MCFIVE

Hello, Voici : 1) Rapport OTL (1) 2) Rapport OTL (3) Rapport OTL (1) Bon, j'espère que mes manœuvres auront été correctes. Bonne réception. MCFIVE

Hello Tomtom95, J'ai Téléchargé FindyKill, qui s'ouvre et s'arrête sur une fenêtre noire dans laquelle un chat dessiné apparaît avec c e k f p q> aucune réaction lorsque je clique n'importe quelle éléments ? Y aurait-il quelque chose que j'ai pas vraiment suivi ? Merci. MCFIVE

bonjour TOMTOM95, désolé pour ce délai de réponse.. (Ce type de fichier exécutable n'est plus accueilli par CJoint.) @echo off mode con: cols=90 lines=26&color F0 title FyK by El Desaparecido VER|FIND /i "5.1.2600">nul && set OSVER=0 && goto go VER|FIND /i "6.0.600">nul && set OSVER=1 && goto go VER|FIND /i "6.1.7">nul && set OSVER=1 && goto go goto NoSupport :go cd /d "%~dp0" echo.&echo. Tools\echox -n -c F0 " @@@@@@@@ @@@ @@@ @@@ @@@@@@@ @@@ @@@" Tools\echox -c FC " @@@ @@@ @@@ @@@ @@@~r" Tools\echox -n -c F0 " @@@@@@@@ @@@ @@@@ @@@ @@@@@@@@ @@@ @@@" Tools\echox -c FC " @@@ @@@ @@@ @@@ @@@~r" Tools\echox -n -c F0 " @@! @@! @@!@!@@@ @@! @@@ @@! !@@" Tools\echox -c FC " @@! !@@ @@! @@! @@!~r" Tools\echox -n -c F0 " !@! !@! !@!!@!@! !@! @!@ !@! @!!" Tools\echox -c FC " !@! @!! !@! !@! !@!~r" Tools\echox -n -c F0 " @!!!:! !!@ @!@ !!@! @!@ !@! !@!@!" Tools\echox -c FC " @!@@!@! !!@ @!! @!!~r" Tools\echox -n -c F0 " !!!!!: !!! !@! !!! !@! !!! @!!!" Tools\echox -c FC " !!@!!! !!! !!! !!!~r" Tools\echox -n -c F0 " !!: !!: !!: !!! !!: !!! !!::" Tools\echox -c FC " !!: :!! !!: !!: !!:~r" Tools\echox -n -c F0 " :!: :!: :!: !:! :!: !:! :!:" Tools\echox -c FC " :!: !:! :!: :!: :!:~r" Tools\echox -n -c F0 " :: :: :: :: :::: :: ::" Tools\echox -c FC " :: ::: :: :: :::: :: ::::~r" Tools\echox -n -c F0 " : : :: : :: : : :" Tools\echox -c FC " : ::: : : :: : : : :: : :~r" echo.&echo.&echo. Tools\echox -c F8 -w 90 -e "_______________________________________________________" echo. Tools\echox -c F0 -w 90 -e "FindyKill - Eradicate Bagle Worm by El Desaparecido" Tools\echox -c F8 -w 90 -e "_______________________________________________________" ping localhost -n 3 > nul :: Remerciements à mOe, à C_XX et à l équipe de comment ça marche.net :: Traduction anglaise par C_XX :: Traduction portugaise par Jorghino67 :: Traduction créole par Master Flex :: Traduction espagnol par El Desaparecido set Rapport=%HomeDrive%\FyK.txt set fixname=FindyKill set fixvers=V5.056 if exist %Rapport% del /F /Q %Rapport% if exist $* del /F /Q $* if exist *.txt del /F /Q *.txt if exist Tools\$* del /F /Q Tools\$* if exist err.log del /F /Q err.log for /f "tokens=*" %%A in ('dir /a/b "%HomeDrive%\"^|Tools\GREP -iw "\(Users\|Documents and settings\)"') do ( for /f "tokens=*" %%B in ('dir /a-h/b "%HomeDrive%\%%A"^|Tools\GREP -iv "\(%USERNAME%\|Default\|Public\|All Users\)"') do ( echo %HomeDrive%\%%A\%%B# >>$Users )) 2>nul if %OSVER%==0 ( set Cookie=%USERPROFILE%\Cookies Tools\swreg.exe query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion|find.exe /i "Service Pack 3">NUL && set Pack=3 set Cache=HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache echo %AppData%>>$AppData for /f "tokens=4* delims=\" %%a in ( $AppData ) do set "Applik=%%a" ) if %OSVER%==1 ( set Cookie=%AppData%\Microsoft\Windows\Cookies set Applik=AppData\Roaming set Pack=V set Cache=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MUICache ) (for /f "tokens=5 delims=\" %%a in ('Tools\swreg.exe query "HKCU\Software\Microsoft\Protected Storage System Provider"') do (set User=%%a))>nul 2>nul FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%A:\*.*">nul 2>&1 && ( Tools\swxcacls "%%A:\System Volume Information" /OA /Q >NUL 2>&1 Tools\swxcacls "%%A:\System Volume Information" /P /GE:F /Q >NUL 2>&1 ) ::############################################################################################################################################################################ :: Recuperation MD5 for %%b in ( "%HOMEDRIVE%\Qoobox" "%HOMEDRIVE%\_OTMoveIt" "%HOMEDRIVE%\Muestras" "%HOMEDRIVE%\Avenger" ) do if exist "%%~b" ( for /f "tokens=*" %%c in ('dir /a-d /b /s "%%~b" ^| findstr.exe /i "hldrrr winfilse winupgro" ^|find /i /v ".zip"') do ( Call :Check_md5 "%%~dpc" %%~nxc >nul 2>nul )) for %%a in ( "%windir%\mdelk.exe" "%windir%\wintems.exe" "%windir%\system32\1.exe" "%windir%\system32\anti_troj.exe" "%windir%\system32\edlm.exe" "%windir%\system32\edlm2.exe" "%windir%\system32\flec003.exe" "%windir%\system32\german.exe" "%windir%\system32\hldrrr.exe" "%windir%\system32\mdelk.exe" "%windir%\system32\re_file.exe" "%windir%\system32\srosa2.sys" "%windir%\system32\trusted.exe" "%windir%\system32\wfsintwq.sys" "%windir%\system32\wintems.exe" "%windir%\system32\winupgro.exe" "%windir%\system32\zzzzzzzzz.exe" "%windir%\SysWOW64\1.exe" "%windir%\SysWOW64\anti_troj.exe" "%windir%\SysWOW64\edlm.exe" "%windir%\SysWOW64\edlm2.exe" "%windir%\SysWOW64\flec003.exe" "%windir%\SysWOW64\german.exe" "%windir%\SysWOW64\hldrrr.exe" "%windir%\SysWOW64\mdelk.exe" "%windir%\SysWOW64\re_file.exe" "%windir%\SysWOW64\srosa2.sys" "%windir%\SysWOW64\trusted.exe" "%windir%\SysWOW64\wfsintwq.sys" "%windir%\SysWOW64\wintems.exe" "%windir%\SysWOW64\winupgro.exe" "%windir%\SysWOW64\zzzzzzzzz.exe" "%windir%\system32\drivers\hidr.exe" "%windir%\system32\drivers\hldrrr.exe" "%windir%\system32\drivers\mdelk.exe" "%windir%\system32\drivers\pci32.sys" "%windir%\system32\drivers\srosa.sys" "%windir%\system32\drivers\srosa2.sys" "%windir%\system32\drivers\wfsintwq.sys" "%windir%\system32\drivers\winfilse.exe" "%windir%\system32\drivers\winupgro.exe" "%appdata%\drivers\111wfs1intwq.sys" "%appdata%\drivers\11s11ro1s1a2.sys" "%appdata%\drivers\mdelk.exe" "%appdata%\drivers\srosa.sys" "%appdata%\drivers\srosa2.sys" "%appdata%\drivers\wfsintwq.sys" "%appdata%\drivers\winupgro.exe" "%appdata%\hidires\file.exe" "%appdata%\hidires\flec003.exe" "%appdata%\hidires\flec005.exe" "%appdata%\hidires\hidr.exe" "%appdata%\hidires\m_hook.sys" "%appdata%\hidires\rosa.sys" "%appdata%\hidn\hidn2.exe" "%appdata%\hidn\m_hook.sys" "%appdata%\m\flec006.exe" ) do if exist "%%~a" Call :Check_md5 "%%~dpa" %%~nxa >nul 2>nul if [%1]==[/2ndpassEN] set idioma=A&Call Tools\Langue.cmd&&goto Clean if [%1]==[/2ndpassES] set idioma=E&Call Tools\Langue.cmd&&goto Clean if [%1]==[/2ndpassFR] set idioma=F&Call Tools\Langue.cmd&&goto Clean if [%1]==[/2ndpassPR] set idioma=P&Call Tools\Langue.cmd&&goto Clean if [%1]==[/2ndpassKR] set idioma=K&Call Tools\Langue.cmd&&goto Clean ::############################################################################################################################################################################ :Menu mode con: cols=80 lines=20& color 0F title FyK by El Desaparecido ^| Langage cls echo.&echo.&echo. echo. echo ^|\ _,,,--,,_ ,) echo /,`.-'`' -, ;-;;' echo __ ^|,4- ) )-,_ ) /\__________________________________________________________ echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ echo.&echo. Tools\echox -n -c 0C " F | Francais " Tools\echox -n -c 0A " E | English " Tools\echox -n -c 0F " P | Portugues " echo. echo. Tools\echox -n -c 0F " C | Castellano " Tools\echox -n -c 0A " K | Kreyol " Tools\echox -n -c 0C " Q | Quit " echo. echo. echo. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. ) else ( set ChoixMenu='' set /p ChoixMenu=%sChoice% ( C , E , K , F , P , Q ) -^> ^> if '%ChoixMenu%'=='q' goto exit if '%ChoixMenu%'=='Q' goto exit if '%ChoixMenu%'=='f' set idioma=F&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='F' set idioma=F&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='e' set idioma=A&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='E' set idioma=A&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='p' set idioma=P&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='P' set idioma=P&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='c' set idioma=E&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='C' set idioma=E&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='k' set idioma=K&call Tools\Langue.cmd& goto MenuBis if '%ChoixMenu%'=='K' set idioma=K&call Tools\Langue.cmd& goto MenuBis goto Menu :MenuBis title FyK by El Desaparecido ^| Menu mode con: cols=80 lines=24& color 0F cls echo.&echo.&echo. echo. echo ^|\ _,,,--,,_ ,) %translate% echo /,`.-'`' -, ;-;;' echo __ ^|,4- ) )-,_ ) /\__________________________________________________________ echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ echo.&echo.&echo. Tools\echox -n -c 0A " %menu1% " Tools\echox -n -c 0F " %menu4% " echo. echo. Tools\echox -n -c 0C " %menu2% " Tools\echox -n -c 0A " %menu5% " echo. echo. Tools\echox -n -c 0F " %menu3% " Tools\echox -n -c 0C " %menu6% " echo.&echo. echo. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. ) else ( set ChoixMenu='' set /p ChoixMenu=%sChoice% ( 1, 2, 3, 4 ,5 ,Q ) : ^> if '%ChoixMenu%'=='q' goto exit if '%ChoixMenu%'=='Q' goto exit if '%ChoixMenu%'=='1' goto Sniff if '%ChoixMenu%'=='2' goto Kill if '%ChoixMenu%'=='3' goto Tuto if '%ChoixMenu%'=='4' goto Desinstal if '%ChoixMenu%'=='5' goto Donate goto MenuBis ::############################################################################################################################################################################ :: Debut de scan :Sniff title FyK by El Desaparecido ^| Scan if not exist Tools ( cls echo %noexist1% echo %noexist2% echo %exit% pause>nul exit ) mode con: cols=80 lines=16& color 0F&call :suivi&echo %step%&echo.&echo %wait% if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:A ) if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:E ) if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:F ) if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:K ) if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:P ) (echo.&echo ############################## ^| %fixname% %fixvers% ^|&echo.)>>%Rapport% CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Act:Header type "$header" >> %Rapport% Call :Defil 10 mode con: cols=100 lines=8& color 0C ::############################################################################################################################################################################ :: Arret des processus + neutralisation du rootkit echo. >> %Rapport%&echo ################## ^| %proc2% ^| >> %Rapport%&echo.>> %Rapport% for /f "tokens=*" %%a in ('Tools\winupgro.exe -o"%%f" ^|findstr /I "file\.exe nideiect\.com hldrrr\.exe winfilse\.exe drivers\\mdelk\.exe system32\\mDELk\.exe wintems\.exe flec003\.exe flec005\.exe flec006\.exe drivers\\downld\\ drivers\\down drivers\\winupgro\.exe system32\\winupgro\.exe"') do echo %%a>>$Filetokill if exist $Filetokill ( mode con: cols=100 lines=8& color 0C for /f "tokens=*" %%a in ($Filetokill) do cls&echo.&echo.&echo.&echo Killing process : %%~nxa&Tools\winupgro.exe -kf "%%~nxa" | find.exe /I /V "killing"&echo ^[%%~ta^|%%~aa^|%%~za^] %%~a -^> %Killed%! >> %Rapport% )2>nul for %%a in ( "%HomeDrive%\drivers\111wfs1intwq.sys" "%HomeDrive%\drivers\11s11ro1s1a2.sys" "%HomeDrive%\drivers\srosa.sys" "%HomeDrive%\drivers\srosa2.sys" "%HomeDrive%\drivers\wfsintwq.sys" "%windir%\system32\srosa2.sys" "%windir%\system32\wfsintwq.sys" "%windir%\SysWOW64\srosa2.sys" "%windir%\SysWOW64\wfsintwq.sys" "%windir%\system32\drivers\srosa.sys" "%windir%\system32\drivers\srosa2.sys" "%windir%\system32\drivers\wfsintwq.sys" "%appdata%\drivers\111wfs1intwq.sys" "%appdata%\drivers\11s11ro1s1a2.sys" "%appdata%\drivers\srosa.sys" "%appdata%\drivers\srosa2.sys" "%appdata%\drivers\wfsintwq.sys" ) do ( if exist "%%~a" cls&echo.&echo.&echo.&echo Killing Rootkit : %%~nxa&type nul>"%%a"&echo ^[%%~ta^|%%~aa^|%%~za^] %%~a -^> %Neutralized%! >> %Rapport% ) Call :Defil 20 (echo.&echo ################## ^| %proc1% ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0F for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%a:\*.*">nul 2>&1 && ( for %%b in ( "a.bat" "autorun.inf" "mfkeoh.exe" "infosat.txt" "nideiect.com" "ntde1ect.com" "o.bat" "winfile.exe" "x.mpeg" ) do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%a:\%%~b if exist "%%a:\%%~b" if not exist "%%a:\%%~b\*.*" ( for /f "tokens=* delims=" %%c IN ('dir /b/a/s "%%a:\%%~b"') do ( echo ^[%%~tc^|%%~ac^|%%~zc^] %%~c >>%Rapport% ))) for %%b in ( "drivers\111wfs1intwq.sys" "drivers\11s11ro1s1a2.sys" "drivers\winupgro.exe" "drivers\mdelk.exe" "drivers\srosa.sys" "drivers\srosa2.sys" "drivers\wfsintwq.sys" "drivers\downld" "Muestras" "Muestras\*.*" ) do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%a:\%%~b if exist "%%a:\%%~b" ( for /f "tokens=* delims=" %%c IN ('dir /b/a/s "%%a:\%%~b"') do ( echo ^[%%~tc^|%%~ac^|%%~zc^] %%~c >>%Rapport% )))) for %%a in ( "%windir%\ban_list.txt" "%windir%\crack" "%windir%\crack\crack.exe" "%windir%\exefld" "%windir%\exefld\*.*" "%windir%\exefnd" "%windir%\exefnd\*.*" "%windir%\exefqd" "%windir%\exefqd\*.*" "%windir%\mdelk.exe" "%windir%\wintems.exe" ) do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a if exist "%%~a" ( echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% )) Call :Defil 30 for %%a in ( "%windir%\system32\1.exe" "%windir%\system32\a.bat" "%windir%\system32\anti_troj.exe" "%windir%\system32\AutoRun.inf" "%windir%\system32\ba2n_l12.txt" "%windir%\system32\ban_list.txt" "%windir%\system32\edlm.exe" "%windir%\system32\edlm2.exe" "%windir%\system32\flec003.exe" "%windir%\system32\german.exe" "%windir%\system32\hldrrr.exe" "%windir%\system32\ldr64.dll" "%windir%\system32\mdelk.exe" "%windir%\system32\re_file.exe" "%windir%\system32\sloader64.dll" "%windir%\system32\srosa2.sys" "%windir%\system32\trusted.exe" "%windir%\system32\wfsintwq.sys" "%windir%\system32\wintems.exe" "%windir%\system32\winupgro.exe" "%windir%\system32\zzzzzzzzz.exe" "%windir%\SysWOW64\1.exe" "%windir%\SysWOW64\a.bat" "%windir%\SysWOW64\anti_troj.exe" "%windir%\SysWOW64\AutoRun.inf" "%windir%\SysWOW64\ba2n_l12.txt" "%windir%\SysWOW64\ban_list.txt" "%windir%\SysWOW64\edlm.exe" "%windir%\SysWOW64\edlm2.exe" "%windir%\SysWOW64\flec003.exe" "%windir%\SysWOW64\german.exe" "%windir%\SysWOW64\hldrrr.exe" "%windir%\SysWOW64\ldr64.dll" "%windir%\SysWOW64\mdelk.exe" "%windir%\SysWOW64\re_file.exe" "%windir%\SysWOW64\sloader64.dll" "%windir%\SysWOW64\srosa2.sys" "%windir%\SysWOW64\trusted.exe" "%windir%\SysWOW64\wfsintwq.sys" "%windir%\SysWOW64\wintems.exe" "%windir%\SysWOW64\winupgro.exe" "%windir%\SysWOW64\zzzzzzzzz.exe" ) do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a if exist "%%~a" ( echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% )) for %%a in ( "%windir%\system32\drivers\down" "%windir%\system32\drivers\downld" "%windir%\system32\drivers\hidr.exe" "%windir%\system32\drivers\hldrrr.exe" "%windir%\system32\drivers\m" "%windir%\system32\drivers\m\data.oct" "%windir%\system32\drivers\m\flec006.exe" "%windir%\system32\drivers\m\list.oct" "%windir%\system32\drivers\m\srvlist.oct" "%windir%\system32\drivers\m\shared" "%windir%\system32\drivers\m\shared\*.