Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

PC rétif aux clics [sujet bloqué par rapport volumineux]


Messages recommandés

hello à vous Tous :hello:

 

Je clique naturellement sur n'importe quel icône : Internet, Word, Audacity, Excel, etc… Aucune réaction.

J'éteins le PC et uniquement sur "arrêter" car "redémarrer" : idem, aucune réaction. Après le rallumage, je peux à nouveau cliquer et cela refonctionne… puis + tard cela recommence, aucune réponse à chaque clic… mais le PC répond après quelques secondes.

Je reviens de déplacement, et mes gosses ont dû toucher quelque chose… je pense qu' un logiciel quelconque a été effacé ?

 

En tout cas, merci à vous tous pour votre aide si vous le voulez bien. :hola:

MCFIVE

 

P.S.: Tonton (software) m'a suggéré de faire une démarche ds cette partie de forum car rien n'a marché...

Rapport de ZHPDiag.

Modifié par Dylav
Ajout de rétro-liens ;o)
Lien vers le commentaire
Partager sur d’autres sites

Bonjour MCFIVE

 


  • Quelques conseils avant de commencer
    Pendant la désinfection: n'utilise pas d'autre outils ou ne désinstalle pas des programmes
    seulement ceux qui te sont notifier pour éviter tout problème .
    Enregistre :toujours les outils sur ton bureau
    Bien lire les indications: et si tu rencontre des problèmes n'hésiter pas à me le signaler avant d'effectuer une manip.
  • Ne laisse pas ton sujet, Va jusqu'au bout avant d'être informé(e) que tout est OK.
  • Sans réponse dans les 7 jours, le sujet sera supprimé de mes suivis.
     
    IMPORTANT héberger les fichiers contenant les rapports sur http://cjoint.com/
  • Sur la page du site Clique sur parcourir va jusqu'au rapport
  • Puis Clique sur ouvrir ce qui va te ramène sur le site cjoint
  • Ensuite en bas Clique sur Créer le lien Cjoint
  • Une nouvelle fenêtre apparait avec un lien en bleu
  • Surligne le lien pour le Copier et colle le lien sur le Forum pour que je puisse le télécharger et analyser.

 

Présence d'infection ,de programme P2P ,des Crack, KeyGen ,et Ordinateur pas à jour.reste d'antivirus,et outils de désinfection ,tu m'étonne que tu as des problèmes.... :D

Surtout que tu viens de désinfecté le pc avec bernard53 au mois de Mars http://forum.zebulon.fr/resolu-tiens-des-fenetres-intempestives-cachees-t192233.html

 

Bon on commence le ménage de printemp,il faudrais voir pour MODIFIER ta façon de télécharger ,puis de supprimer tes programmes éxotiques comme (DAP, SpeedBit,etc..)

 

 

  • Télécharge Sur cette page AdwCleaner de Xplode et enregistre le fichier sur ton Bureau
  • Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7 lancer le fichier par clique-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal
    clique sur SUPPRESSION et patiente le temps de l'analyse
  • A la fin du scan
    un rapport AdwCleaner.txt s'ouvre. Poste le contenu de ce rapport dans ta prochaine réponse
    Le rapport se trouve sous C:\AdwCleaner.txt

 

 

 

  • Ferme toutes les applications ouvertes
  • Désactive tes défenses (anti-virus et anti-spyware)
  • Double-clique sur ZHPFix Un raccourci installé par ZHPDiag sur le Bureau
     
    Pour Vista et seven
    fais un clique droit sur l'icône et exécute en tant qu'administrateur
    zhpfix.jpg
     
     
    Sélectionne et surligne correctement avec la souris et "Clique droit > "Copier"
    ces lignes ci dessous :
     
    [MD5.10B2E1CDCF3151482590016B10310BA7] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe [394616] [PID.3056]
    M3 - MFPP: Plugins - [tuyen] -- C:\Users\tuyen\AppData\Roaming\Mozilla\Firefox\Profiles\a9mzb9d5.default\searchplugins\conduit.xml
    M2 - MFEP: prefs.js [tuyen - a9mzb9d5.default\{37483b40-c254-4a72-bda4-22ee90182c1e}] [] NCH EN Community Toolbar v3.12.2.3 (.Conduit Ltd..)
    R3 - URLSearchHook: NCH EN Toolbar [64Bits] - {37483b40-c254-4a72-bda4-22ee90182c1e} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
    O2 - BHO: NCH EN [64Bits] - {37483b40-c254-4a72-bda4-22ee90182c1e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
    O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    O4 - HKUS\S-1-5-21-759255424-4122927654-3783367683-1000\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    O4 - Global Startup: C:\Users\tuyen\Desktop\Alice's Biscuit Light.lnk . (.Kayenko.) -- C:\Program Files (x86)\Alice's Biscuit Light\Alice_light.exe
    O4 - Global Startup: C:\Users\tuyen\Desktop\MCSettings - Raccourci.lnk . (...) -- C:\Program Files (x86)\ma-config.com\x64\MCSettings.exe (.not file.)
    O4 - Global Startup: C:\Users\tuyen\Desktop\» Définir la liste par défaut.url . (...) -- C:\Users\tuyen\Desktop\» Définir la liste par défaut.url
    O4 - Global Startup: C:\Users\tuyen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    [MD5.00000000000000000000000000000000] [APT] [smartDefrag] (...) -- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [smartDefrag_Startup] (...) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineCore] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineUA] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{17100AA8-3231-4C8F-A37F-BD5248E78D60}] (...) -- C:\Users\tuyen\Downloads\SONY PC 100E\d-link.dsc350_winxp_driver_121201\DualUnis.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{35B49A7B-DB84-42E8-8402-EA2B5D89B973}] (...) -- C:\LOGICIELS UTILES\IOBIT\Keygen.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{3C65144A-FF8A-4D07-9BDE-FC184A8CB1EF}] (...) -- J:\AUDACITY\audacity-win-1.2.6.exe (.not file.)
    [MD5.AA1FFCCE383A227144FD62A019CD27CE] [APT] [{FCF652E0-B060-4C14-ABD9-15787040CE93}] (.ESET.) -- C:\Users\tuyen\Downloads\esetsmartinstaller_enu.exe
    O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {497BCFDD-F589-448D-A1C3-78D1B1809CCC}
    O42 - Logiciel: NCH EN Toolbar - (.NCH EN.) [HKLM] -- NCH_EN Toolbar
    O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] -- uTorrent
    [HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
    [HKCU\Software\AppDataLow\Software\NCH_EN]
    [HKCU\Software\BitTorrent]
    [HKLM\Software\Boxore]
    [HKLM\Software\Eset]
    [HKLM\Software\NCH_EN]
    O43 - CFD: 29/06/2011 - 00:37:01 - [-1727,244] ----D C:\Program Files (x86)\ESET
    O43 - CFD: 16/02/2012 - 04:31:25 - [3,651] ----D C:\Program Files (x86)\searchweb
    O43 - CFD: 29/02/2012 - 00:34:03 - [0,376] ----D C:\Program Files (x86)\uTorrent
    O43 - CFD: 04/04/2012 - 00:10:03 - [0,186] ----D C:\Program Files (x86)\Yontoo
    O43 - CFD: 14/02/2012 - 10:36:13 - [0] ----D C:\ProgramData\eMule
    O43 - CFD: 06/11/2011 - 16:53:58 - [0] ----D C:\ProgramData\Kaspersky Lab
    O43 - CFD: 21/04/2011 - 21:34:52 - [0] ----D C:\ProgramData\McAfee
    O43 - CFD: 29/02/2012 - 10:27:17 - [0,417] ----D C:\Users\tuyen\AppData\Roaming\BitTorrent
    O43 - CFD: 05/04/2012 - 00:35:06 - [0,725] ----D C:\Users\tuyen\AppData\Roaming\Iminent
    O43 - CFD: 04/05/2012 - 08:49:38 - [254,152] ----D C:\Users\tuyen\AppData\Roaming\uTorrent
    O43 - CFD: 29/06/2011 - 00:37:01 - [-1727,244] ----D C:\Program Files (x86)\ESET
    O51 - MPSK:{772636bc-3221-11e1-bccc-001c252f66e5}\AutoRun\command. (...) -- F:\Magic Copy.exe (.not file.)
    O58 - SDL:[MD5.E656FE10D6D27794AFA08136685A69E8] - 08/07/2011 - 00:16:34 ---A- . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- C:\Windows\System32\Drivers\64611260.sys [460888]
    C:\TORRENT 411\TORRENTS SAUVEGARDES TERMINES\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent
    C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\KiMERA\pdf2word.exe
    C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Video2Webcam v3.3.0.2 Software avec Keygen\Video2Webcam v3.3.0.2 Software + Keygen\Video2WebcamSetup.exe
    C:\Users\tuyen\Downloads\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent
    C:\WinRAR_4.01_PRE.CRACKED_BY_team_Black_X.zip
    C:\TORRENT 411\TORRENTS SAUVEGARDES TERMINES\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent
    C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\KiMERA\pdf2word.exe
    C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Video2Webcam v3.3.0.2 Software avec Keygen\Video2Webcam v3.3.0.2 Software + Keygen\Video2WebcamSetup.exe
    C:\Users\tuyen\Downloads\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent
    C:\WinRAR_4.01_PRE.CRACKED_BY_team_Black_X.zip
    [MD5.5A45A7E3E12BE51844B741945FB8E85E] [sPRF][04/04/2012] (.Iminent - IMinent bootstrapper.) -- C:\Users\tuyen\Desktop\IminentSetup_2-KFRPtAWP-1_.exe [825312]
    [MD5.07B96DBE4770D3B0B1A50D6C5FF15FC3] [sPRF][28/02/2012] (.BitTorrent, Inc. - µTorrent.) -- C:\Users\tuyen\Desktop\utorrent.exe [736120]
     
     
    FirewallRAZ
    EmptyFlash
    EmptyTemp
  • Clique successivement sur l'icône icone-H.jpg puis sur l'icône de la "malette cachée par la feuille" malette-cachee.jpg .
     
