puis tu clique sur Activate a droite d' Antivir guard
Le gardien d'Abntivir doit se redeclencher,tu dois avoir leparapluie dansla barre des taches;
Si ce n'est toujours pas le cas Demarrer / executer tapes msconfig une fenetre va s ouvrir, clique sur l'onglet demarrage et verifie avgnt q--> u'antiir y est coché pour se lancer au demarrage, si ce n est pas le cas coche et signalemoi le en réponse.
Redemarre le PC et dis moi si Antivir est maintenant présent dans la barre des tache ...
Puis
OTMoveIt (de Old_Timer)
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\Program Files\Fichiers communs\ErreurChasseur
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.
--> Poste le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
@ suivre
J en avais bien peur, Demarrer /tous les programmes Antivir PersonnalEdition Classisc ?start Antivir PersonnalEdition puis tu clique sur Activate a droite d' Antivir guard
Le gardien d'Abntivir doit se redeclencher,tu dois avoir leparapluie dansla barre des taches;
Si ce n'est toujours pas le cas Demarrer / executer tapes msconfig une fenetre va s ouvrir, clique sur l'onglet demarrage et verifie avgnt q--> u'antiir y est coché pour se lancer au demarrage, si ce n est pas le cas coche et signalemoi le en réponse.
Redemarre le PC et dis moi si Antivir est maintenant présent dans la barre des tache ...
Puis
OTMoveIt (de Old_Timer)
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\Program Files\Fichiers communs\ErreurChasseur
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.
--> Poste le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
@ suivre
Le sioux
Messages postés
4894
Date d'inscription
dimanche 27 mai 2007
Statut
Contributeur sécurité
Dernière intervention
6 mars 2023
496
29 déc. 2007 à 11:29
29 déc. 2007 à 11:29
Re
Ok, ta punition , lol ;)
1)Télécharge Avira antivir
-- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien :
https://www.avira.com/ sur ton bureau.
Mets toi hors connexion débranche ton cable ou coupe ta wifi
2) Désinstallation d'Antivir</gras>
Mets toi hors connexion , puis désinstalle Antivir via démarrer /panneau de config/ ajout et suppression de programmes , redémarre ton pc comme demandé s
3) Installe et paramètre puis mets a jour Antivir
Double clique sur son set up sur ton bureau pour lancer l’installation.
Une fois celui ci installé, remets la connexion et
Effectue sa mise a jour puis ferme ce programme pour l’instant.
Puis paramètre le comme indiqué ici :
http://speedweb1.free.fr/frames2.php?page=tuto5
ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/
4) Redémarre en mode sans échec
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuyer sur [Entrée]
Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Voir si besoin C) https://forum.pcastuces.com/sujet.asp?f=25&s=3902
5) Scan Antivirus et nettoyage avec Avira Antivir
Lance Avira antivir en faisant un double-clique sur le raccourci d’Antivir sur ton Bureau (ou via Demarrer /tous les programmes /Antivir) puis « start Antivir »
Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
Mets tout ce qu il trouve en "quarantine"
Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton bureau..
6) Rapport
Redémarre en mode normal puis poste le rapport d'Antivir (que tu as sauvegardé sur ton bureau).
Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php
@ suivre
Ok, ta punition , lol ;)
1)Télécharge Avira antivir
-- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien :
https://www.avira.com/ sur ton bureau.
Mets toi hors connexion débranche ton cable ou coupe ta wifi
2) Désinstallation d'Antivir</gras>
Mets toi hors connexion , puis désinstalle Antivir via démarrer /panneau de config/ ajout et suppression de programmes , redémarre ton pc comme demandé s
3) Installe et paramètre puis mets a jour Antivir
Double clique sur son set up sur ton bureau pour lancer l’installation.
Une fois celui ci installé, remets la connexion et
Effectue sa mise a jour puis ferme ce programme pour l’instant.
Puis paramètre le comme indiqué ici :
http://speedweb1.free.fr/frames2.php?page=tuto5
ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/
4) Redémarre en mode sans échec
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuyer sur [Entrée]
Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Voir si besoin C) https://forum.pcastuces.com/sujet.asp?f=25&s=3902
5) Scan Antivirus et nettoyage avec Avira Antivir
Lance Avira antivir en faisant un double-clique sur le raccourci d’Antivir sur ton Bureau (ou via Demarrer /tous les programmes /Antivir) puis « start Antivir »
Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
Mets tout ce qu il trouve en "quarantine"
Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton bureau..
6) Rapport
Redémarre en mode normal puis poste le rapport d'Antivir (que tu as sauvegardé sur ton bureau).
Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php
@ suivre