*" "%windir%\system32\drivers\mdelk.exe" "%windir%\system32\drivers\pci32.sys" "%windir%\system32\drivers\srosa.sys" "%windir%\system32\drivers\srosa2.sys" "%windir%\system32\drivers\wfsintwq.sys" "%windir%\system32\drivers\winfilse.exe" "%windir%\system32\drivers\winupgro.exe" ) do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a if exist "%%~a" ( echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% )) Call :Defil 40 for %%a in ( "%appdata%\drivers" "%appdata%\drivers\111wfs1intwq.sys" "%appdata%\drivers\11s11ro1s1a2.sys" "%appdata%\drivers\downld" "%appdata%\drivers\downld\*.*" "%appdata%\drivers\mdelk.exe" "%appdata%\drivers\srosa.sys" "%appdata%\drivers\srosa2.sys" "%appdata%\drivers\wfsintwq.sys" "%appdata%\drivers\winupgro.exe" "%appdata%\hidires" "%appdata%\hidires\config" "%appdata%\hidires\config\*.*" "%appdata%\hidires\downloads.bak" "%appdata%\hidires\downloads.txt" "%appdata%\hidires\file.exe" "%appdata%\hidires\flec003.exe" "%appdata%\hidires\flec005.exe" "%appdata%\hidires\hidr.exe" "%appdata%\hidires\Incoming" "%appdata%\hidires\Incoming\*.*" "%appdata%\hidires\lang" "%appdata%\hidires\lang\*.*" "%appdata%\hidires\m_hook.sys" "%appdata%\hidires\names.txt" "%appdata%\hidires\rosa.sys" "%appdata%\hidires\server.txt" "%appdata%\hidires\skins" "%appdata%\hidires\skins\*.*" "%appdata%\hidires\Temp" "%appdata%\hidires\Temp\*.*" "%appdata%\hidires\WDIR" "%appdata%\hidires\WDIR\*.*" "%appdata%\hidires\webserver" "%appdata%\hidires\webserver\*.*" "%appdata%\hidn" "%appdata%\hidn\hidn2.exe" "%appdata%\hidn\m_hook.sys" "%appdata%\m" "%appdata%\m\data.oct" "%appdata%\m\flec006.exe" "%appdata%\m\list.oct" "%appdata%\m\srvlist.oct" "%appdata%\m\shared" "%appdata%\m\shared\*.*" ) do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a if exist "%%~a" ( echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% )) if exist $users ( for /f "tokens=1* delims=#" %%A in ($users) do ( for %%B in ( "%%~A\%Applik%\111wfs1intwq.sys" "%%~A\%Applik%\11s11ro1s1a2.sys" "%%~A\%Applik%\drivers\downld" "%%~A\%Applik%\drivers\mdelk.exe" "%%~A\%Applik%\drivers\srosa.sys" "%%~A\%Applik%\drivers\srosa2.sys" "%%~A\%Applik%\drivers\wfsintwq.sys" "%%~A\%Applik%\drivers\winupgro.exe" "%%~A\%Applik%\drivers" "%%~A\%Applik%\hidires\downloads.bak" "%%~A\%Applik%\hidires\downloads.txt" "%%~A\%Applik%\hidires\config\*.*" "%%~A\%Applik%\hidires\config" "%%~A\%Applik%\hidires\file.exe" "%%~A\%Applik%\hidires\flec003.exe" "%%~A\%Applik%\hidires\flec005.exe" "%%~A\%Applik%\hidires\hidr.exe" "%%~A\%Applik%\hidires\Incoming\*.*" "%%~A\%Applik%\hidires\Incoming" "%%~A\%Applik%\hidires\lang\*.*" "%%~A\%Applik%\hidires\lang" "%%~A\%Applik%\hidires\m_hook.sys" "%%~A\%Applik%\hidires\names.txt" "%%~A\%Applik%\hidires\rosa.sys" "%%~A\%Applik%\hidires\server.txt" "%%~A\%Applik%\hidires\skins\*.*" "%%~A\%Applik%\hidires\skins" "%%~A\%Applik%\hidires\Temp\*.*" "%%~A\%Applik%\hidires\Temp" "%%~A\%Applik%\hidires\WDIR" "%%~A\%Applik%\hidires\webserver\*.*" "%%~A\%Applik%\hidires\webserver" "%%~A\%Applik%\hidn\hidn2.exe" "%%~A\%Applik%\hidn\m_hook.sys" "%%~A\%Applik%\hidn" "%%~A\%Applik%\m\data.oct" "%%~A\%Applik%\m\flec006.exe" "%%~A\%Applik%\m\list.oct" "%%~A\%Applik%\m\shared" "%%~A\%Applik%\m\srvlist.oct" "%%~A\%Applik%\m" ) do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~B if exist "%%~B" ( echo ^[%%~tB^|%%~aB^|%%~zB^] %%~B >>%Rapport% )))) Call :Defil 50 ::############################################################################################################################################################################ :: Recherche MD5 title FyK by El Desaparecido ^| Scan MD5 (echo.&echo ################## ^| Reference Bagle MD5 ... ^|&echo.)>>%Rapport% if exist $RefMd5 ( for /f "tokens=1,2,3 delims=#" %%a in ('type "$RefMd5"') do echo ^[%%~ta^|%%~aa^|%%~za^] %%~a ^( CRC32 : %%b ^| MD5 : %%c ^) >> %Rapport% ) (echo.&echo ################## ^| MD5 ... ^|&echo.)>>%Rapport% cls&mode con: cols=120 lines=12& color 0F echo.&echo.&echo.&Tools\echox -n -c 0A " Path : " echo. echo. echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. echo.&Tools\echox -n -c 0C " File : "&echo .... %wait% for /f "tokens=*" %%b in ('dir /a-d/b/s "%UserProfile%" "%ProgramFiles%" ^|findstr /Iv "\drivers \hidires \m" ^|findstr /I "\.exe$"') do ( cls echo.&echo.&echo.&Tools\echox -n -c 0A " Path : " Tools\echox -c 0A "%%~dpb" echo. echo. echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. echo.&Tools\echox -n -c 0C " File : " Tools\echox -c 0C "%%~nxb" Call :Md5 "%%~dpb" %%~nxb >nul 2>nul ) for /f "tokens=*" %%b in ('dir /a-d/b/s "%HomeDrive%\System Volume Information" ^|findstr /I "\.exe$ \.sys$"') do ( cls echo.&echo.&echo.&Tools\echox -n -c 0A " Path : " Tools\echox -c 0A "%%~dpb" echo. echo. echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. echo.&Tools\echox -n -c 0C " File : " Tools\echox -c 0C "%%~nxb" Call :Md5 "%%~dpb" %%~nxb >nul 2>nul ) if exist $Tmp ( for /f "tokens=1,2,3 delims=#" %%a in ('type "$Tmp"') do echo ^[%%~ta^|%%~aa^|%%~za^] %%~a ^( CRC32 : %%b ^| MD5 : %%c ^) >> %Rapport% ) Call :Defil 55 ::############################################################################################################################################################################ :: Recherche Trace Bagle title FyK by El Desaparecido ^| Bagle Trace (echo.&echo ################## ^| Bagle Trace ... ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0F for /f "tokens=*" %%b in ('dir /b/a/s "%windir%\prefetch\*.*" ^|findstr /i "^[0-9]*\.exe mdelk hldrrr winfilse wintems nideiect flec00 crack serial install_patch keygen key_gen generator"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >>%Rapport% ) for /f "tokens=*" %%b in ('dir /b/a/s "%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% ) if exist $users ( for /f "tokens=1* delims=#" %%a in ($users) do ( for /f "tokens=*" %%B in ('dir /b/a/s "%%~a\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% )))2>NUL for /f "tokens=*" %%b in ('dir /b/a/s "%Cookie%\*.*" ^|findstr /i "crack serial patch keygen keymaker generator"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% ) ::############################################################################################################################################################################ :: Recherche Crack title FyK by El Desaparecido ^| Scan Crack Keygen Serial (echo.&echo ################## ^| Crack .... ^|&echo.)>>%Rapport% cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack .... " &echo %wait% for /f "tokens=*" %%b in ('dir /a-d/b/s "%UserProfile%" ^|findstr /Iv "\drivers \hidires \m\Shared" ^|findstr /I "\.exe$ \.rar$ \.zip$" ^|findstr /I "Crack keymaker keygen serial"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack : " &echo %%~nxb&echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% ) ::############################################################################################################################################################################ :: Scan de la Base de Registre title FyK by El Desaparecido ^| Scan Regedit Call :Defil 60 (echo.&echo ################## ^| %proc3% ^|&echo.)>> %Rapport% for /f "tokens=1* delims=" %%A in ('type "Tools\Llave"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%A Tools\swreg query "%%A">nul 2>&1&IF NOT ERRORLEVEL 1 ( echo [%%A] >> %Rapport% )) for %%A in ( "KEY540534" ) do Tools\swreg query "HKCU\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\UI %%~A echo [HKCU\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport% Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Microsoft\Windows\UI %%~A echo [HKU\%User%\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport% )) Call :Defil 70 for %%A in ( "drvsyskit" "eMuleAutoStart" "german.exe" "mule_st_key" "hldrrr" "flec003.exe" ) do Tools\swreg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\CurrentVersion\Run %%~A echo [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\CurrentVersion\Run %%~A echo [HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% Tools\swreg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %%~A echo [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% Tools\swreg query "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run %%~A echo [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% )))) for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software" ^|findstr /I "\<bisoft\> \<CHKPTR\> \<Dat33eTim7\> \<DateTime4\> \<EWZ\> \<FFC\> \<FirstRRRun\> \<FirtR\> \<FirstRuxzx\> \<FR79732423\> \<MuleAppData\> \<XYZ\> \<XEW\>"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\%User%\Software\%%~A echo [HKU\%User%\Software\%%~A] >> %Rapport% ) Call :Defil 80 Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 ( for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Local AppWizard-Generated Applications\%%~A echo [HKCU\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% )) Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 ( for /f "tokens=5 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Local AppWizard-Generated Applications\%%~A echo [HKU\%User%\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% )) Call :Defil 90 ::############################################################################################################################################################################ :: Etat de la machine cls&echo.&echo.&echo.&Tools\echox -n -c 0C " %step1% " &echo %wait% (echo.&echo ################## ^| %etat% ^|&echo.)>>%Rapport% Tools\swreg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden" >nul ||( echo %missKey% : HKLM\...\Explorer\Advanced\Folder\Hidden ^| %FdcNotOk% >> %Rapport% echo.>> %Rapport% goto Mse ) (echo %FdcOK%&echo.)>> %Rapport% :: Mse Tools\swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" >nul ||( echo %missKey% : HKLM\...\SafeBoot ^| %MseNotOK% >> %Rapport% echo.>> %Rapport% goto Services ) tools\swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" >nul ||( echo %missKey% : HKLM\SYSTEM\...\SafeBoot\Minimal ^| %MseNotOK% >> %Rapport% echo.>> %Rapport% goto Services ) tools\swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" >nul ||( echo %missKey% : HKLM\SYSTEM\...\SafeBoot\Network ^| %MseNotOK% >> %Rapport% echo.>> %Rapport% goto Services ) (echo %MseOK%&echo.)>> %Rapport% if %OSVER%==1 ( for %%A in ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System") do ( for %%B in (EnableLUA) do ( Tools\swreg query "%%~A" /V %%B|find "1">nul 2>&1&IF NOT ERRORLEVEL 1 ( echo # Uac : OK ^( Good = 0x1 ^| Bad = 0x0 ^) >> %Rapport%&echo.>> %Rapport% ) else ( echo # ^(!^) Uac = 0x0 ^( Good = 0x1 ^| Bad = 0x0 ^) >> %Rapport%&echo.>> %Rapport% ))))2>NUL :: Services for /f "tokens=1,2* delims=#" %%a in ( "Ndisuio#NDIS User Mode" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "EapHost#Extensible Authentication Protocol Host" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "WwanSvc#AutoConfig Service WWAN" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "Ip6Fw#IPv6 Windows Firewall Driver" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "MpsSvc#Windows Firewall" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "SharedAccess#Windows Firewall - Internet Connection Sharing" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "windefend#Windows Defender" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "wuauserv#Windows Update" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "wscsvc#Windows Security Center" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "KMService#Software licensing service - Non Genuine Copy of Windows" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c" NEQ "4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^) >> %Rapport%&echo.>>%Rapport% if "%%c"=="4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^)>> %Rapport%&echo.>>%Rapport% )) Call :Defil 100 title FyK by El Desaparecido ^| Scan OK (echo.&echo ################## ^| %findurapport% ^|&echo.)>>%Rapport% if exist $* del /F /Q $* if exist *.txt del /F /Q *.txt if exist Tools\$* del /F /Q Tools\$* if exist err.log del /F /Q err.log call :suivi&echo %ou%&echo.&echo %merci%&notepad %Rapport%&exit ::############################################################################################################################################################################ :: Arret des processus et neutralisation du rootkit + Reboot :Kill title FyK by El Desaparecido ^| Killing Processes ^& Rootkit if exist $* del /F /Q $* if exist Tools\$* del /F /Q Tools\$* if exist #* del /F /Q #* mode con: cols=100 lines=8& color 0C if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:A ) if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:E ) if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:F ) if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:K ) if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:P ) if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:A ) if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:E ) if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:F ) if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:K ) if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:P ) Tools\swreg query "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v ReEXEc>nul 2>&1 &&( Tools\swreg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v ReEXEc >nul ) if %idioma%==A ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassEN">nul 2>nul ) if %idioma%==E ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassES">nul 2>nul ) if %idioma%==F ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassFR">nul 2>nul ) if %idioma%==K ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassKR">nul 2>nul ) if %idioma%==P ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassPR">nul 2>nul ) FOR /f "tokens=*" %%a in ('Tools\winupgro.exe -o"%%f" ^| findstr /I "file\.exe nideiect\.com hldrrr\.exe winfilse\.exe drivers\\mdelk\.exe system32\\mDELk\.exe wintems\.exe flec003\.exe flec005\.exe flec006\.exe drivers\\downld\\ drivers\\down drivers\\winupgro\.exe system32\\winupgro\.exe"') do ( cls&echo.&echo.&echo.