  • Vérifie que toutes les lignes que je t'ai demandé de copier sont dans la fenêtre.
  • Et seulement ces lignes ;)
  • Puis clique sur le bouton [OK]
  • A ce moment apparaîtra au début de chaque ligne
    une petite case vide. [ ]
  • Ensuite clique sur Tous puis sur Nettoyer
  • Valide par Oui la désinstallation des programmes si demandé
  • Laisse l'outil travailler. Si un redémarrage est demandé accepte et redémarre le PC
  • Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
     
    Le rapport ZHPFixReport.txt est enregistré sur le bureau

Lien vers le commentaire
Partager sur d’autres sites

salut tomtom95

 

Il est vrai que c'est 1 ordi de famille

je te remercie de me remorquer.. :jap: .

 

voici le lien de adwcleaner..http://cjoint.com/?BEiayovIeGm

je prépare la suite

 

A+

mcfive

 

la suite :rapport ZHPFix ;

 

 

Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011

Fichier d'export Registre :

Run by tuyen at 08/05/2012 01:00:46

Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Logiciel(s) ==========

ABSENT Software Key: {497BCFDD-F589-448D-A1C3-78D1B1809CCC}

ABSENT Software Key: NCH_EN Toolbar

ABSENT Software Key: uTorrent

 

========== Processus mémoire ==========

SUPPRIME Reboot Memory Process: C:\Program Files (x86)\uTorrent\uTorrent.exe

SUPPRIME Memory Process: C:\Users\tuyen\Downloads\esetsmartinstaller_enu.exe

SUPPRIME Memory Process: C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA\KiMERA\pdf2word.exe

SUPPRIME Memory Process: C:\TORRENT 411\VIDEOS COMPLETES\LOGICIELS\Video2Webcam v3.3.0.2 Software avec Keygen\Video2Webcam v3.3.0.2 Software + Keygen\Video2WebcamSetup.exe

SUPPRIME Memory Process: C:\Users\tuyen\Desktop\IminentSetup_2-KFRPtAWP-1_.exe

SUPPRIME Memory Process: C:\Users\tuyen\Desktop\utorrent.exe

 

========== Clé(s) du Registre ==========

ABSENT Key: CLSID BHO: {37483b40-c254-4a72-bda4-22ee90182c1e}

ABSENT Key: HKCU\Software\AppDataLow\Software\ConduitSearchScopes

SUPPRIME Key: HKCU\Software\AppDataLow\Software\NCH_EN

SUPPRIME Key: HKCU\Software\BitTorrent

ABSENT Key: HKLM\Software\Boxore

ABSENT Key: HKLM\Software\Eset

ABSENT Key: HKLM\Software\NCH_EN

SUPPRIME CLSID MPSK: {772636bc-3221-11e1-bccc-001c252f66e5}

 

========== Valeur(s) du Registre ==========

ABSENT URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e}

SUPPRIME RunValue: uTorrent

ABSENT RunValue: uTorrent

ABSENT Valeur Standard Profile: FirewallRaz :

ABSENT Valeur Domain Profile: FirewallRaz :

SUPPRIME FirewallRaz (None) : {08FE3A42-3E95-4832-9AA0-27CDE21B990A}

SUPPRIME FirewallRaz (None) : {01651649-1256-4E78-A1B9-FEAB137ADC71}

 

========== Dossier(s) ==========

SUPPRIME Folder: C:\Users\tuyen\AppData\Roaming\Mozilla\Firefox\Profiles\a9mzb9d5.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}

SUPPRIME Folder: C:\Program Files (x86)\ESET

SUPPRIME Folder: C:\Program Files (x86)\searchweb

SUPPRIME Folder: C:\Program Files (x86)\uTorrent

SUPPRIME Folder: C:\Program Files (x86)\Yontoo

SUPPRIME Folder: C:\ProgramData\eMule

SUPPRIME Folder: C:\ProgramData\Kaspersky Lab

SUPPRIME Folder: C:\ProgramData\McAfee

SUPPRIME Folder: C:\Users\tuyen\AppData\Roaming\BitTorrent

ABSENT C:\Users\tuyen\AppData\Roaming\Iminent

SUPPRIME Folder: C:\Users\tuyen\AppData\Roaming\uTorrent

ABSENT C:\Program Files (x86)\ESET

SUPPRIME Flash Cookies: 17

SUPPRIME Temporaires Windows: : 95

 

========== Fichier(s) ==========

ABSENT File: c:\users\tuyen\appdata\roaming\mozilla\firefox\profiles\a9mzb9d5.default\searchplugins\conduit.xml

SUPPRIME File: c:\program files (x86)\nch_en\prxtbnch_.dll

ABSENT File: c:\program files (x86)\nch_en\prxtbnch_.dll

SUPPRIME File: c:\users\tuyen\desktop\alice's biscuit light.lnk

SUPPRIME File: c:\users\tuyen\desktop\mcsettings - raccourci.lnk

SUPPRIME File: c:\users\tuyen\desktop\» définir la liste par défaut.url

ABSENT File: c:\users\tuyen\desktop\» définir la liste par défaut.url

SUPPRIME File: c:\users\tuyen\appdata\roaming\microsoft\internet explorer\quick launch\µtorrent.lnk

SUPPRIME File: c:\users\tuyen\downloads\esetsmartinstaller_enu.exe

SUPPRIME Reboot c:\windows\system32\drivers\64611260.sys

SUPPRIME File: C:\TORRENT 411\TORRENTS SAUVEGARDES TERMINES\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent

SUPPRIME File***: c:\torrent 411\videos completes\logiciels\quick-pdf.pdf.to.word.converter.v2.0.cracked-kimera\quick-pdf.pdf.to.word.converter.v2.0.cracked-kimera\kimera\pdf2word.exe

SUPPRIME File: c:\torrent 411\videos completes\logiciels\video2webcam v3.3.0.2 software avec keygen\video2webcam v3.3.0.2 software + keygen\video2webcamsetup.exe

SUPPRIME File: C:\Users\tuyen\Downloads\Quick-PDF.PDF.To.Word.Converter.v2.0.Cracked-KiMERA.rar.torrent

SUPPRIME File: C:\WinRAR_4.01_PRE.CRACKED_BY_team_Black_X.zip

SUPPRIME File*: c:\users\tuyen\desktop\iminentsetup_2-kfrptawp-1_.exe

SUPPRIME File*: c:\users\tuyen\desktop\utorrent.exe

SUPPRIME Flash Cookies: 9

SUPPRIME Temporaires Windows: : 202

 

========== Tache planifiée ==========

SUPPRIME Task: SmartDefrag

SUPPRIME Task: SmartDefrag_Startup

SUPPRIME Task: SoftwareUpdateTaskMachineCore

SUPPRIME Task: SoftwareUpdateTaskMachineUA

SUPPRIME Task: {17100AA8-3231-4C8F-A37F-BD5248E78D60}

SUPPRIME Task: {35B49A7B-DB84-42E8-8402-EA2B5D89B973}

SUPPRIME Task: {3C65144A-FF8A-4D07-9BDE-FC184A8CB1EF}

SUPPRIME Task: {FCF652E0-B060-4C14-ABD9-15787040CE93}

 

 

========== Récapitulatif ==========

6 : Processus mémoire

8 : Clé(s) du Registre

7 : Valeur(s) du Registre

14 : Dossier(s)

19 : Fichier(s)

3 : Logiciel(s)

8 : Tache planifiée

 

 

End of clean in 02mn 11s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 08/05/2012 01:00:46 [5065]

Modifié par MCFIVE
Lien vers le commentaire
Partager sur d’autres sites

RE

 

Télécharge FindyKill (créé par El Desaparecido) sur ton Bureau.