&echo Killing Process : %%~nxa Tools\winupgro.exe -kf "%%~nxa">nul 2>nul ) for %%A in ( "%HomeDrive%\drivers\111wfs1intwq.sys" "%HomeDrive%\drivers\11s11ro1s1a2.sys" "%HomeDrive%\drivers\srosa.sys" "%HomeDrive%\drivers\srosa2.sys" "%HomeDrive%\drivers\wfsintwq.sys" "%windir%\system32\srosa2.sys" "%windir%\system32\wfsintwq.sys" "%windir%\SysWOW64\srosa2.sys" "%windir%\SysWOW64\wfsintwq.sys" "%windir%\system32\drivers\srosa.sys" "%windir%\system32\drivers\srosa2.sys" "%windir%\system32\drivers\wfsintwq.sys" "%appdata%\drivers\111wfs1intwq.sys" "%appdata%\drivers\11s11ro1s1a2.sys" "%appdata%\drivers\srosa.sys" "%appdata%\drivers\srosa2.sys" "%appdata%\drivers\wfsintwq.sys" ) do ( if exist "%%~A" cls&echo.&echo.&echo.&echo Rootkit : %%~A&type nul>"%%A" ) shutdown.exe -r -t 5 exit ::############################################################################################################################################################################ :: Supression de l infection :Clean title FyK by El Desaparecido ^| Cleaning mode con: cols=80 lines=16& color 0F call :suivi&echo %step%&echo.&echo %wait% (echo.&echo ############################## ^| %fixname% %fixvers% ^|&echo.)>>%Rapport% CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Act:Header type "$header" >> %Rapport% for /f "tokens=*" %%a in ('Tools\winupgro.exe -o"%%f" ^| findstr /I "nideiect\.com hldrrr\.exe winfilse\.exe drivers\\mdelk\.exe system32\\mDELk\.exe wintems\.exe flec003\.exe flec005\.exe flec006\.exe drivers\\downld\\ drivers\\down drivers\\winupgro\.exe system32\\winupgro\.exe"') do echo %%a>>$Filetokill if exist $Filetokill ( mode con: cols=100 lines=8& color 0C echo. >> %Rapport%&echo ############################## ^| %proc2% ^| >> %Rapport%&echo.>> %Rapport% for /f "tokens=*" %%a in ($Filetokill) do cls&echo.&echo.&echo.&echo Killing Process : %%~nxa&Tools\winupgro.exe -kf "%%~nxa" | find.exe /I /V "killing" >> %Rapport% ) Call :Defil 10 for %%A in ( "111111s1ro1s1a" "m_hook" "pci32" "sK9Ou0s" "rosa" "rosa" "srosa" ) do ( sc delete "%%A" >nul 2>nul ) (echo.&echo ################## ^| %proc1% ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0A FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%a:\*.*">nul 2>&1 && ( for %%b in ( "a.bat" "autorun.inf" "infosat.txt" "ntde1ect.com" "nideiect.com" "sdlflzoip" "o.bat" "winfile.exe" ) do ( cls&echo.&echo.&echo.&echo File : %%a:\%%~b if exist "%%a:\%%~b" if not exist "%%A:\%%~B\*.*" ( Call :Fix "%%a:\%%~b" )) for %%b in ( "drivers\111wfs1intwq.sys" "drivers\11s11ro1s1a2.sys" "drivers\downld\*.*" "drivers\downld" "drivers\mdelk.exe" "drivers\srosa.sys" "drivers\srosa2.sys" "drivers\wfsintwq.sys" "drivers\winupgro.exe" "Muestras\*.*" "Muestras" ) do ( cls&echo.&echo.&echo.&echo File : %%a:\%%~b if exist "%%a:\%%~b" ( Call :Fix "%%a:\%%~b" ))) for %%b in ( "%windir%\ban_list.txt" "%windir%\crack" "%windir%\crack\crack.exe" "%windir%\exefld\*.*" "%windir%\exefld" "%windir%\exefnd\*.*" "%windir%\exefnd" "%windir%\exefqd\*.*" "%windir%\exefqd" "%windir%\mdelk.exe" "%windir%\wintems.exe" ) do ( cls&echo.&echo.&echo.&echo File : %%~b if exist "%%~A" ( call :Fix "%%~b" )) for %%b in ( "%windir%\system32\1.exe" "%windir%\system32\a.bat" "%windir%\system32\anti_troj.exe" "%windir%\system32\AutoRun.inf" "%windir%\system32\ba2n_l12.txt" "%windir%\system32\ban_list.txt" "%windir%\system32\edlm.exe" "%windir%\system32\edlm2.exe" "%windir%\system32\flec003.exe" "%windir%\system32\german.exe" "%windir%\system32\hldrrr.exe" "%windir%\system32\ldr64.dll" "%windir%\system32\mdelk.exe" "%windir%\system32\re_file.exe" "%windir%\system32\sloader64.dll" "%windir%\system32\srosa2.sys" "%windir%\system32\trusted.exe" "%windir%\system32\wfsintwq.sys" "%windir%\system32\wintems.exe" "%windir%\system32\winupgro.exe" "%windir%\system32\zzzzzzzzz.exe" "%windir%\SysWOW64\1.exe" "%windir%\SysWOW64\a.bat" "%windir%\SysWOW64\anti_troj.exe" "%windir%\SysWOW64\AutoRun.inf" "%windir%\SysWOW64\ba2n_l12.txt" "%windir%\SysWOW64\ban_list.txt" "%windir%\SysWOW64\edlm.exe" "%windir%\SysWOW64\edlm2.exe" "%windir%\SysWOW64\flec003.exe" "%windir%\SysWOW64\german.exe" "%windir%\SysWOW64\hldrrr.exe" "%windir%\SysWOW64\ldr64.dll" "%windir%\SysWOW64\mdelk.exe" "%windir%\SysWOW64\re_file.exe" "%windir%\SysWOW64\sloader64.dll" "%windir%\SysWOW64\srosa2.sys" "%windir%\SysWOW64\trusted.exe" "%windir%\SysWOW64\wfsintwq.sys" "%windir%\SysWOW64\wintems.exe" "%windir%\SysWOW64\winupgro.exe" "%windir%\SysWOW64\zzzzzzzzz.exe" ) do ( cls&echo.&echo.&echo.&echo File : %%~b if exist "%%~b" ( call :Fix "%%~b" )) for %%b in ( "%windir%\system32\drivers\down\*.*" "%windir%\system32\drivers\down" "%windir%\system32\drivers\downld\*.*" "%windir%\system32\drivers\downld" "%windir%\system32\drivers\hidr.exe" "%windir%\system32\drivers\hldrrr.exe" "%windir%\system32\drivers\m\shared\*.*" "%windir%\system32\drivers\m\shared" "%windir%\system32\drivers\m\*.*" "%windir%\system32\drivers\m" "%windir%\system32\drivers\mdelk.exe" "%windir%\system32\drivers\pci32.sys" "%windir%\system32\drivers\srosa.sys" "%windir%\system32\drivers\srosa2.sys" "%windir%\system32\drivers\wfsintwq.sys" "%windir%\system32\drivers\winfilse.exe" "%windir%\system32\drivers\winupgro.exe" ) do ( cls&echo.&echo.&echo.&echo File : %%~b if exist "%%~b" ( call :Fix "%%~b" )) Call :Defil 20 for %%b in ( "%appdata%\drivers\111wfs1intwq.sys" "%appdata%\drivers\11s11ro1s1a2.sys" "%appdata%\drivers\downld\*.*" "%appdata%\drivers\downld" "%appdata%\drivers\mdelk.exe" "%appdata%\drivers\srosa.sys" "%appdata%\drivers\srosa2.sys" "%appdata%\drivers\wfsintwq.sys" "%appdata%\drivers\winupgro.exe" "%appdata%\drivers" "%appdata%\hidires\downloads.bak" "%appdata%\hidires\downloads.txt" "%appdata%\hidires\config\*.*" "%appdata%\hidires\config" "%appdata%\hidires\file.exe" "%appdata%\hidires\flec003.exe" "%appdata%\hidires\flec005.exe" "%appdata%\hidires\hidr.exe" "%appdata%\hidires\Incoming\*.*" "%appdata%\hidires\Incoming" "%appdata%\hidires\lang\*.*" "%appdata%\hidires\lang" "%appdata%\hidires\m_hook.sys" "%appdata%\hidires\names.txt" "%appdata%\hidires\rosa.sys" "%appdata%\hidires\server.txt" "%appdata%\hidires\skins\*.*" "%appdata%\hidires\skins" "%appdata%\hidires\Temp\*.*" "%appdata%\hidires\Temp" "%appdata%\hidires\WDIR" "%appdata%\hidires\webserver\*.*" "%appdata%\hidires\webserver" "%appdata%\hidires" "%appdata%\hidn\hidn2.exe" "%appdata%\hidn\m_hook.sys" "%appdata%\hidn" "%appdata%\m\data.oct" "%appdata%\m\flec006.exe" "%appdata%\m\list.oct" "%appdata%\m\shared" "%appdata%\m\srvlist.oct" "%appdata%\m" ) do ( cls&echo.&echo.&echo.&echo File : %%~b if exist "%%~b" ( call :Fix "%%~b" )) if exist $users ( for /f "tokens=1* delims=#" %%A in ($users) do ( for %%b in ( "%%~A\%Applik%\111wfs1intwq.sys" "%%~A\%Applik%\11s11ro1s1a2.sys" "%%~A\%Applik%\drivers\downld\*.*" "%%~A\%Applik%\drivers\downld" "%%~A\%Applik%\drivers\mdelk.exe" "%%~A\%Applik%\drivers\srosa.sys" "%%~A\%Applik%\drivers\srosa2.sys" "%%~A\%Applik%\drivers\wfsintwq.sys" "%%~A\%Applik%\drivers\winupgro.exe" "%%~A\%Applik%\drivers" "%%~A\%Applik%\hidires\downloads.bak" "%%~A\%Applik%\hidires\downloads.txt" "%%~A\%Applik%\hidires\config\*.*" "%%~A\%Applik%\hidires\config" "%%~A\%Applik%\hidires\file.exe" "%%~A\%Applik%\hidires\flec003.exe" "%%~A\%Applik%\hidires\flec005.exe" "%%~A\%Applik%\hidires\hidr.exe" "%%~A\%Applik%\hidires\Incoming\*.*" "%%~A\%Applik%\hidires\Incoming" "%%~A\%Applik%\hidires\lang\*.*" "%%~A\%Applik%\hidires\lang" "%%~A\%Applik%\hidires\m_hook.sys" "%%~A\%Applik%\hidires\names.txt" "%%~A\%Applik%\hidires\rosa.sys" "%%~A\%Applik%\hidires\server.txt" "%%~A\%Applik%\hidires\skins\*.*" "%%~A\%Applik%\hidires\skins" "%%~A\%Applik%\hidires\Temp\*.*" "%%~A\%Applik%\hidires\Temp" "%%~A\%Applik%\hidires\WDIR" "%%~A\%Applik%\hidires\webserver\*.*" "%%~A\%Applik%\hidires\webserver" "%%~A\%Applik%\hidn\hidn2.exe" "%%~A\%Applik%\hidn\m_hook.sys" "%%~A\%Applik%\hidn" "%%~A\%Applik%\m\data.oct" "%%~A\%Applik%\m\flec006.exe" "%%~A\%Applik%\m\list.oct" "%%~A\%Applik%\m\shared\*.*" "%%~A\%Applik%\m\shared" "%%~A\%Applik%\m\srvlist.oct" "%%~A\%Applik%\m" ) do ( cls&echo.&echo.&echo.&echo File : %%~b if exist "%%~b" ( call :Fix "%%~b" )))) Call :Defil 30 (echo.&echo ################## ^| Reference Bagle MD5 ... ^|&echo.)>>%Rapport% if exist $RefMd5 ( for /f "tokens=1,2,3 delims=#" %%a in ('type "$RefMd5"') do echo ^[%%~ta^|%%~aa^|%%~za^] %%~a ^( CRC32 : %%b ^| MD5 : %%c ^) >> %Rapport% ) (echo.&echo ################## ^| MD5 ... ^|&echo.)>>%Rapport% cls&mode con: cols=120 lines=12& color 0F echo.&echo.&echo.&Tools\echox -n -c 0A " Path : " echo. echo. echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. echo.&Tools\echox -n -c 0C " File : "&echo .... %wait% for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%a:\*.*">nul 2>&1 && ( for /f "tokens=*" %%b in ('dir /a-d/b/s %%a:\ ^|findstr /IV "winsxs" ^|findstr /IV "driverstore" ^|findstr /I ".exe$ .sys$"') do ( cls echo.&echo.&echo.&Tools\echox -n -c 0A " Path : " Tools\echox -c 0A "%%~dpb" echo. echo. echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. echo.&Tools\echox -n -c 0C " File : " Tools\echox -c 0C "%%~nxb" Call :Md5 "%%~dpb" %%~nxb >nul 2>nul ) for /f "tokens=*" %%b in ('dir /a-d/b/s "%%a:\System Volume Information" ^|findstr /I ".exe$ .sys$"') do ( cls echo.&echo.&echo.&Tools\echox -n -c 0A " Path : " Tools\echox -c 0A "%%~dpb" echo. echo. echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ echo. echo.&Tools\echox -n -c 0C " File : " Tools\echox -c 0C "%%~nxb" Call :Md5 "%%~dpb" %%~nxb >nul 2>nul )) Call :Defil 40 if exist $Tmp ( for /f "tokens=1 delims=#" %%b in ('type "$Tmp"') do ( call :Fix "%%~b" )) ::############################################################################################################################################################################ :: Recherche Trace Bagle title FyK by El Desaparecido ^| Bagle Trace (echo.&echo ################## ^| Bagle Trace ... ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0F for /f "tokens=*" %%b in ('dir /b/a/s "%windir%\prefetch\*.*" ^|findstr /i "^[0-9]*\.exe mdelk hldrrr winfilse wintems nideiect flec00 crack serial install_patch keygen key_gen generator"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b call :Fix "%%~b" ) for /f "tokens=*" %%b in ('dir /b/a/s "%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b call :Fix "%%~b" ) if exist $users ( for /f "tokens=1* delims=#" %%a in ($users) do ( for /f "tokens=*" %%B in ('dir /b/a/s "%%~a\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b call :Fix "%%~b" )))2>NUL for /f "tokens=*" %%b in ('dir /b/a/s "%Cookie%\*.*" ^|findstr /i "crack serial patch keygen key generator"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b call :Fix "%%~b" ) Call :Defil 50 mode con: cols=120 lines=8& color 0F cls&echo.&echo.&echo.&Tools\echox -n -c 0A " %step3% " &echo %wait% cleanmgr /sagerun Call :Defil 60 ::############################################################################################################################################################################ :: Recherche Crack title FyK by El Desaparecido ^| Scan Crack Keygen Serial (echo.&echo ################## ^| Crack .... ^|&echo.)>>%Rapport% cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack .... " &echo %wait% for /f "tokens=*" %%b in ('dir /a-d/b/s "%UserProfile%" ^|findstr /Iv "\drivers \hidires \m\Shared" ^|findstr /I "\.exe$ \.rar$ \.zip$" ^|findstr /I "Crack keymaker keygen serial"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack : " &echo %%~nxb&echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% ) ::############################################################################################################################################################################ :: Scan de la Base de Registre title FyK by El Desaparecido ^| Scan Regedit (echo.&echo ################## ^| %proc3% ^| &echo.)>>%Rapport% for /f "tokens=1* delims=" %%A in ('type "Tools\Llave"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%A Tools\swreg acl "%%A" /ge:f;d /p /q /oa >nul 2>&1 Tools\swreg query "%%A">nul 2>&1&IF NOT ERRORLEVEL 1 ( Tools\swreg delete "%%A" >nul 2>nul echo %Del% [%%A] >> %Rapport% )) for %%b in ( 111111s1ro1s1a m_hook pci32 rosa SK9OU0S srosa ) do ( for /f "tokens=*" %%a in ('Tools\swreg.exe query "HKLM\SYSTEM" ^|find.exe /i "ControlSet"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%a\Services\%%b Tools\swreg.exe acl "%%a\Services\%%b" /ge:f;d /p /q /oa >nul 2>&1 Tools\swreg.exe query "%%a\Services\%%b" >nul &&( Tools\swreg.exe delete "%%a\Services\%%b">nul 2>nul ))) for %%b in ( LEGACY_111111s1ro1s1a LEGACY_m_hook LEGACY_pci32 LEGACY_rosa LEGACY_SK9OU0S LEGACY_srosa ) do ( for /f "tokens=*" %%a in ('Tools\swreg.exe query "HKLM\SYSTEM" ^|find.exe /i "ControlSet"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%a\Enum\Root\%%b Tools\swreg.exe acl "%%a\Enum\Root\%%b" /ge:f;d /p /q /oa >nul 2>&1 Tools\swreg.exe query "%%a\Enum\Root\%%b" >nul &&( Tools\swreg.exe delete "%%a\Enum\Root\%%b">nul 2>nul ))) for %%A in ( "KEY540534" ) do Tools\swreg query "HKCU\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\UI %%~A Tools\swreg delete "HKCU\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&( echo %Del% [HKCU\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport% Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Microsoft\Windows\UI %%~A Tools\swreg delete "HKU\%User%\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&( echo %Del% [HKU\%User%\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport% )))) Call :Defil 70 for %%A in ( "drvsyskit" "eMuleAutoStart" "german.exe" "mule_st_key" "hldrrr" "flec003.exe" ) do Tools\swreg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\CurrentVersion\Run %%~A Tools\swreg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( echo %Del% [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% ) Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run %%~A Tools\swreg delete "HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( echo %Del% [HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% ) Tools\swreg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %%~A Tools\swreg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( echo %Del% [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% ) Tools\swreg query "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run %%~A Tools\swreg delete "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&( echo %Del% [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% ))))) for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software" ^|findstr /I "\<bisoft\> \<CHKPTR\> \<Dat33eTim7\> \<DateTime4\> \<EWZ\> \<FFC\> \<FirstRRRun\> \<FirtR\> \<FirstRuxzx\> \<FR79732423\> \<MuleAppData\> \<XYZ\> \<XEW\>"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\%User%\Software\%%~A Tools\swreg delete "HKU\%User%\Software\%%~A" >nul 2>nul echo %Del% [HKU\%User%\Software\%%~A] >> %Rapport% ) Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 ( for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Local AppWizard-Generated Applications\%%~A Tools\swreg delete "HKCU\Software\Local AppWizard-Generated Applications\%%~A" >nul 2>&1 &&( echo %Del% [HKCU\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% ))) Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 ( for /f "tokens=5 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do ( cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Local AppWizard-Generated Applications\%%~A Tools\swreg delete "HKU\%User%\Software\Local AppWizard-Generated Applications\%%~A" >nul 2>&1 &&( echo %Del% [HKU\%User%\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% ))) Call :Defil 80 cls&echo.&echo.&echo.&Tools\echox -n -c 0A " %step2% " &echo %wait% (echo.&echo ################## ^| %etat% ^|&echo.)>>%Rapport% for %%a in ( RpcSs wuauserv WinDefend MpsSvc wscsvc SharedAccess EapHost Wlansvc Ip6Fw ) do ( sc config "%%a" start= auto >nul 2>nul sc start "%%a" >nul 2>nul ) for %%a in ( Ndisuio ) do ( sc config %%a start= demand >nul 2>nul ) Tools\swreg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio" >nul ||( if "%Pack%"=="V" regedit /S Tools\Vista.reg&echo %Mse% >> %Rapport%&goto Fdc if "%Pack%"=="3" regedit /S Tools\SP3.reg&echo %Mse% >> %Rapport%&goto Fdc if not defined Pack regedit /S Tools\SP2.reg&echo %Mse% >> %Rapport%&goto Fdc ) (echo %MseOK%&echo.)>>%Rapport% :: Fdc Tools\swreg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden" /v Text >nul ||( regedit /S Tools\Fdc.reg&echo %Fdc% >> %Rapport%&goto Uac ) (echo.&echo %FdcOK%&echo.)>> %Rapport% :: Uac if %OSVER%==1 ( regedit /S Tools\Uac.reg for %%A in ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System") do ( for %%B in (EnableLUA) do ( Tools\swreg query "%%~A" /V %%B|FIND "1">NUL 2>&1&IF NOT ERRORLEVEL 1 (echo # Uac : OK >> %Rapport%&echo.>> %Rapport% ) else ( echo # ^(!^) Uac = 0x0 >> %Rapport%&echo.>> %Rapport%))))2>NUL :: Services for /f "tokens=1,2* delims=#" %%a in ( "Ndisuio#NDIS User Mode" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "EapHost#Extensible Authentication Protocol Host" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "WwanSvc#AutoConfig Service WWAN" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "Ip6Fw#IPv6 Windows Firewall Driver" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "MpsSvc#Windows Firewall" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "SharedAccess#Windows Firewall - Internet Connection Sharing" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "windefend#Windows Defender" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "wuauserv#Windows Update" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "wscsvc#Windows Security Center" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport% if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% )) for /f "tokens=1,2* delims=#" %%a in ( "KMService#Software licensing service - Non Genuine Copy of Windows" ) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&( for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do ( if "%%c" NEQ "4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^) >> %Rapport%&echo.>>%Rapport% if "%%c"=="4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^)>> %Rapport%&echo.>>%Rapport% )) Call :Defil 90 (echo.&echo ################## ^| %proc5% ^|&echo.)>>%Rapport% Tools\SniffC.exe if exist Tools\$PEC ( type Tools\$PEC >> %Rapport% ) if not exist Tools\$PEC ( echo ... OK ! >> %Rapport% ) Call :Defil 95 (echo.&echo ################## ^| Upload ^|&echo.)>>%Rapport% Tools\Sniff.exe a "%HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip" "%Rapport%" >nul 2>nul Tools\Sniff.exe a "%HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip" "$RefMd5" >nul 2>nul if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:A ) if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:E ) if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:F ) if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:K ) if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:P ) if exist "%HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip" ( echo %envoi% %HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip : http://eldesaparecido.com/upload.html >> %Rapport% echo %contrib% >> %Rapport% Call :Suivi Tools\echox -n -c 0F " %envoi% " Tools\echox -n -c 0C " %HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip " echo. echo.&echo %contrib% echo. pause Start iexplore.exe http://eldesaparecido.com/upload.html ) (echo.&echo ################## ^| %findurapport% ^|&echo.)>>%Rapport% Call :Defil 100 if exist $* del /F /Q $* if exist Tools\$* del /F /Q Tools\$* if exist err.log del /F /Q err.log mode con: cols=80 lines=16& color 0F&call :Suivi&echo.&echo %ou%&echo.&echo %merci% notepad %Rapport% exit ) ::############################################################################################################################################################################ :Tuto if %idioma%==A ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html ) if %idioma%==E ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html ) if %idioma%==F ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html ) if %idioma%==K ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html ) if %idioma%==P ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html ) exit ::############################################################################################################################################################################ :Desinstal if exist %Rapport% del /F /Q %Rapport% if exist $* del /F /Q $* if exist Tools\$* del /F /Q Tools\$* rd /s/q %HomeDrive%\FindyKill >nul 2>nul exit ::############################################################################################################################################################################ :Donate Start iexplore.exe http://eldesaparecido.com/donate.html exit ::############################################################################################################################################################################ :Suivi cls cls&mode con: cols=80 lines=16& color 0F echo.&echo.&echo. echo. echo ^|\ _,,,--,,_ ,) %fixname% %fixvers% echo /,`.-'`' -, ;-;;' echo __ ^|,4- ) )-,_ ) /\__________________________________________________________ echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ echo.&echo. goto :eof ::############################################################################################################################################################################ :Fix set "tfa=%~1" set "tfa=%tfa:~,1%" if not exist "Quarantine\%tfa%%~p1" md "Quarantine\%tfa%%~p1" >nul 2>&1 attrib -r -s -h -a "%~1" /s /d >nul 2>&1 MOVE /Y "%~1" "Quarantine\%tfa%%~pnx1.vir">nul 2>&1 del /a /f /s /q "%~1">nul 2>&1 rmdir /S /Q "%~1" >nul 2>&1 if not exist "%~1" echo %Del% %~1 >> %Rapport% if exist "%~1" echo ^(!^) %NoDel% %~1 >> %Rapport% set tfa= goto :eof ::############################################################################################################################################################################ :Check_md5 if "%~1"=="" goto :eof if "%2"=="" goto :eof set tfa=%~1 set tfa=%tfa:~0,-1% FOR /f "tokens=1" %%a in ('tools\fsum.exe -s -crc32 -jnc -d"%tfa%" %2') do ( FOR /f "tokens=1" %%g in ('tools\fsum.exe -s -md5 -jnc -d"%tfa%" %2') do ( echo %%a>>Tools\RefMD5.def echo %%g>>Tools\RefMD5.def echo %tfa%\%2#%%a#%%g#>>$RefMd5 )) set tfa= goto :eof ::############################################################################################################################################################################ :Md5 if "%~1"=="" goto :eof if "%~2"=="" goto :eof set tfa=%~1 set tfa=%tfa:~0,-1% FOR /f "tokens=1" %%c in ('tools\fsum.exe -s -crc32 -jnc -d"%tfa%" %~2') do ( FOR /f "tokens=1" %%g in ('tools\fsum.exe -s -md5 -jnc -d"%tfa%" %~2') do find /i "%%g"<Tools\RefMD5.def>nul &&( echo "%tfa%\%~2#%%c#%%g#">>$Tmp )) set tfa= goto :eof ::############################################################################################################################################################################ :SniffZip set Nblignes= set NbFichiers= set match= if exist tmp.txt del /Q /F tmp.txt if exist tmp2.txt del /Q /F tmp2.txt Tools\Sniff.exe l -slt %1 | FIND.EXE /I "=">>tmp2.txt if exist tmp2.txt ( FINDSTR.EXE /i /N "=" tmp2.txt>>tmp.txt del /q /f tmp2.txt ) if not exist tmp.txt goto :eof set Nblignes=0 for /f "delims=" %%a in (tmp.txt) do set /a Nblignes +=1 set /a match=%Nblignes% %% 13 IF %match% NEQ 0 GOTO :EOF set /a NbFichiers=%Nblignes%/13 FOR /L %%A in (1,1,%NbFichiers%) do call :StripZip %%A %1 goto :eof ::############################################################################################################################################################################ :StripZip SETLOCAL ENABLEDELAYEDEXPANSION set /a LinePath=(%1*13)-12 set /a LineSize=(%1*13)-10 set /a LineCRC=(%1*13)-2 set Cat= for /f "tokens=3 delims= " %%B in ('findstr /i "^%LinePath%: ^%LineSize%: ^%LineCRC%:" tmp.txt') do SET "Cat=!Cat!%%B#" echo.%2#%Cat% | find /I ".exe">>ziptest.txt ENDLOCAL set Cat= set LinePath= set LineSize= set LineCRC= goto :eof ::############################################################################################################################################################################ :FindZip for /f "tokens=1,2,3,4 delims=#" %%A in (ziptest.txt) do ( echo.%%B | FIND.EXE /I /V "\" >nul && ( echo.%%A#%%B#%%C#%%D#>>FileArchive.txt ) || ( echo.%%A#%%B#%%C#%%D#>>FileinFolder.txt ) ) ) goto :eof ::############################################################################################################################################################################ :ZipFile for /f "tokens=1,2,3,4 delims=#" %%A in (%1) DO ( if not exist "%%A" GOTO :EOF FIND.EXE /I "%%D"<tools\RefMd5.def >nul &&( if "%2"=="list" ( echo.Bagle ! %%A >>%Rapport% echo.-^> Contain %%B ^|Size : %%C ^|With Bagle CRC32 : %%D >>%Rapport% echo.>>%Rapport% ) if "%2"=="kill" Call :KillZip %%A %%B %%C %%D >nul 2>nul if "%2"=="del" ( DEL /F /Q "%%A" >nul 2>nul if not exist "%%A" ( echo.%del% %%~A>>%Rapport% echo.-^> Contain %%B ^|Size : %%C ^|With Bagle CRC32 : %%D >>%Rapport% echo.>>%Rapport% ) if exist "%%A" ( echo.^(!^) %NoDel% %%~A>>%Rapport% echo.>>%Rapport% ) ) ) || ( Call :CheckZip %%A %%B %%C %%D ) ) goto :eof ::############################################################################################################################################################################ :KillZip Tools\sniff.exe d "%1" "%2" echo "%1" "%2" %ERRORLEVEL% >>err.log IF %ERRORLEVEL%==0 ( echo.Cleaned : %~1 >>%Rapport% echo.-^> %Del% %2 ^|Size : %3 ^|With bagle CRC32 : %4 >>%Rapport% echo.>>%Rapport% ) IF %ERRORLEVEL%==2 ( echo.^(!^) Not Cleaned : %~1 >>%Rapport% echo.-^> Contain : %2 ^|Size : %3 ^|With bagle CRC32 : %4 >>%Rapport% echo.>>%Rapport% ) goto :eof ::############################################################################################################################################################################ :CheckZip IF /I 1024000 LSS %3 (GOTO :EOF) IF /I 512000 GTR %3 (GOTO :EOF) FOR %%Z IN ( "crac" "run" "crack" "install" "key_generator" "install_crack" "install_patch" "keygen" "key_gen" "key_generator" "patch" "serial" ) DO ( IF /I "%%~Z.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\crac.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\setup.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\run.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\crack.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\install.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\key_gen.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\key_generator.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\install_crack.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\install_patch.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\keygen.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\key_generator.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\patch.exe"=="%2" GOTO :SupectZip IF /I "%%~Z\serial.exe"=="%2" GOTO :SupectZip ) goto :eof ::############################################################################################################################################################################ :SupectZip Tools\sniff e -y %1 %2 -o"%~dp0\Ziptest" >nul 2>nul Tools\sniff.exe d "%1" "%2" >nul 2>nul IF %ERRORLEVEL%==2 ( echo.Cleaned : %1 >>%Rapport% echo.-^> %del% %2 ^|Size : %3 ^|CRC32 : %4 >>%Rapport% echo.>>%Rapport% if exist "%~dp0Ziptest" RD /Q /S "%~dp0Ziptest" goto :eof ) IF %ERRORLEVEL%==0 ( FOR /f "tokens=1" %%g in ('tools\fsum -md5 -jnc -d"%~dp0Ziptest" %~nx2 2^>nul') do ( echo.Cleaned : %1 >>%Rapport% echo.-^> %del% %2 ^|Size : %3 ^|CRC32 : %4 ^|MD5 : %%g>>%Rapport% echo.>>%Rapport% if exist "%~dp0Ziptest" RD /Q /S "%~dp0Ziptest" )) goto :eof ::############################################################################################################################################################################ :SniffTrace for /f "tokens=*" %%b in ('type "%1" ^|findstr /I "mmzAg 7HPha ÞNJÈT ty_RKK"') do echo %~1 >>%Rapport% goto :eof ::############################################################################################################################################################################ :Defil SETLOCAL ENABLEDELAYEDEXPANSION set ProgressPercent=%1 set /A NumBars=%ProgressPercent%/2 set /A NumSpaces=50-%NumBars% set Meter= for /l %%A in (%NumBars%,-1,1) do set Meter=!Meter!I for /l %%A in (%NumSpaces%,-1,1) do set Meter=!Meter! title FyK - El Desaparecido ^| Scan progress : [%Meter%] %ProgressPercent%%% ENDLOCAL goto :eof ::############################################################################################################################################################################ :NoSupport title FyK - El Desaparecido ^| Unsupported Version cls cls&mode con: cols=80 lines=16& color 0F echo.&echo.&echo. echo. echo ^|\ _,,,--,,_ ,) FindyKill echo /,`.-'`' -, ;-;;' echo __ ^|,4- ) )-,_ ) /\__________________________________________________________ echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ echo.&echo. echo Unsupported Version. echo. echo Windows XP / Vista / 7 only ..... echo. echo ....... Press any key to exit . pause>nul ::############################################################################################################################################################################ :end exit merci A+