 

  • Branche tes disques amovibles à ton PC (clefs USB,disque dur externe,etc...) sans les ouvrir.
  • Laisse toi guider pour l'installer.
  • Double clique sur "FindyKill." pour lancer l'outil .(clique droit -> lancer en tant qu'adminstrateur sous Vista et W7)
  • Choisis La langue:F pour Français
  • Choisis l'option 1 (Recherche ) valide par "Entrer"..
  • Puis laisses travailler l'outil ...
  • Une fois terminé postes le rapport FindyKill.txt qui est généré ...

Note : le rapport est sauvegardé à la racine du disque :C:\FindyKill.txt)

 

A+

Lien vers le commentaire
Partager sur d’autres sites

bonjour TOMTOM95,

désolé pour ce délai de réponse..

 

(Ce type de fichier exécutable n'est plus accueilli par CJoint.)

 

 

@echo off

 

mode con: cols=90 lines=26&color F0

 

title FyK by El Desaparecido

 

VER|FIND /i "5.1.2600">nul && set OSVER=0 && goto go

VER|FIND /i "6.0.600">nul && set OSVER=1 && goto go

VER|FIND /i "6.1.7">nul && set OSVER=1 && goto go

 

goto NoSupport

 

:go

 

cd /d "%~dp0"

 

echo.&echo.

Tools\echox -n -c F0 " @@@@@@@@ @@@ @@@ @@@ @@@@@@@ @@@ @@@"

Tools\echox -c FC " @@@ @@@ @@@ @@@ @@@~r"

Tools\echox -n -c F0 " @@@@@@@@ @@@ @@@@ @@@ @@@@@@@@ @@@ @@@"

Tools\echox -c FC " @@@ @@@ @@@ @@@ @@@~r"

Tools\echox -n -c F0 " @@! @@! @@[email protected][email protected]@@ @@! @@@ @@! [email protected]@"

Tools\echox -c FC " @@! [email protected]@ @@! @@! @@!~r"

Tools\echox -n -c F0 " [email protected]! [email protected]! [email protected][email protected][email protected]! [email protected]! @[email protected] [email protected]! @!!"

Tools\echox -c FC " [email protected]! @!! [email protected]! [email protected]! [email protected]!~r"

Tools\echox -n -c F0 " @!!!:! [email protected] @[email protected] [email protected]! @[email protected] [email protected]! [email protected][email protected]!"

Tools\echox -c FC " @[email protected]@[email protected]! [email protected] @!! @!!~r"

Tools\echox -n -c F0 " !!!!!: !!! [email protected]! !!! [email protected]! !!! @!!!"

Tools\echox -c FC " [email protected]!!! !!! !!! !!!~r"

 

Tools\echox -n -c F0 " !!: !!: !!: !!! !!: !!! !!::"

Tools\echox -c FC " !!: :!! !!: !!: !!:~r"

Tools\echox -n -c F0 " :!: :!: :!: !:! :!: !:! :!:"

Tools\echox -c FC " :!: !:! :!: :!: :!:~r"

Tools\echox -n -c F0 " :: :: :: :: :::: :: ::"

Tools\echox -c FC " :: ::: :: :: :::: :: ::::~r"

Tools\echox -n -c F0 " : : :: : :: : : :"

Tools\echox -c FC " : ::: : : :: : : : :: : :~r"

echo.&echo.&echo.

Tools\echox -c F8 -w 90 -e "_______________________________________________________"

echo.

Tools\echox -c F0 -w 90 -e "FindyKill - Eradicate Bagle Worm by El Desaparecido"

Tools\echox -c F8 -w 90 -e "_______________________________________________________"

ping localhost -n 3 > nul

 

:: Remerciements à mOe, à C_XX et à l équipe de comment ça marche.net

:: Traduction anglaise par C_XX

:: Traduction portugaise par Jorghino67

:: Traduction créole par Master Flex

:: Traduction espagnol par El Desaparecido

 

set Rapport=%HomeDrive%\FyK.txt

set fixname=FindyKill

set fixvers=V5.056

 

if exist %Rapport% del /F /Q %Rapport%

if exist $* del /F /Q $*

if exist *.txt del /F /Q *.txt

if exist Tools\$* del /F /Q Tools\$*

if exist err.log del /F /Q err.log

 

for /f "tokens=*" %%A in ('dir /a/b "%HomeDrive%\"^|Tools\GREP -iw "\(Users\|Documents and settings\)"') do (

for /f "tokens=*" %%B in ('dir /a-h/b "%HomeDrive%\%%A"^|Tools\GREP -iv "\(%USERNAME%\|Default\|Public\|All Users\)"') do (

echo %HomeDrive%\%%A\%%B# >>$Users

)) 2>nul

 

 

if %OSVER%==0 ( set Cookie=%USERPROFILE%\Cookies

Tools\swreg.exe query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion|find.exe /i "Service Pack 3">NUL && set Pack=3

set Cache=HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

echo %AppData%>>$AppData

for /f "tokens=4* delims=\" %%a in ( $AppData ) do set "Applik=%%a"

)

if %OSVER%==1 ( set Cookie=%AppData%\Microsoft\Windows\Cookies

set Applik=AppData\Roaming

set Pack=V

set Cache=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MUICache

)

 

 

(for /f "tokens=5 delims=\" %%a in ('Tools\swreg.exe query "HKCU\Software\Microsoft\Protected Storage System Provider"') do (set User=%%a))>nul 2>nul

 

FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%A:\*.*">nul 2>&1 && (

 

Tools\swxcacls "%%A:\System Volume Information" /OA /Q >NUL 2>&1

Tools\swxcacls "%%A:\System Volume Information" /P /GE:F /Q >NUL 2>&1

)

 

 

::############################################################################################################################################################################

 

:: Recuperation MD5

 

for %%b in (

"%HOMEDRIVE%\Qoobox"

"%HOMEDRIVE%\_OTMoveIt"

"%HOMEDRIVE%\Muestras"

"%HOMEDRIVE%\Avenger"

) do if exist "%%~b" (

for /f "tokens=*" %%c in ('dir /a-d /b /s "%%~b" ^| findstr.exe /i "hldrrr winfilse winupgro" ^|find /i /v ".zip"') do (

Call :Check_md5 "%%~dpc" %%~nxc >nul 2>nul

))

 

for %%a in (

"%windir%\mdelk.exe"

"%windir%\wintems.exe"

"%windir%\system32\1.exe"

"%windir%\system32\anti_troj.exe"

"%windir%\system32\edlm.exe"

"%windir%\system32\edlm2.exe"

"%windir%\system32\flec003.exe"

"%windir%\system32\german.exe"

"%windir%\system32\hldrrr.exe"

"%windir%\system32\mdelk.exe"

"%windir%\system32\re_file.exe"

"%windir%\system32\srosa2.sys"

"%windir%\system32\trusted.exe"

"%windir%\system32\wfsintwq.sys"

"%windir%\system32\wintems.exe"

"%windir%\system32\winupgro.exe"

"%windir%\system32\zzzzzzzzz.exe"

"%windir%\SysWOW64\1.exe"

"%windir%\SysWOW64\anti_troj.exe"

"%windir%\SysWOW64\edlm.exe"

"%windir%\SysWOW64\edlm2.exe"

"%windir%\SysWOW64\flec003.exe"

"%windir%\SysWOW64\german.exe"

"%windir%\SysWOW64\hldrrr.exe"

"%windir%\SysWOW64\mdelk.exe"

"%windir%\SysWOW64\re_file.exe"

"%windir%\SysWOW64\srosa2.sys"

"%windir%\SysWOW64\trusted.exe"

"%windir%\SysWOW64\wfsintwq.sys"

"%windir%\SysWOW64\wintems.exe"

"%windir%\SysWOW64\winupgro.exe"

"%windir%\SysWOW64\zzzzzzzzz.exe"

"%windir%\system32\drivers\hidr.exe"

"%windir%\system32\drivers\hldrrr.exe"

"%windir%\system32\drivers\mdelk.exe"

"%windir%\system32\drivers\pci32.sys"

"%windir%\system32\drivers\srosa.sys"

"%windir%\system32\drivers\srosa2.sys"

"%windir%\system32\drivers\wfsintwq.sys"

"%windir%\system32\drivers\winfilse.exe"

"%windir%\system32\drivers\winupgro.exe"

"%appdata%\drivers\111wfs1intwq.sys"

"%appdata%\drivers\11s11ro1s1a2.sys"

"%appdata%\drivers\mdelk.exe"

"%appdata%\drivers\srosa.sys"

"%appdata%\drivers\srosa2.sys"

"%appdata%\drivers\wfsintwq.sys"

"%appdata%\drivers\winupgro.exe"