salut tomtom95 Il est vrai que c'est 1 ordi de famille je te remercie de me remorquer.. . voici le lien de adwcleaner..http://cjoint.com/?BEiayovIeGm je prépare la suite A+ mcfive la suite :rapport ZHPFix ; Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011 Fichier d'export Registre : Run by tuyen at 08/05/2012 01:00:46 Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Web site : http://nicolascoolman.skyrock.com/ ========== Logiciel(s) ========== ABSENT Software Key: {497BCFDD-F589-448D-A1C3-78D1B1809CCC} ABSENT Software Key: NCH_EN Toolbar ABSENT Software Key: uTorrent ========== Processus mémoire ========== SUPPRIME Reboot Memory Process: C:\Program Files (x86)\uTorrent\uTorrent.exe SUPPRIME Memory Process: C:\Users\tuyen\Downloads\esetsmartinstaller_enu.exe SUPPRIME Memory Process: C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\KiMERA\pdf2word.exe SUPPRIME Memory Process: C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Video2Webcam v3.3.0.2 Software avec Keygen\Video2Webcam v3.3.0.2 Software + Keygen\Video2WebcamSetup.exe SUPPRIME Memory Process: C:\Users\tuyen\Desktop\IminentSetup_2-KFRPtAWP-1_.exe SUPPRIME Memory Process: C:\Users\tuyen\Desktop\utorrent.exe ========== Clé(s) du Registre ========== ABSENT Key: CLSID BHO: {37483b40-c254-4a72-bda4-22ee90182c1e} ABSENT Key: HKCU\Software\AppDataLow\Software\ConduitSearchScopes SUPPRIME Key: HKCU\Software\AppDataLow\Software\NCH_EN SUPPRIME Key: HKCU\Software\BitTorrent ABSENT Key: HKLM\Software\Boxore ABSENT Key: HKLM\Software\Eset ABSENT Key: HKLM\Software\NCH_EN SUPPRIME CLSID MPSK: {772636bc-3221-11e1-bccc-001c252f66e5} ========== Valeur(s) du Registre ========== ABSENT URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} SUPPRIME RunValue: uTorrent ABSENT RunValue: uTorrent ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (None) : {08FE3A42-3E95-4832-9AA0-27CDE21B990A} SUPPRIME FirewallRaz (None) : {01651649-1256-4E78-A1B9-FEAB137ADC71} ========== Dossier(s) ========== SUPPRIME Folder: C:\Users\tuyen\AppData\Roaming\Mozilla\Firefox\Profiles\a9mzb9d5.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} SUPPRIME Folder: C:\Program Files (x86)\ESET SUPPRIME Folder: C:\Program Files (x86)\searchweb SUPPRIME Folder: C:\Program Files (x86)\uTorrent SUPPRIME Folder: C:\Program Files (x86)\Yontoo SUPPRIME Folder: C:\ProgramData\eMule SUPPRIME Folder: C:\ProgramData\Kaspersky Lab SUPPRIME Folder: C:\ProgramData\McAfee SUPPRIME Folder: C:\Users\tuyen\AppData\Roaming\BitTorrent ABSENT C:\Users\tuyen\AppData\Roaming\Iminent SUPPRIME Folder: C:\Users\tuyen\AppData\Roaming\uTorrent ABSENT C:\Program Files (x86)\ESET SUPPRIME Flash Cookies: 17 SUPPRIME Temporaires Windows: : 95 ========== Fichier(s) ========== ABSENT File: c:\users\tuyen\appdata\roaming\mozilla\firefox\profiles\a9mzb9d5.default\searchplugins\conduit.xml SUPPRIME File: c:\program files (x86)\nch_en\prxtbnch_.dll ABSENT File: c:\program files (x86)\nch_en\prxtbnch_.dll SUPPRIME File: c:\users\tuyen\desktop\alice's biscuit light.lnk SUPPRIME File: c:\users\tuyen\desktop\mcsettings - raccourci.lnk SUPPRIME File: c:\users\tuyen\desktop\» définir la liste par défaut.url ABSENT File: c:\users\tuyen\desktop\» définir la liste par défaut.url SUPPRIME File: c:\users\tuyen\appdata\roaming\microsoft\internet explorer\quick launch\µtorrent.lnk SUPPRIME File: c:\users\tuyen\downloads\esetsmartinstaller_enu.exe SUPPRIME Reboot c:\windows\system32\drivers\64611260.sys SUPPRIME File: C:\TORRENT 411\TORRENTS SAUVEGARDES TERMINES\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent SUPPRIME File***: c:\torrent 411\videos completes\logiciels\quick-pdf.pdf.to.word.converter.v2.0.cracked-kimera\quick-pdf.pdf.to.word.converter.v2.0.cracked-kimera\kimera\pdf2word.exe SUPPRIME File: c:\torrent 411\videos completes\logiciels\video2webcam v3.3.0.2 software avec keygen\video2webcam v3.3.0.2 software + keygen\video2webcamsetup.exe SUPPRIME File: C:\Users\tuyen\Downloads\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent SUPPRIME File: C:\WinRAR_4.01_PRE.CRACKED_BY_team_Black_X.zip SUPPRIME File*: c:\users\tuyen\desktop\iminentsetup_2-kfrptawp-1_.exe SUPPRIME File*: c:\users\tuyen\desktop\utorrent.exe SUPPRIME Flash Cookies: 9 SUPPRIME Temporaires Windows: : 202 ========== Tache planifiée ========== SUPPRIME Task: SmartDefrag SUPPRIME Task: SmartDefrag_Startup SUPPRIME Task: SoftwareUpdateTaskMachineCore SUPPRIME Task: SoftwareUpdateTaskMachineUA SUPPRIME Task: {17100AA8-3231-4C8F-A37F-BD5248E78D60} SUPPRIME Task: {35B49A7B-DB84-42E8-8402-EA2B5D89B973} SUPPRIME Task: {3C65144A-FF8A-4D07-9BDE-FC184A8CB1EF} SUPPRIME Task: {FCF652E0-B060-4C14-ABD9-15787040CE93} ========== Récapitulatif ========== 6 : Processus mémoire 8 : Clé(s) du Registre 7 : Valeur(s) du Registre 14 : Dossier(s) 19 : Fichier(s) 3 : Logiciel(s) 8 : Tache planifiée End of clean in 02mn 11s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 08/05/2012 01:00:46 [5065]