"%appdata%\hidires\file.exe"

"%appdata%\hidires\flec003.exe"

"%appdata%\hidires\flec005.exe"

"%appdata%\hidires\hidr.exe"

"%appdata%\hidires\m_hook.sys"

"%appdata%\hidires\rosa.sys"

"%appdata%\hidn\hidn2.exe"

"%appdata%\hidn\m_hook.sys"

"%appdata%\m\flec006.exe"

) do if exist "%%~a" Call :Check_md5 "%%~dpa" %%~nxa >nul 2>nul

 

if [%1]==[/2ndpassEN] set idioma=A&Call Tools\Langue.cmd&&goto Clean

if [%1]==[/2ndpassES] set idioma=E&Call Tools\Langue.cmd&&goto Clean

if [%1]==[/2ndpassFR] set idioma=F&Call Tools\Langue.cmd&&goto Clean

if [%1]==[/2ndpassPR] set idioma=P&Call Tools\Langue.cmd&&goto Clean

if [%1]==[/2ndpassKR] set idioma=K&Call Tools\Langue.cmd&&goto Clean

 

 

::############################################################################################################################################################################

 

:Menu

 

 

mode con: cols=80 lines=20& color 0F

 

title FyK by El Desaparecido ^| Langage

 

cls

echo.&echo.&echo.

echo.

echo ^|\ _,,,--,,_ ,)

echo /,`.-'`' -, ;-;;'

echo __ ^|,4- ) )-,_ ) /\__________________________________________________________

echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

echo.&echo.

Tools\echox -n -c 0C " F | Francais "

Tools\echox -n -c 0A " E | English "

Tools\echox -n -c 0F " P | Portugues "

echo.

echo.

Tools\echox -n -c 0F " C | Castellano "

Tools\echox -n -c 0A " K | Kreyol "

Tools\echox -n -c 0C " Q | Quit "

echo.

echo.

echo. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

) else (

set ChoixMenu=''

set /p ChoixMenu=%sChoice% ( C , E , K , F , P , Q ) -^> ^>

if '%ChoixMenu%'=='q' goto exit

if '%ChoixMenu%'=='Q' goto exit

if '%ChoixMenu%'=='f' set idioma=F&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='F' set idioma=F&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='e' set idioma=A&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='E' set idioma=A&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='p' set idioma=P&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='P' set idioma=P&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='c' set idioma=E&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='C' set idioma=E&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='k' set idioma=K&call Tools\Langue.cmd& goto MenuBis

if '%ChoixMenu%'=='K' set idioma=K&call Tools\Langue.cmd& goto MenuBis

goto Menu

 

 

:MenuBis

 

title FyK by El Desaparecido ^| Menu

 

mode con: cols=80 lines=24& color 0F

 

cls

echo.&echo.&echo.

echo.

echo ^|\ _,,,--,,_ ,) %translate%

echo /,`.-'`' -, ;-;;'

echo __ ^|,4- ) )-,_ ) /\__________________________________________________________

echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

echo.&echo.&echo.

Tools\echox -n -c 0A " %menu1% "

Tools\echox -n -c 0F " %menu4% "

echo.

echo.

Tools\echox -n -c 0C " %menu2% "

Tools\echox -n -c 0A " %menu5% "

echo.

echo.

Tools\echox -n -c 0F " %menu3% "

Tools\echox -n -c 0C " %menu6% "

echo.&echo.

echo. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

) else (

set ChoixMenu=''

set /p ChoixMenu=%sChoice% ( 1, 2, 3, 4 ,5 ,Q ) : ^>

if '%ChoixMenu%'=='q' goto exit

if '%ChoixMenu%'=='Q' goto exit

if '%ChoixMenu%'=='1' goto Sniff

if '%ChoixMenu%'=='2' goto Kill

if '%ChoixMenu%'=='3' goto Tuto

if '%ChoixMenu%'=='4' goto Desinstal

if '%ChoixMenu%'=='5' goto Donate

goto MenuBis

 

 

::############################################################################################################################################################################

 

:: Debut de scan

 

:Sniff

 

title FyK by El Desaparecido ^| Scan

 

if not exist Tools (

cls

echo %noexist1%

echo %noexist2%

echo %exit%

pause>nul

exit )

 

mode con: cols=80 lines=16& color 0F&call :suivi&echo %step%&echo.&echo %wait%

 

if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:A )

if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:E )

if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:F )

if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:K )

if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:P )

 

(echo.&echo ############################## ^| %fixname% %fixvers% ^|&echo.)>>%Rapport%

 

CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Act:Header

 

type "$header" >> %Rapport%

 

Call :Defil 10

 

mode con: cols=100 lines=8& color 0C

 

 

::############################################################################################################################################################################

 

:: Arret des processus + neutralisation du rootkit

 

 

echo. >> %Rapport%&echo ################## ^| %proc2% ^| >> %Rapport%&echo.>> %Rapport%

 

for /f "tokens=*" %%a in ('Tools\winupgro.exe -o"%%f" ^|findstr /I "file\.exe nideiect\.com hldrrr\.exe winfilse\.exe drivers\\mdelk\.exe system32\\mDELk\.exe wintems\.exe flec003\.exe flec005\.exe flec006\.exe drivers\\downld\\ drivers\\down drivers\\winupgro\.exe system32\\winupgro\.exe"') do echo %%a>>$Filetokill

 

if exist $Filetokill (

mode con: cols=100 lines=8& color 0C

for /f "tokens=*" %%a in ($Filetokill) do cls&echo.&echo.&echo.&echo Killing process : %%~nxa&Tools\winupgro.exe -kf "%%~nxa" | find.exe /I /V "killing"&echo ^[%%~ta^|%%~aa^|%%~za^] %%~a -^> %Killed%! >> %Rapport% )2>nul

 

for %%a in (

"%HomeDrive%\drivers\111wfs1intwq.sys"

"%HomeDrive%\drivers\11s11ro1s1a2.sys"

"%HomeDrive%\drivers\srosa.sys"

"%HomeDrive%\drivers\srosa2.sys"

"%HomeDrive%\drivers\wfsintwq.sys"

"%windir%\system32\srosa2.sys"

"%windir%\system32\wfsintwq.sys"

"%windir%\SysWOW64\srosa2.sys"

"%windir%\SysWOW64\wfsintwq.sys"

"%windir%\system32\drivers\srosa.sys"

"%windir%\system32\drivers\srosa2.sys"

"%windir%\system32\drivers\wfsintwq.sys"

"%appdata%\drivers\111wfs1intwq.sys"

"%appdata%\drivers\11s11ro1s1a2.sys"

"%appdata%\drivers\srosa.sys"

"%appdata%\drivers\srosa2.sys"

"%appdata%\drivers\wfsintwq.sys"

) do (

if exist "%%~a" cls&echo.&echo.&echo.&echo Killing Rootkit : %%~nxa&type nul>"%%a"&echo ^[%%~ta^|%%~aa^|%%~za^] %%~a -^> %Neutralized%! >> %Rapport% )

 

Call :Defil 20

 

(echo.&echo ################## ^| %proc1% ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0F

 

for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%a:\*.*">nul 2>&1 && (

 

for %%b in (

"a.bat"

"autorun.inf"

"mfkeoh.exe"

"infosat.txt"

"nideiect.com"

"ntde1ect.com"

"o.bat"

"winfile.exe"

"x.mpeg"

) do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%a:\%%~b

if exist "%%a:\%%~b" if not exist "%%a:\%%~b\*.*" (

for /f "tokens=* delims=" %%c IN ('dir /b/a/s "%%a:\%%~b"') do (

echo ^[%%~tc^|%%~ac^|%%~zc^] %%~c >>%Rapport% )))

 

for %%b in (

"drivers\111wfs1intwq.sys"

"drivers\11s11ro1s1a2.sys"

"drivers\winupgro.exe"

"drivers\mdelk.exe"

"drivers\srosa.sys"

"drivers\srosa2.sys"

"drivers\wfsintwq.sys"

"drivers\downld"

"Muestras"

"Muestras\*.*"

) do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%a:\%%~b

if exist "%%a:\%%~b" (

for /f "tokens=* delims=" %%c IN ('dir /b/a/s "%%a:\%%~b"') do (

echo ^[%%~tc^|%%~ac^|%%~zc^] %%~c >>%Rapport% ))))

 

for %%a in (

"%windir%\ban_list.txt"

"%windir%\crack"

"%windir%\crack\crack.exe"

"%windir%\exefld"

"%windir%\exefld\*.*"

"%windir%\exefnd"

"%windir%\exefnd\*.*"

"%windir%\exefqd"

"%windir%\exefqd\*.*"

"%windir%\mdelk.exe"

"%windir%\wintems.exe"

) do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a

if exist "%%~a" (

echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% ))

 

Call :Defil 30

 

for %%a in (

"%windir%\system32\1.exe"

"%windir%\system32\a.bat"

"%windir%\system32\anti_troj.exe"

"%windir%\system32\AutoRun.inf"

"%windir%\system32\ba2n_l12.txt"

"%windir%\system32\ban_list.txt"

"%windir%\system32\edlm.exe"

"%windir%\system32\edlm2.exe"

"%windir%\system32\flec003.exe"

"%windir%\system32\german.exe"

"%windir%\system32\hldrrr.exe"

"%windir%\system32\ldr64.dll"

"%windir%\system32\mdelk.exe"

"%windir%\system32\re_file.exe"

"%windir%\system32\sloader64.dll"

"%windir%\system32\srosa2.sys"

"%windir%\system32\trusted.exe"

"%windir%\system32\wfsintwq.sys"

"%windir%\system32\wintems.exe"

"%windir%\system32\winupgro.exe"

"%windir%\system32\zzzzzzzzz.exe"

"%windir%\SysWOW64\1.exe"

"%windir%\SysWOW64\a.bat"

"%windir%\SysWOW64\anti_troj.exe"

"%windir%\SysWOW64\AutoRun.inf"

"%windir%\SysWOW64\ba2n_l12.txt"

"%windir%\SysWOW64\ban_list.txt"

"%windir%\SysWOW64\edlm.exe"

"%windir%\SysWOW64\edlm2.exe"

"%windir%\SysWOW64\flec003.exe"

"%windir%\SysWOW64\german.exe"

"%windir%\SysWOW64\hldrrr.exe"

"%windir%\SysWOW64\ldr64.dll"

"%windir%\SysWOW64\mdelk.exe"

"%windir%\SysWOW64\re_file.exe"

"%windir%\SysWOW64\sloader64.dll"

"%windir%\SysWOW64\srosa2.sys"

"%windir%\SysWOW64\trusted.exe"

"%windir%\SysWOW64\wfsintwq.sys"

"%windir%\SysWOW64\wintems.exe"

"%windir%\SysWOW64\winupgro.exe"

"%windir%\SysWOW64\zzzzzzzzz.exe"

) do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a

if exist "%%~a" (

echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% ))

 

for %%a in (

"%windir%\system32\drivers\down"

"%windir%\system32\drivers\downld"

"%windir%\system32\drivers\hidr.exe"

"%windir%\system32\drivers\hldrrr.exe"

"%windir%\system32\drivers\m"

"%windir%\system32\drivers\m\data.oct"

"%windir%\system32\drivers\m\flec006.exe"

"%windir%\system32\drivers\m\list.oct"

"%windir%\system32\drivers\m\srvlist.oct"

"%windir%\system32\drivers\m\shared"

"%windir%\system32\drivers\m\shared\*.*"

"%windir%\system32\drivers\mdelk.exe"

"%windir%\system32\drivers\pci32.sys"

"%windir%\system32\drivers\srosa.sys"

"%windir%\system32\drivers\srosa2.sys"

"%windir%\system32\drivers\wfsintwq.sys"

"%windir%\system32\drivers\winfilse.exe"

"%windir%\system32\drivers\winupgro.exe"

) do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a

if exist "%%~a" (

echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% ))

 

Call :Defil 40

 

for %%a in (

"%appdata%\drivers"

"%appdata%\drivers\111wfs1intwq.sys"

"%appdata%\drivers\11s11ro1s1a2.sys"

"%appdata%\drivers\downld"

"%appdata%\drivers\downld\*.*"

"%appdata%\drivers\mdelk.exe"

"%appdata%\drivers\srosa.sys"

"%appdata%\drivers\srosa2.sys"

"%appdata%\drivers\wfsintwq.sys"

"%appdata%\drivers\winupgro.exe"

"%appdata%\hidires"

"%appdata%\hidires\config"

"%appdata%\hidires\config\*.*"

"%appdata%\hidires\downloads.bak"

"%appdata%\hidires\downloads.txt"

"%appdata%\hidires\file.exe"

"%appdata%\hidires\flec003.exe"

"%appdata%\hidires\flec005.exe"

"%appdata%\hidires\hidr.exe"

"%appdata%\hidires\Incoming"

"%appdata%\hidires\Incoming\*.*"

"%appdata%\hidires\lang"

"%appdata%\hidires\lang\*.*"

"%appdata%\hidires\m_hook.sys"

"%appdata%\hidires\names.txt"

"%appdata%\hidires\rosa.sys"

"%appdata%\hidires\server.txt"

"%appdata%\hidires\skins"

"%appdata%\hidires\skins\*.*"

"%appdata%\hidires\Temp"

"%appdata%\hidires\Temp\*.*"

"%appdata%\hidires\WDIR"

"%appdata%\hidires\WDIR\*.*"

"%appdata%\hidires\webserver"

"%appdata%\hidires\webserver\*.*"

"%appdata%\hidn"

"%appdata%\hidn\hidn2.exe"

"%appdata%\hidn\m_hook.sys"

"%appdata%\m"

"%appdata%\m\data.oct"

"%appdata%\m\flec006.exe"

"%appdata%\m\list.oct"

"%appdata%\m\srvlist.oct"

"%appdata%\m\shared"

"%appdata%\m\shared\*.*"

) do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~a

if exist "%%~a" (

echo ^[%%~ta^|%%~aa^|%%~za^] %%~a >>%Rapport% ))

 

if exist $users (

for /f "tokens=1* delims=#" %%A in ($users) do (

for %%B in (

"%%~A\%Applik%\111wfs1intwq.sys"

"%%~A\%Applik%\11s11ro1s1a2.sys"

"%%~A\%Applik%\drivers\downld"

"%%~A\%Applik%\drivers\mdelk.exe"

"%%~A\%Applik%\drivers\srosa.sys"

"%%~A\%Applik%\drivers\srosa2.sys"

"%%~A\%Applik%\drivers\wfsintwq.sys"

"%%~A\%Applik%\drivers\winupgro.exe"

"%%~A\%Applik%\drivers"

"%%~A\%Applik%\hidires\downloads.bak"

"%%~A\%Applik%\hidires\downloads.txt"

"%%~A\%Applik%\hidires\config\*.*"

"%%~A\%Applik%\hidires\config"

"%%~A\%Applik%\hidires\file.exe"

"%%~A\%Applik%\hidires\flec003.exe"

"%%~A\%Applik%\hidires\flec005.exe"

"%%~A\%Applik%\hidires\hidr.exe"

"%%~A\%Applik%\hidires\Incoming\*.*"

"%%~A\%Applik%\hidires\Incoming"

"%%~A\%Applik%\hidires\lang\*.*"

"%%~A\%Applik%\hidires\lang"

"%%~A\%Applik%\hidires\m_hook.sys"

"%%~A\%Applik%\hidires\names.txt"

"%%~A\%Applik%\hidires\rosa.sys"

"%%~A\%Applik%\hidires\server.txt"

"%%~A\%Applik%\hidires\skins\*.*"

"%%~A\%Applik%\hidires\skins"

"%%~A\%Applik%\hidires\Temp\*.*"

"%%~A\%Applik%\hidires\Temp"

"%%~A\%Applik%\hidires\WDIR"

"%%~A\%Applik%\hidires\webserver\*.*"

"%%~A\%Applik%\hidires\webserver"

"%%~A\%Applik%\hidn\hidn2.exe"

"%%~A\%Applik%\hidn\m_hook.sys"

"%%~A\%Applik%\hidn"

"%%~A\%Applik%\m\data.oct"

"%%~A\%Applik%\m\flec006.exe"

"%%~A\%Applik%\m\list.oct"

"%%~A\%Applik%\m\shared"

"%%~A\%Applik%\m\srvlist.oct"

"%%~A\%Applik%\m"

) do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~B

if exist "%%~B" ( echo ^[%%~tB^|%%~aB^|%%~zB^] %%~B >>%Rapport% ))))

 

Call :Defil 50

 

 

::############################################################################################################################################################################

 

:: Recherche MD5

 

title FyK by El Desaparecido ^| Scan MD5

 

 

(echo.&echo ################## ^| Reference Bagle MD5 ... ^|&echo.)>>%Rapport%

 

if exist $RefMd5 ( for /f "tokens=1,2,3 delims=#" %%a in ('type "$RefMd5"') do echo ^[%%~ta^|%%~aa^|%%~za^] %%~a ^( CRC32 : %%b ^| MD5 : %%c ^) >> %Rapport% )

 

 

(echo.&echo ################## ^| MD5 ... ^|&echo.)>>%Rapport%

 

cls&mode con: cols=120 lines=12& color 0F

echo.&echo.&echo.&Tools\echox -n -c 0A " Path : "

echo.

echo.

echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

echo.&Tools\echox -n -c 0C " File : "&echo .... %wait%

 