hello à vous Tous Je clique naturellement sur n'importe quel icône : Internet, Word, Audacity, Excel, etc… Aucune réaction. J'éteins le PC et uniquement sur "arrêter" car "redémarrer" : idem, aucune réaction. Après le rallumage, je peux à nouveau cliquer et cela refonctionne… puis + tard cela recommence, aucune réponse à chaque clic… mais le PC répond après quelques secondes. Je reviens de déplacement, et mes gosses ont dû toucher quelque chose… je pense qu' un logiciel quelconque a été effacé ? En tout cas, merci à vous tous pour votre aide si vous le voulez bien. MCFIVE P.S.: Tonton (software) m'a suggéré de faire une démarche ds cette partie de forum car rien n'a marché... Rapport de ZHPDiag.

Bonjour je te remercie MCFIVE

bonjour tonton, MERCI.. j'ai mes gosses qui trafiquent l'ord. et je ne suisn pas souvent présenrt..si encore des virus. par contre, j'ai fait "msconfig" mais je n'ai pas eu Au redémarrage, Windows demander d’accepter le boot( cest quoi le boot?) en « mode sélectif » Mais ca démarre au 1/4 de tour. A+ MCFIVE

Bonjour Tonton, Je ne parviens pas à faire fonctionner le "copier le lien"… Voici le rapport de ZHPDiag. à+ mcfive

Bonsoir Tonton, Me revoici. La situation n'a pas franchement évoluée, j'ai retrouvé les mêmes procédures avec WhoCrashed, et le Crash dumps ne s'est pas produit là aussi (je ne comprends pas trop l'anglais). Je ne sais pas trop quoi penser ? MCFIVE

Bonsoir Tonton, OK ! Là, j'ai bien vu. Je pense que j'ai bien suivi ta procédure et j'ai la même chose que toi, - donc j'ai fait rechercher : *.dmp, mais rien ne se passe ou rien n'est trouvé, - BlueScreenView s'ouvre mais n'affiche rien. Cela provient-il de moi ? à+ MCFIVE

Bonsoir Tonton, effectivement j'ai bien cela. puis j ai téléchargé WhoCrashed de Resplendence et BlueScreenView et j' obtiens comme toi, mais je ne trouve pas où est Démarrer > Rechercher *.dmp pour lancer le programme ? en bref, y a-t-il quelque chose que j'ai pas bien suivi ...? mcfive

Salut Tonton, Merci de m'avoir répondu. J'ai téléchargé les 2 logiciels bluescreenview, mais malheureusement je ne trouve pas le 'démarrer automatiquement' ? Dans "fichier", tout est grisé sauf 'quitter' ? Qu'est-ce que je n'ai pas fait que j'aurai dû ? Merci

Hello Tonton ! J'ai attendu, avant de te recontacter, pour observer si l'amélioration perdurait... et ça ne perdure pas. J'ai essayé de refaire ta manip, mais je retombe sur une fenêtre bleue concernant le 'disk'. Sache que je n'ai pas éteint le PC depuis, et hier tout était encore impeccable. Ce matin, terminé, j'ai ré-éteint le PC pour pouvoir m'en resservir. Voilà les nouvelles. MCFIVE

Bonsoir, Pour l'instant je n'ai plus rien remarqué, je pense que c'est bon Je te remercie sincèrement. Je suis toujours épaté… de cette patience qui vous caractérise. Mine de rien, tu m'as bien rendu service. J'ai mes gosses qui vont rejouer avec le PC, j'ai beau leur dire… Merci à bientôt.