 

for /f "tokens=*" %%b in ('dir /a-d/b/s "%UserProfile%" "%ProgramFiles%" ^|findstr /Iv "\drivers \hidires \m" ^|findstr /I "\.exe$"') do (

 

cls

echo.&echo.&echo.&Tools\echox -n -c 0A " Path : "

Tools\echox -c 0A "%%~dpb"

echo.

echo.

echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

echo.&Tools\echox -n -c 0C " File : "

Tools\echox -c 0C "%%~nxb"

Call :Md5 "%%~dpb" %%~nxb >nul 2>nul )

 

for /f "tokens=*" %%b in ('dir /a-d/b/s "%HomeDrive%\System Volume Information" ^|findstr /I "\.exe$ \.sys$"') do (

 

cls

echo.&echo.&echo.&Tools\echox -n -c 0A " Path : "

Tools\echox -c 0A "%%~dpb"

echo.

echo.

echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

echo.&Tools\echox -n -c 0C " File : "

Tools\echox -c 0C "%%~nxb"

Call :Md5 "%%~dpb" %%~nxb >nul 2>nul )

 

if exist $Tmp ( for /f "tokens=1,2,3 delims=#" %%a in ('type "$Tmp"') do echo ^[%%~ta^|%%~aa^|%%~za^] %%~a ^( CRC32 : %%b ^| MD5 : %%c ^) >> %Rapport% )

 

Call :Defil 55

 

 

::############################################################################################################################################################################

 

:: Recherche Trace Bagle

 

 

title FyK by El Desaparecido ^| Bagle Trace

 

(echo.&echo ################## ^| Bagle Trace ... ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0F

 

for /f "tokens=*" %%b in ('dir /b/a/s "%windir%\prefetch\*.*" ^|findstr /i "^[0-9]*\.exe mdelk hldrrr winfilse wintems nideiect flec00 crack serial install_patch keygen key_gen generator"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >>%Rapport% )

 

for /f "tokens=*" %%b in ('dir /b/a/s "%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% )

 

if exist $users (

for /f "tokens=1* delims=#" %%a in ($users) do (

for /f "tokens=*" %%B in ('dir /b/a/s "%%~a\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% )))2>NUL

 

for /f "tokens=*" %%b in ('dir /b/a/s "%Cookie%\*.*" ^|findstr /i "crack serial patch keygen keymaker generator"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% )

 

 

::############################################################################################################################################################################

 

:: Recherche Crack

 

 

title FyK by El Desaparecido ^| Scan Crack Keygen Serial

 

(echo.&echo ################## ^| Crack .... ^|&echo.)>>%Rapport%

 

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack .... " &echo %wait%

 

for /f "tokens=*" %%b in ('dir /a-d/b/s "%UserProfile%" ^|findstr /Iv "\drivers \hidires \m\Shared" ^|findstr /I "\.exe$ \.rar$ \.zip$" ^|findstr /I "Crack keymaker keygen serial"') do (

 

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack : " &echo %%~nxb&echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% )

 

 

::############################################################################################################################################################################

 

:: Scan de la Base de Registre

 

 

title FyK by El Desaparecido ^| Scan Regedit

 

Call :Defil 60

 

(echo.&echo ################## ^| %proc3% ^|&echo.)>> %Rapport%

 

for /f "tokens=1* delims=" %%A in ('type "Tools\Llave"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%A

Tools\swreg query "%%A">nul 2>&1&IF NOT ERRORLEVEL 1 ( echo [%%A] >> %Rapport% ))

 

for %%A in (

"KEY540534"

) do Tools\swreg query "HKCU\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\UI %%~A

echo [HKCU\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport%

Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Microsoft\Windows\UI %%~A

echo [HKU\%User%\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport% ))

 

Call :Defil 70

 

for %%A in (

"drvsyskit"

"eMuleAutoStart"

"german.exe"

"mule_st_key"

"hldrrr"

"flec003.exe"

) do Tools\swreg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\CurrentVersion\Run %%~A

echo [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport%

Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\CurrentVersion\Run %%~A

echo [HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport%

Tools\swreg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %%~A

echo [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport%

Tools\swreg query "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run %%~A

echo [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% ))))

 

for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software" ^|findstr /I "\<bisoft\> \<CHKPTR\> \<Dat33eTim7\> \<DateTime4\> \<EWZ\> \<FFC\> \<FirstRRRun\> \<FirtR\> \<FirstRuxzx\> \<FR79732423\> \<MuleAppData\> \<XYZ\> \<XEW\>"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\%User%\Software\%%~A

echo [HKU\%User%\Software\%%~A] >> %Rapport% )

 

Call :Defil 80

 

Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 (

for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Local AppWizard-Generated Applications\%%~A

echo [HKCU\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% ))

 

Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 (

for /f "tokens=5 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Local AppWizard-Generated Applications\%%~A

echo [HKU\%User%\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% ))

 

Call :Defil 90

 

 

::############################################################################################################################################################################

 

:: Etat de la machine

 

 

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " %step1% " &echo %wait%

 

(echo.&echo ################## ^| %etat% ^|&echo.)>>%Rapport%

 

Tools\swreg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden" >nul ||(

echo %missKey% : HKLM\...\Explorer\Advanced\Folder\Hidden ^| %FdcNotOk% >> %Rapport%

echo.>> %Rapport%

goto Mse )

 

(echo %FdcOK%&echo.)>> %Rapport%

 

:: Mse

 

Tools\swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" >nul ||(

echo %missKey% : HKLM\...\SafeBoot ^| %MseNotOK% >> %Rapport%

echo.>> %Rapport%

goto Services )

 

tools\swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" >nul ||(

echo %missKey% : HKLM\SYSTEM\...\SafeBoot\Minimal ^| %MseNotOK% >> %Rapport%

echo.>> %Rapport%

goto Services )

 

tools\swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" >nul ||(

echo %missKey% : HKLM\SYSTEM\...\SafeBoot\Network ^| %MseNotOK% >> %Rapport%

echo.>> %Rapport%

goto Services )

 

(echo %MseOK%&echo.)>> %Rapport%

 

if %OSVER%==1 (

for %%A in ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System") do (

for %%B in (EnableLUA) do (

Tools\swreg query "%%~A" /V %%B|find "1">nul 2>&1&IF NOT ERRORLEVEL 1 ( echo # Uac : OK ^( Good = 0x1 ^| Bad = 0x0 ^) >> %Rapport%&echo.>> %Rapport% ) else ( echo # ^(!^) Uac = 0x0 ^( Good = 0x1 ^| Bad = 0x0 ^) >> %Rapport%&echo.>> %Rapport% ))))2>NUL

 

:: Services

 

for /f "tokens=1,2* delims=#" %%a in (

"Ndisuio#NDIS User Mode"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"EapHost#Extensible Authentication Protocol Host"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"WwanSvc#AutoConfig Service WWAN"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"Ip6Fw#IPv6 Windows Firewall Driver"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"MpsSvc#Windows Firewall"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"SharedAccess#Windows Firewall - Internet Connection Sharing"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"windefend#Windows Defender"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"wuauserv#Windows Update"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"wscsvc#Windows Security Center"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"KMService#Software licensing service - Non Genuine Copy of Windows"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c" NEQ "4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c"=="4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^)>> %Rapport%&echo.>>%Rapport% ))

 

Call :Defil 100

 

title FyK by El Desaparecido ^| Scan OK

 

(echo.&echo ################## ^| %findurapport% ^|&echo.)>>%Rapport%

 

if exist $* del /F /Q $*

if exist *.txt del /F /Q *.txt

if exist Tools\$* del /F /Q Tools\$*

if exist err.log del /F /Q err.log

 

call :suivi&echo %ou%&echo.&echo %merci%&notepad %Rapport%&exit

 

 

::############################################################################################################################################################################

 

:: Arret des processus et neutralisation du rootkit + Reboot

 

 

:Kill

 

title FyK by El Desaparecido ^| Killing Processes ^& Rootkit

 

if exist $* del /F /Q $*

if exist Tools\$* del /F /Q Tools\$*

if exist #* del /F /Q #*

 

mode con: cols=100 lines=8& color 0C

 

if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:A )

if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:E )

if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:F )

if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:K )

if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Usb:P )

 

if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:A )

if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:E )

if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:F )

if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:K )

if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Avert:P )

 

Tools\swreg query "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v ReEXEc>nul 2>&1 &&(

Tools\swreg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v ReEXEc >nul )

 

if %idioma%==A ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassEN">nul 2>nul )

if %idioma%==E ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassES">nul 2>nul )

if %idioma%==F ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassFR">nul 2>nul )

if %idioma%==K ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassKR">nul 2>nul )

if %idioma%==P ( Tools\swreg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "FindyKill" /d "%~dp0FyK.cmd /2ndpassPR">nul 2>nul )

 