Merci de me reprendre ; voici le rapport : Rapport de ZHPFix 1.12.3381 par Nicolas Coolman, Update du 08/02/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-20-03-2012-14-11-48.txt Run by tuyen at 20/03/2012 14:11:48 Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Logiciel(s) ========== ABSENT Software Key: O42 - Logiciel: Funmoods on IE and Chrome - (.Pas de propriétaire.) [HKLM] – funmoods ABSENT Software Key: {006E6A46-8D55-4F10-BBA8-2C9653B4278B} ========== Clé(s) du Registre ========== ABSENT Key: CLSID BHO: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} ABSENT Key: HKCU\Software\Agence-Exclusive ABSENT Key: HKLM\Software\Agence-Exclusive ABSENT Key: HKLM\Software\Babylon ABSENT Key: HKLM\Software\Funmoods ABSENT CLSID MPSK: {772636bc-3221-11e1-bccc-001c252f66e5} ABSENT CLSID MPSK: {8d166029-6835-11e0-8855-001c252f66e5} ABSENT CLSID MPSK: {eb905481-695a-11e0-80aa-001c252f66e5} ABSENT Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 ABSENT Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24 ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\esrv.EXE ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\PCTutoBHO.DLL ABSENT Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B} ABSENT Key: HKLM\Software\WOW6432Node\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} ABSENT Key: HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} ABSENT Key: HKLM\Software\WOW6432Node\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F} ABSENT Key: HKLM\Software\WOW6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504} ABSENT Key: HKLM\Software\WOW6432Node\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} ABSENT Key: HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0} ABSENT Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} ABSENT Key: HKLM\Software\WOW6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{759F1421-4D31-4c1f-8C51-E4956A037676} ABSENT Key: HKLM\Software\WOW6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3} ABSENT Key: HKLM\Software\WOW6432Node\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077} ABSENT Key: HKLM\Software\WOW6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} ABSENT Key: HKLM\Software\WOW6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} ABSENT Key: HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} ABSENT Key: HKLM\Software\WOW6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F} ABSENT Key: HKLM\Software\WOW6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3} ABSENT Key: HKLM\Software\WOW6432Node\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} ABSENT Key: HKLM\Software\WOW6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9} ABSENT Key: HKLM\Software\WOW6432Node\Agence-Exclusive ========== Valeur(s) du Registre ========== ABSENT RunValue: SmartRAM ABSENT TCPIP: DhcpNameServer ABSENT {28061818-F55E-461F-9911-84EAE68CFDA1} ABSENT {A61781FB-27D9-48CC-AD29-9888FC1915AD} ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Préférences navigateur ========== PRESENT Chrome File: C:\Users\tuyen\AppData\Local\Google\Chrome\User Data\Default\Preferences ABSENT Chrome Site: Funmoods Search ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.bbDpng", 18); SUPPRIME Mozilla Pref: user_pref("extensions.BabylonToolbar.cntry", "NL"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.firstRun", false); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.hdrMd5", "95D064530DF6AF01A0322D37B78E9C17"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.id", "c9e6805f368946b0b797ec579f6a0a1d"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.instlDay", "15156"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.lastActv", "18"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.lastDP", 18); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.newTab", true); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.propectorlck", 70660447); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.ptch_0717", true); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar.sid", "c9e6805f368946b0b797ec579f6a0a1d"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babExt", ""); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108988"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.hardId", "981a234b0000000000000015834c30c2"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.id", "981a234b0000000000000015834c30c2"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.instlDay", "15362"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.newTab", false); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:49:46"); ABSENT Mozilla Pref: user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); ABSENT Mozilla Pref: user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.8,{89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.8,{b9db16a4-6edc-47e[...] ========== Dossier(s) ========== ABSENT C:\ProgramData\Babylon ABSENT C:\Users\tuyen\AppData\Roaming\Babylon ABSENT C:\Users\tuyen\AppData\Local\Babylon ABSENT C:\Users\tuyen\AppData\Local\Software ABSENT C:\Users\tuyen\AppData\Local\{2C29E0A8-FCC9-4B20-85D5-16D8DD68EA2A} ABSENT C:\Users\tuyen\AppData\Local\{3382DB90-9B9C-4AAF-AB71-1EC26244AFF1} ABSENT C:\Users\tuyen\AppData\Local\{37B34395-5BF2-4AC7-845C-45D09BAD12D5} ABSENT C:\Users\tuyen\AppData\Local\{3937357A-771E-4F3C-87BF-C60573889135} ABSENT C:\Users\tuyen\AppData\Local\{4F1EFC0F-D204-4C0C-BEF4-FD089F894592} ABSENT C:\Users\tuyen\AppData\Local\{54840B46-F72C-48F9-8451-0291AE03EF2B} ABSENT C:\Users\tuyen\AppData\Local\{7C03F4A7-9308-441A-9AAB-849F580E0040} ABSENT C:\Users\tuyen\AppData\Local\{7D228C57-F78B-4F45-9614-FDF7743FAC80} ABSENT C:\Users\tuyen\AppData\Local\{AEBD707E-B004-481A-BE93-6A9F0C373AC5} ABSENT C:\Users\tuyen\AppData\Local\{CAA9AB8D-0D7E-4857-8FE0-86632B5D3D38} ABSENT C:\Users\tuyen\AppData\Local\{D5963A14-00C4-44CB-ADCD-CBAC36FB251E} ABSENT C:\Users\tuyen\AppData\Local\{F7C2208A-BEA7-4D96-84DA-3DC04495B0EA} ABSENT C:\Program Files (x86)\Funmoods SUPPRIME Reboot Folder**: C:\Program Files (x86)\searchweb ABSENT C:\Program Files (x86)\Software SUPPRIME Flash Cookies: 8 SUPPRIME Temporaires Windows: : 75 ========== Fichier(s) ========== ABSENT File: c:\users\tuyen\appdata\roaming\mozilla\firefox\profiles\a9mzb9d5.default\searchplugins\funmoods.xml SUPPRIME File: c:\users\tuyen\appdata\roaming\mozilla\firefox\profiles\a9mzb9d5.default\searchplugins\speedbit.xml ABSENT File: c:\program files (x86)\funmoods\funmoods\1.5.11.16\bh\funmoods.dll ABSENT File: c:\torrent 411\videos completes\logiciels\?iobit\tools\suo10_smartram.exe ABSENT File: c:\users\tuyen\desktop\son - raccourci.lnk ABSENT File: c:\users\tuyen\desktop\toolbox - raccourci.lnk ABSENT File: c:\torrent 411\videos completes\logiciels\?iobit\toolbox.exe SUPPRIME Reboot c:\user.js ABSENT Folder/File: c:\users\tuyen\appdata\roaming\adobeflashplayer.exe ABSENT Folder/File: c:\users\tuyen\appdata\roaming\eraseme.bat ABSENT Folder/File: c:\users\tuyen\appdata\roaming\temp7124.exe ABSENT Folder/File: c:\users\tuyen\desktop\desperado_divx_fr_by_sebfunix.exe ABSENT Folder/File: c:\programdata\babylon ABSENT Folder/File: c:\users\tuyen\appdata\roaming\babylon ABSENT Folder/File: c:\users\tuyen\appdata\local\babylon ABSENT Folder/File: c:\users\tuyen\appdata\local\temp\babylontoolbar ABSENT Folder/File: c:\users\tuyen\appdata\roaming\mozilla\firefox\profiles\a9mzb9d5.default\extensions\ffxtlbr@babylon.com SUPPRIME Flash Cookies: 3 SUPPRIME Temporaires Windows: : 99 ========== Tache planifiée ========== SUPPRIME Task: {17100AA8-3231-4C8F-A37F-BD5248E78D60} SUPPRIME Task: {3C65144A-FF8A-4D07-9BDE-FC184A8CB1EF} ABSENT Task: {54A11451-3E60-4756-BB8E-819FB24E49B3} ABSENT Task: {95802866-90CC-4E9F-BB37-D8CDBC4BD14F} ABSENT Task: {E767F85C-885D-41CD-8CCC-AF2D5E3EBAD1} ========== Récapitulatif ========== 38 : Clé(s) du Registre 7 : Valeur(s) du Registre 21 : Dossier(s) 19 : Fichier(s) 2 : Logiciel(s) 32 : Préférences navigateur 5 : Tache planifiée End of clean in 00mn 17s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 19/03/2012 17:48:14 [11043] C:\ZHP\ZHPFix[R2].txt - 20/03/2012 14:11:48 [10239]

VOICI LE RPPORT DE AdwCleane: # AdwCleaner v1.502 - Rapport créé le 19/03/2012 à 23:20:30 # Mis à jour le 17/03/2012 par Xplode # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits) # Nom d'utilisateur : tuyen - TUYEN-PC # Exécuté depuis : C:\Users\tuyen\Downloads\adwcleaner0.exe # Option [suppression] ***** [services] ***** Arrêté & Supprimé : : supdate ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\ProgramData\Babylon Dossier Supprimé : C:\Users\tuyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki Dossier Supprimé : C:\Program Files (x86)\Boxore Dossier Supprimé : C:\Program Files (x86)\Funmoods Dossier Supprimé : C:\Program Files (x86)\Software Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml ***** [H. Navipromo] ***** ***** [Registre] ***** Clé Supprimée : HKCU\Software\Funmoods Clé Supprimée : HKLM\SOFTWARE\Agence-Exclusive Clé Supprimée : HKLM\SOFTWARE\Babylon Clé Supprimée : HKLM\SOFTWARE\Funmoods Clé Supprimée : HKLM\SOFTWARE\Software Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Clé Supprimée : HKLM\SOFTWARE\Classes\f Clé Supprimée : HKLM\SOFTWARE\Classes\funmoods.dskBnd Clé Supprimée : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1 Clé Supprimée : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr Clé Supprimée : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1 Clé Supprimée : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Clé Supprimée : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Clé Supprimée : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8 Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1 Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0 Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\PCTutoBHO.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{759F1421-4D31-4c1f-8C51-E4956A037676} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C9FC4C5A-2C9B-4E41-8DA2-2F379D74CF45} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8 Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8 Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24 Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Clé Supprimée : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8 Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9FC4C5A-2C9B-4E41-8DA2-2F379D74CF45} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C9FC4C5A-2C9B-4E41-8DA2-2F379D74CF45} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1 Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8 Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [boxore Client] ***** [Registre (x64)] ***** Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24 Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v7.0.1 (fr) Profil : a9mzb9d5.default Fichier : C:\Users\tuyen\AppData\Roaming\Mozilla\Firefox\Profiles\a9mzb9d5.default\prefs.js C:\Users\tuyen\AppData\Roaming\Mozilla\Firefox\Profiles\a9mzb9d5.default\user.js ... Supprimé ! Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", 19); Supprimée : user_pref("extensions.BabylonToolbar.lastActv", "19"); Supprimée : user_pref("extensions.BabylonToolbar.lastDP", 19); Supprimée : user_pref("extensions.BabylonToolbar.propectorlck", 70750273); Supprimée : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", ""); Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108988"); Supprimée : user_pref("extensions.BabylonToolbar_i.hardId", "981a234b0000000000000015834c30c2"); Supprimée : user_pref("extensions.BabylonToolbar_i.id", "981a234b0000000000000015834c30c2"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlDay", "15362"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", false); Supprimée : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Supprimée : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Supprimée : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:49:46"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Supprimée : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.8,{89506680-e3f4-484c-a2c0-ed711d481e[...] Supprimée : user_pref("extensions.funmoods_i.aflt", "nv1"); Supprimée : user_pref("extensions.funmoods_i.dfltLng", ""); Supprimée : user_pref("extensions.funmoods_i.dfltSrch", true); Supprimée : user_pref("extensions.funmoods_i.dnsErr", true); Supprimée : user_pref("extensions.funmoods_i.excTlbr", false); Supprimée : user_pref("extensions.funmoods_i.hmpg", true); Supprimée : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1"); Supprimée : user_pref("extensions.funmoods_i.id", "981a234b0000000000000015834c30c2"); Supprimée : user_pref("extensions.funmoods_i.instlDay", "15410"); Supprimée : user_pref("extensions.funmoods_i.instlRef", ""); Supprimée : user_pref("extensions.funmoods_i.newTab", true); Supprimée : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1"); Supprimée : user_pref("extensions.funmoods_i.prdct", "funmoods"); Supprimée : user_pref("extensions.funmoods_i.prtnrId", "funmoods"); Supprimée : user_pref("extensions.funmoods_i.smplGrp", "none"); Supprimée : user_pref("extensions.funmoods_i.srchPrvdr", "Search"); Supprimée : user_pref("extensions.funmoods_i.tlbrId", "base"); Supprimée : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=")[...] Supprimée : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16"); Supprimée : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.169:34:55"); Supprimée : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16"); -\\ Google Chrome v17.0.963.79 Fichier : C:\Users\tuyen\AppData\Local\Google\Chrome\User Data\Default\Preferences Supprimée : "keyword": "funmoods", Supprimée : "search_url": "hxxp://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}", Supprimée : "name": "Funmoods", Supprimée : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml", ************************* AdwCleaner[R1].txt - [17016 octets] - [19/03/2012 23:19:49] AdwCleaner[s1].txt - [14053 octets] - [19/03/2012 23:20:30] ########## EOF - C:\AdwCleaner[s1].txt - [14182 octets] ##########

Tu me dis de rajouter ta citation pour ZHPFIX... je ne comprends pas très bien à quel endroit je dois le rajouter ? Voici le rapport "H" -édit- Voilà typiquement un rapport qu'il est dangereux de coller directement dans un message, au risque de bloquer le sujet (à cause des limites du gestionnaire de forum IPB 3.1), donc de le rendre inaccessible. Il est donc préférable de faire héberger de tels rapports, par exemple chez C'est ce que j'ai fait avec le tien

Bonsoir bernard53, Je te remercie de me répondre. Donc, je viens de le faire et je te joins le rapport... J'espère qu'il ne l'a pas été 2 fois car peut-être 1 erreur de manipulation de ma part : Cliquez ici.