FOR /f "tokens=*" %%a in ('Tools\winupgro.exe -o"%%f" ^| findstr /I "file\.exe nideiect\.com hldrrr\.exe winfilse\.exe drivers\\mdelk\.exe system32\\mDELk\.exe wintems\.exe flec003\.exe flec005\.exe flec006\.exe drivers\\downld\\ drivers\\down drivers\\winupgro\.exe system32\\winupgro\.exe"') do (

cls&echo.&echo.&echo.&echo Killing Process : %%~nxa

Tools\winupgro.exe -kf "%%~nxa">nul 2>nul )

 

for %%A in (

"%HomeDrive%\drivers\111wfs1intwq.sys"

"%HomeDrive%\drivers\11s11ro1s1a2.sys"

"%HomeDrive%\drivers\srosa.sys"

"%HomeDrive%\drivers\srosa2.sys"

"%HomeDrive%\drivers\wfsintwq.sys"

"%windir%\system32\srosa2.sys"

"%windir%\system32\wfsintwq.sys"

"%windir%\SysWOW64\srosa2.sys"

"%windir%\SysWOW64\wfsintwq.sys"

"%windir%\system32\drivers\srosa.sys"

"%windir%\system32\drivers\srosa2.sys"

"%windir%\system32\drivers\wfsintwq.sys"

"%appdata%\drivers\111wfs1intwq.sys"

"%appdata%\drivers\11s11ro1s1a2.sys"

"%appdata%\drivers\srosa.sys"

"%appdata%\drivers\srosa2.sys"

"%appdata%\drivers\wfsintwq.sys"

) do (

if exist "%%~A" cls&echo.&echo.&echo.&echo Rootkit : %%~A&type nul>"%%A" )

 

shutdown.exe -r -t 5

 

exit

 

 

::############################################################################################################################################################################

 

:: Supression de l infection

 

 

:Clean

 

title FyK by El Desaparecido ^| Cleaning

 

mode con: cols=80 lines=16& color 0F

 

call :suivi&echo %step%&echo.&echo %wait%

 

(echo.&echo ############################## ^| %fixname% %fixvers% ^|&echo.)>>%Rapport%

 

CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Act:Header

 

type "$header" >> %Rapport%

 

for /f "tokens=*" %%a in ('Tools\winupgro.exe -o"%%f" ^| findstr /I "nideiect\.com hldrrr\.exe winfilse\.exe drivers\\mdelk\.exe system32\\mDELk\.exe wintems\.exe flec003\.exe flec005\.exe flec006\.exe drivers\\downld\\ drivers\\down drivers\\winupgro\.exe system32\\winupgro\.exe"') do echo %%a>>$Filetokill

 

if exist $Filetokill (

mode con: cols=100 lines=8& color 0C

echo. >> %Rapport%&echo ############################## ^| %proc2% ^| >> %Rapport%&echo.>> %Rapport%

for /f "tokens=*" %%a in ($Filetokill) do cls&echo.&echo.&echo.&echo Killing Process : %%~nxa&Tools\winupgro.exe -kf "%%~nxa" | find.exe /I /V "killing" >> %Rapport% )

 

Call :Defil 10

 

for %%A in (

"111111s1ro1s1a"

"m_hook"

"pci32"

"sK9Ou0s"

"rosa"

"rosa"

"srosa"

) do ( sc delete "%%A" >nul 2>nul )

 

(echo.&echo ################## ^| %proc1% ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0A

 

FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%a:\*.*">nul 2>&1 && (

 

for %%b in (

"a.bat"

"autorun.inf"

"infosat.txt"

"ntde1ect.com"

"nideiect.com"

"sdlflzoip"

"o.bat"

"winfile.exe"

) do ( cls&echo.&echo.&echo.&echo File : %%a:\%%~b

if exist "%%a:\%%~b" if not exist "%%A:\%%~B\*.*" (

Call :Fix "%%a:\%%~b" ))

 

for %%b in (

"drivers\111wfs1intwq.sys"

"drivers\11s11ro1s1a2.sys"

"drivers\downld\*.*"

"drivers\downld"

"drivers\mdelk.exe"

"drivers\srosa.sys"

"drivers\srosa2.sys"

"drivers\wfsintwq.sys"

"drivers\winupgro.exe"

"Muestras\*.*"

"Muestras"

) do ( cls&echo.&echo.&echo.&echo File : %%a:\%%~b

if exist "%%a:\%%~b" ( Call :Fix "%%a:\%%~b" )))

 

for %%b in (

"%windir%\ban_list.txt"

"%windir%\crack"

"%windir%\crack\crack.exe"

"%windir%\exefld\*.*"

"%windir%\exefld"

"%windir%\exefnd\*.*"

"%windir%\exefnd"

"%windir%\exefqd\*.*"

"%windir%\exefqd"

"%windir%\mdelk.exe"

"%windir%\wintems.exe"

) do ( cls&echo.&echo.&echo.&echo File : %%~b

if exist "%%~A" ( call :Fix "%%~b" ))

 

for %%b in (

"%windir%\system32\1.exe"

"%windir%\system32\a.bat"

"%windir%\system32\anti_troj.exe"

"%windir%\system32\AutoRun.inf"

"%windir%\system32\ba2n_l12.txt"

"%windir%\system32\ban_list.txt"

"%windir%\system32\edlm.exe"

"%windir%\system32\edlm2.exe"

"%windir%\system32\flec003.exe"

"%windir%\system32\german.exe"

"%windir%\system32\hldrrr.exe"

"%windir%\system32\ldr64.dll"

"%windir%\system32\mdelk.exe"

"%windir%\system32\re_file.exe"

"%windir%\system32\sloader64.dll"

"%windir%\system32\srosa2.sys"

"%windir%\system32\trusted.exe"

"%windir%\system32\wfsintwq.sys"

"%windir%\system32\wintems.exe"

"%windir%\system32\winupgro.exe"

"%windir%\system32\zzzzzzzzz.exe"

"%windir%\SysWOW64\1.exe"

"%windir%\SysWOW64\a.bat"

"%windir%\SysWOW64\anti_troj.exe"

"%windir%\SysWOW64\AutoRun.inf"

"%windir%\SysWOW64\ba2n_l12.txt"

"%windir%\SysWOW64\ban_list.txt"

"%windir%\SysWOW64\edlm.exe"

"%windir%\SysWOW64\edlm2.exe"

"%windir%\SysWOW64\flec003.exe"

"%windir%\SysWOW64\german.exe"

"%windir%\SysWOW64\hldrrr.exe"

"%windir%\SysWOW64\ldr64.dll"

"%windir%\SysWOW64\mdelk.exe"

"%windir%\SysWOW64\re_file.exe"

"%windir%\SysWOW64\sloader64.dll"

"%windir%\SysWOW64\srosa2.sys"

"%windir%\SysWOW64\trusted.exe"

"%windir%\SysWOW64\wfsintwq.sys"

"%windir%\SysWOW64\wintems.exe"

"%windir%\SysWOW64\winupgro.exe"

"%windir%\SysWOW64\zzzzzzzzz.exe"

) do ( cls&echo.&echo.&echo.&echo File : %%~b

if exist "%%~b" ( call :Fix "%%~b" ))

 

for %%b in (

"%windir%\system32\drivers\down\*.*"

"%windir%\system32\drivers\down"

"%windir%\system32\drivers\downld\*.*"

"%windir%\system32\drivers\downld"

"%windir%\system32\drivers\hidr.exe"

"%windir%\system32\drivers\hldrrr.exe"

"%windir%\system32\drivers\m\shared\*.*"

"%windir%\system32\drivers\m\shared"

"%windir%\system32\drivers\m\*.*"

"%windir%\system32\drivers\m"

"%windir%\system32\drivers\mdelk.exe"

"%windir%\system32\drivers\pci32.sys"

"%windir%\system32\drivers\srosa.sys"

"%windir%\system32\drivers\srosa2.sys"

"%windir%\system32\drivers\wfsintwq.sys"

"%windir%\system32\drivers\winfilse.exe"

"%windir%\system32\drivers\winupgro.exe"

) do ( cls&echo.&echo.&echo.&echo File : %%~b

if exist "%%~b" ( call :Fix "%%~b" ))

 

Call :Defil 20

 

for %%b in (

"%appdata%\drivers\111wfs1intwq.sys"

"%appdata%\drivers\11s11ro1s1a2.sys"

"%appdata%\drivers\downld\*.*"

"%appdata%\drivers\downld"

"%appdata%\drivers\mdelk.exe"

"%appdata%\drivers\srosa.sys"

"%appdata%\drivers\srosa2.sys"

"%appdata%\drivers\wfsintwq.sys"

"%appdata%\drivers\winupgro.exe"

"%appdata%\drivers"

"%appdata%\hidires\downloads.bak"

"%appdata%\hidires\downloads.txt"