Bonjour, Après quelques efforts infructueux… une petite visite s'impose Des fenêtres de jeu etc. discrètes surgissent. Malwarebytes ne le trouve pas, Avira non plus. J'ai essayé en mode sans échec et c'est pareil. SVP ! Y a-t-il un pilote dans l'avion pour m'aider ? Merci de ton aide. MVK

BONJOUR à Toutes et à Tous, je vais tâcher de faire simple : Je souhaiterai 1 avis éclairé pour me conseiller l' achat d' 1 PC caustaud ( puissant ? ) quel tarif y mettre , qui est " capable " QUI DANS LES PATES D'1 néophite débutant , bref monsieur tout le monde, qui ne rame pas, qui ne bloque pas , qui laisse de la marge pour comprendre et apprendre bref, qui RESISTE aux bêtises manipulatrices le plus longtemps poossible , images , video ,internet ; musique , si je met 1 hub à 6 trous que mon ordi les affichent mes péripheriques .. et que sais- je encore que cela devienne 1 plaisir au lieu d'1 prise de tête chaque fois que l' on clique 1 GRAND MERCI MCFIVE

SALUT, C-discount est site où les problèmes st très sérieux et leurs prix maintenant st concurancés par d'autres sites moins puissants mais valables. nous avons eu affaire facea de de multiples situations J ai reçu des entreprises pour saisi pour des montants de 80 , 55 euro ...car aucun message n a été lu ou répondu leur action se maintenait systématiqumemnt; suite à des erreurs d'origine de leur part..Impossible d'obtenir 1 interlocuteur que des messages automatiques des heures d attentes téléphoniques payants à leur service juridique qui ne répond pas etc.. Les problèmes commencent après le paiement C B puis après la livraison qui est 1 parcours du combattant et et retourner 1 article devient invivable et en paralmlèle les commandements impayés menaces etc tombes, affluent et ils ne répondent pas à vos emails a bon entendeur salut Passez l information à d'autres

voici l'autre rapport qui dois faire suite (j ai pas pigé tt de suite) :======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 09:14:38 le 10/08/2011, Mode normal Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64) tuyen@TUYEN-PC (PACKARD BELL BV IMEDIA X9651) ============== ACTION(S) ============== (!) -- Fichiers temporaires supprimés. ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [5.0 (fr)] **** Searchplugins\bing.xml ( hxxp://www.bing.com/search) Components\browsercomps.dll (Mozilla Foundation) HKCU_Extensions|{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - C:\Program Files (x86)\DAP\DAPFireFox -- C:\Users\tuyen\AppData\Roaming\Mozilla\FireFox\Profiles\a9mzb9d5.default -- Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox) Searchplugins\qrobeit.xml (?) Searchplugins\speedbit.xml (hxxp://search.speedbit.com/searchresults.asp) User.js - browser.search.defaultenginename, SpeedBit Search User.js - browser.search.defaulturl, hxxp://search.speedbit.com/searchresults.asp?src=default&q= User.js - browser.search.selectedEngine, SpeedBit Search User.js - browser.startup.homepage, hxxp://search.speedbit.com User.js - browser.startup.homepage_override_url, hxxp://search.speedbit.com User.js - keyword.URL, hxxp://search.speedbit.com/searchresults.asp?src=default&q= Prefs.js - browser.download.lastDir, C:\\Users\\tuyen\\Downloads Prefs.js - browser.search.defaultenginename, SpeedBit Search Prefs.js - browser.search.defaulturl, hxxp://search.speedbit.com/searchresults.asp?src=default&q= Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://search.speedbit.com Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 Prefs.js - browser.startup.homepage_override_url, hxxp://search.speedbit.com Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=toolbar2&q= ======================================== **** Google Chrome Version [13.0.782.112] **** Extension - dhkplhfnhceodhffomolpfigojocbpcb (x) Extension\ffdcfjdljhbehggjdkdioajnknjcpbjb (C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx) (?) -- C:\Users\tuyen\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: true) (?) Preferences - homepage: hxxp://search.speedbit.com Preferences - homepage_is_newtabpage: false Plugin - "getPlusPlus for Adobe 162100" (Activé: true) ======================================== **** Internet Explorer Version [8.0.7601.17514] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} - "SpeedBit Search" (hxxp://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed6} - C:\Program Files (x86)\DAP\DAP.exe (SpeedBit Ltd.) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{6a0490af-eadc-416c-abda-d6146b8ea0ee} - C:\Program Files (x86)\DAP\DAPupd.exe (Speedbit Ltd.) HKLM_ElevationPolicy\{6A7C9604-8A57-4B28-821B-BDEDF0E04788} - C:\Program Files\Microsoft Office\Office14\winproj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) BHO\{FF6C3CF0-4B15-11D1-ABED-709549C10000} - "Download Accelerator Plus Integration" (C:\PROGRA~2\DAP\DAPIEL~1.DLL) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 16 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 16 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 10/08/2011 09:09:49 (5260 Octet(s)) C:\Ad-Report-CLEAN[2].txt - 10/08/2011 09:14:43 (4715 Octet(s)) C:\Ad-Report-SCAN[1].txt - 10/08/2011 09:01:19 (5143 Octet(s)) Fin à: 09:15:48, 10/08/2011 ============== E.O.F ==============

voici le 2e rapport AD-remover: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 09:14:38 le 10/08/2011, Mode normal Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64) tuyen@TUYEN-PC (PACKARD BELL BV IMEDIA X9651) ============== ACTION(S) ============== (!) -- Fichiers temporaires supprimés. ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [5.0 (fr)] **** Searchplugins\bing.xml ( hxxp://www.bing.com/search) Components\browsercomps.dll (Mozilla Foundation) HKCU_Extensions|{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - C:\Program Files (x86)\DAP\DAPFireFox -- C:\Users\tuyen\AppData\Roaming\Mozilla\FireFox\Profiles\a9mzb9d5.default -- Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox) Searchplugins\qrobeit.xml (?) Searchplugins\speedbit.xml (hxxp://search.speedbit.com/searchresults.asp) User.js - browser.search.defaultenginename, SpeedBit Search User.js - browser.search.defaulturl, hxxp://search.speedbit.com/searchresults.asp?src=default&q= User.js - browser.search.selectedEngine, SpeedBit Search User.js - browser.startup.homepage, hxxp://search.speedbit.com User.js - browser.startup.homepage_override_url, hxxp://search.speedbit.com User.js - keyword.URL, hxxp://search.speedbit.com/searchresults.asp?src=default&q= Prefs.js - browser.download.lastDir, C:\\Users\\tuyen\\Downloads Prefs.js - browser.search.defaultenginename, SpeedBit Search Prefs.js - browser.search.defaulturl, hxxp://search.speedbit.com/searchresults.asp?src=default&q= Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://search.speedbit.com Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 Prefs.js - browser.startup.homepage_override_url, hxxp://search.speedbit.com Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=toolbar2&q= ======================================== **** Google Chrome Version [13.0.782.112] **** Extension - dhkplhfnhceodhffomolpfigojocbpcb (x) Extension\ffdcfjdljhbehggjdkdioajnknjcpbjb (C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx) (?) -- C:\Users\tuyen\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: true) (?) Preferences - homepage: hxxp://search.speedbit.com Preferences - homepage_is_newtabpage: false Plugin - "getPlusPlus for Adobe 162100" (Activé: true) ======================================== **** Internet Explorer Version [8.0.7601.17514] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} - "SpeedBit Search" (hxxp://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed6} - C:\Program Files (x86)\DAP\DAP.exe (SpeedBit Ltd.) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{6a0490af-eadc-416c-abda-d6146b8ea0ee} - C:\Program Files (x86)\DAP\DAPupd.exe (Speedbit Ltd.) HKLM_ElevationPolicy\{6A7C9604-8A57-4B28-821B-BDEDF0E04788} - C:\Program Files\Microsoft Office\Office14\winproj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) BHO\{FF6C3CF0-4B15-11D1-ABED-709549C10000} - "Download Accelerator Plus Integration" (C:\PROGRA~2\DAP\DAPIEL~1.DLL) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 16 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 16 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 10/08/2011 09:09:49 (5260 Octet(s)) C:\Ad-Report-CLEAN[2].txt - 10/08/2011 09:14:43 (4715 Octet(s)) C:\Ad-Report-SCAN[1].txt - 10/08/2011 09:01:19 (5143 Octet(s)) Fin à: 09:15:48, 10/08/2011 ============== E.O.F ==============

BONJOUR? VOICI DONC LE RAPPORT : ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 09:00:34 le 10/08/2011, Mode normal Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64) tuyen@TUYEN-PC (PACKARD BELL BV IMEDIA X9651) ============== RECHERCHE ============== Dossier trouvé: C:\Users\tuyen\AppData\Roaming\Agence-Exclusive Dossier trouvé: C:\Users\tuyen\AppData\Local\Agence-Exclusive Dossier trouvé: C:\Program Files (x86)\Agence-Exclusive Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto Dossier trouvé: C:\Program Files (x86)\PCTuto Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [5.0 (fr)] **** Searchplugins\bing.xml ( hxxp://www.bing.com/search) Components\browsercomps.dll (Mozilla Foundation) HKCU_Extensions|{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - C:\Program Files (x86)\DAP\DAPFireFox -- C:\Users\tuyen\AppData\Roaming\Mozilla\FireFox\Profiles\a9mzb9d5.default -- Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox) Searchplugins\qrobeit.xml (?) Searchplugins\speedbit.xml (hxxp://search.speedbit.com/searchresults.asp) User.js - browser.search.defaultenginename, SpeedBit Search User.js - browser.search.defaulturl, hxxp://search.speedbit.com/searchresults.asp?src=default&q= User.js - browser.search.selectedEngine, SpeedBit Search User.js - browser.startup.homepage, hxxp://search.speedbit.com User.js - browser.startup.homepage_override_url, hxxp://search.speedbit.com User.js - keyword.URL, hxxp://search.speedbit.com/searchresults.asp?src=default&q= Prefs.js - browser.download.lastDir, C:\\Users\\tuyen\\Downloads Prefs.js - browser.search.defaultenginename, SpeedBit Search Prefs.js - browser.search.defaulturl, hxxp://search.speedbit.com/searchresults.asp?src=default&q= Prefs.js - browser.search.selectedEngine, SpeedBit Search Prefs.js - browser.startup.homepage, hxxp://search.speedbit.com Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 Prefs.js - browser.startup.homepage_override_url, hxxp://search.speedbit.com Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=toolbar2&q= ======================================== **** Google Chrome Version [13.0.782.112] **** Extension - dhkplhfnhceodhffomolpfigojocbpcb (x) Extension\ffdcfjdljhbehggjdkdioajnknjcpbjb (C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx) (?) -- C:\Users\tuyen\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: true) (?) Preferences - homepage: hxxp://search.speedbit.com Preferences - homepage_is_newtabpage: false Plugin - "getPlusPlus for Adobe 162100" (Activé: true) ======================================== **** Internet Explorer Version [8.0.7601.17514] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://search.speedbit.com HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} - "SpeedBit Search" (hxxp://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed6} - C:\Program Files (x86)\DAP\DAP.exe (SpeedBit Ltd.) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{6a0490af-eadc-416c-abda-d6146b8ea0ee} - C:\Program Files (x86)\DAP\DAPupd.exe (Speedbit Ltd.) HKLM_ElevationPolicy\{6A7C9604-8A57-4B28-821B-BDEDF0E04788} - C:\Program Files\Microsoft Office\Office14\winproj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) BHO\{FF6C3CF0-4B15-11D1-ABED-709549C10000} - "Download Accelerator Plus Integration" (C:\PROGRA~2\DAP\DAPIEL~1.DLL) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s) C:\Ad-Report-SCAN[1].txt - 10/08/2011 09:01:19 (5005 Octet(s)) Fin à: 09:02:04, 10/08/2011 ============== E.O.F ==============