"%appdata%\hidires\config\*.*"

"%appdata%\hidires\config"

"%appdata%\hidires\file.exe"

"%appdata%\hidires\flec003.exe"

"%appdata%\hidires\flec005.exe"

"%appdata%\hidires\hidr.exe"

"%appdata%\hidires\Incoming\*.*"

"%appdata%\hidires\Incoming"

"%appdata%\hidires\lang\*.*"

"%appdata%\hidires\lang"

"%appdata%\hidires\m_hook.sys"

"%appdata%\hidires\names.txt"

"%appdata%\hidires\rosa.sys"

"%appdata%\hidires\server.txt"

"%appdata%\hidires\skins\*.*"

"%appdata%\hidires\skins"

"%appdata%\hidires\Temp\*.*"

"%appdata%\hidires\Temp"

"%appdata%\hidires\WDIR"

"%appdata%\hidires\webserver\*.*"

"%appdata%\hidires\webserver"

"%appdata%\hidires"

"%appdata%\hidn\hidn2.exe"

"%appdata%\hidn\m_hook.sys"

"%appdata%\hidn"

"%appdata%\m\data.oct"

"%appdata%\m\flec006.exe"

"%appdata%\m\list.oct"

"%appdata%\m\shared"

"%appdata%\m\srvlist.oct"

"%appdata%\m"

) do ( cls&echo.&echo.&echo.&echo File : %%~b

if exist "%%~b" ( call :Fix "%%~b" ))

 

if exist $users (

for /f "tokens=1* delims=#" %%A in ($users) do (

 

for %%b in (

"%%~A\%Applik%\111wfs1intwq.sys"

"%%~A\%Applik%\11s11ro1s1a2.sys"

"%%~A\%Applik%\drivers\downld\*.*"

"%%~A\%Applik%\drivers\downld"

"%%~A\%Applik%\drivers\mdelk.exe"

"%%~A\%Applik%\drivers\srosa.sys"

"%%~A\%Applik%\drivers\srosa2.sys"

"%%~A\%Applik%\drivers\wfsintwq.sys"

"%%~A\%Applik%\drivers\winupgro.exe"

"%%~A\%Applik%\drivers"

"%%~A\%Applik%\hidires\downloads.bak"

"%%~A\%Applik%\hidires\downloads.txt"

"%%~A\%Applik%\hidires\config\*.*"

"%%~A\%Applik%\hidires\config"

"%%~A\%Applik%\hidires\file.exe"

"%%~A\%Applik%\hidires\flec003.exe"

"%%~A\%Applik%\hidires\flec005.exe"

"%%~A\%Applik%\hidires\hidr.exe"

"%%~A\%Applik%\hidires\Incoming\*.*"

"%%~A\%Applik%\hidires\Incoming"

"%%~A\%Applik%\hidires\lang\*.*"

"%%~A\%Applik%\hidires\lang"

"%%~A\%Applik%\hidires\m_hook.sys"

"%%~A\%Applik%\hidires\names.txt"

"%%~A\%Applik%\hidires\rosa.sys"

"%%~A\%Applik%\hidires\server.txt"

"%%~A\%Applik%\hidires\skins\*.*"

"%%~A\%Applik%\hidires\skins"

"%%~A\%Applik%\hidires\Temp\*.*"

"%%~A\%Applik%\hidires\Temp"

"%%~A\%Applik%\hidires\WDIR"

"%%~A\%Applik%\hidires\webserver\*.*"

"%%~A\%Applik%\hidires\webserver"

"%%~A\%Applik%\hidn\hidn2.exe"

"%%~A\%Applik%\hidn\m_hook.sys"

"%%~A\%Applik%\hidn"

"%%~A\%Applik%\m\data.oct"

"%%~A\%Applik%\m\flec006.exe"

"%%~A\%Applik%\m\list.oct"

"%%~A\%Applik%\m\shared\*.*"

"%%~A\%Applik%\m\shared"

"%%~A\%Applik%\m\srvlist.oct"

"%%~A\%Applik%\m"

) do ( cls&echo.&echo.&echo.&echo File : %%~b

if exist "%%~b" ( call :Fix "%%~b" ))))

 

Call :Defil 30

 

(echo.&echo ################## ^| Reference Bagle MD5 ... ^|&echo.)>>%Rapport%

 

if exist $RefMd5 ( for /f "tokens=1,2,3 delims=#" %%a in ('type "$RefMd5"') do echo ^[%%~ta^|%%~aa^|%%~za^] %%~a ^( CRC32 : %%b ^| MD5 : %%c ^) >> %Rapport% )

 

(echo.&echo ################## ^| MD5 ... ^|&echo.)>>%Rapport%

 

cls&mode con: cols=120 lines=12& color 0F

echo.&echo.&echo.&Tools\echox -n -c 0A " Path : "

echo.

echo.

echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

echo.&Tools\echox -n -c 0C " File : "&echo .... %wait%

 

for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do Dir /a "%%a:\*.*">nul 2>&1 && (

 

for /f "tokens=*" %%b in ('dir /a-d/b/s %%a:\ ^|findstr /IV "winsxs" ^|findstr /IV "driverstore" ^|findstr /I ".exe$ .sys$"') do (

 

cls

echo.&echo.&echo.&Tools\echox -n -c 0A " Path : "

Tools\echox -c 0A "%%~dpb"

echo.

echo.

echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

echo.&Tools\echox -n -c 0C " File : "

Tools\echox -c 0C "%%~nxb"

Call :Md5 "%%~dpb" %%~nxb >nul 2>nul )

 

for /f "tokens=*" %%b in ('dir /a-d/b/s "%%a:\System Volume Information" ^|findstr /I ".exe$ .sys$"') do (

 

cls

echo.&echo.&echo.&Tools\echox -n -c 0A " Path : "

Tools\echox -c 0A "%%~dpb"

echo.

echo.

echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

echo.

echo.&Tools\echox -n -c 0C " File : "

Tools\echox -c 0C "%%~nxb"

Call :Md5 "%%~dpb" %%~nxb >nul 2>nul ))

 

Call :Defil 40

 

if exist $Tmp ( for /f "tokens=1 delims=#" %%b in ('type "$Tmp"') do ( call :Fix "%%~b" ))

 

 

::############################################################################################################################################################################

 

:: Recherche Trace Bagle

 

 

title FyK by El Desaparecido ^| Bagle Trace

 

(echo.&echo ################## ^| Bagle Trace ... ^|&echo.)>>%Rapport%&mode con: cols=120 lines=8& color 0F

 

for /f "tokens=*" %%b in ('dir /b/a/s "%windir%\prefetch\*.*" ^|findstr /i "^[0-9]*\.exe mdelk hldrrr winfilse wintems nideiect flec00 crack serial install_patch keygen key_gen generator"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

call :Fix "%%~b" )

 

for /f "tokens=*" %%b in ('dir /b/a/s "%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

call :Fix "%%~b" )

 

if exist $users (

for /f "tokens=1* delims=#" %%a in ($users) do (

for /f "tokens=*" %%B in ('dir /b/a/s "%%~a\Local Settings\Temporary Internet Files\Content.IE5\*.*" ^|findstr /i "\\b64.*\.jpg \\mxd.*\.jpg \\ffl.*\.htm \\file.*\.txt \\servernames.*\.htm \\ftpps.*\.jpg \\ieps.*\.jpg"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

call :Fix "%%~b" )))2>NUL

 

for /f "tokens=*" %%b in ('dir /b/a/s "%Cookie%\*.*" ^|findstr /i "crack serial patch keygen key generator"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " File : " &echo %%~b

call :Fix "%%~b" )

 

Call :Defil 50

 

mode con: cols=120 lines=8& color 0F

 

cls&echo.&echo.&echo.&Tools\echox -n -c 0A " %step3% " &echo %wait%

 

cleanmgr /sagerun

 

Call :Defil 60

 

 

::############################################################################################################################################################################

 

:: Recherche Crack

 

 

title FyK by El Desaparecido ^| Scan Crack Keygen Serial

 

(echo.&echo ################## ^| Crack .... ^|&echo.)>>%Rapport%

 

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack .... " &echo %wait%

 

for /f "tokens=*" %%b in ('dir /a-d/b/s "%UserProfile%" ^|findstr /Iv "\drivers \hidires \m\Shared" ^|findstr /I "\.exe$ \.rar$ \.zip$" ^|findstr /I "Crack keymaker keygen serial"') do (

 

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Crack : " &echo %%~nxb&echo ^[%%~tb^|%%~ab^|%%~zb^] %%~b >> %Rapport% )

 

 

::############################################################################################################################################################################

 

:: Scan de la Base de Registre

 

 

title FyK by El Desaparecido ^| Scan Regedit

 

(echo.&echo ################## ^| %proc3% ^| &echo.)>>%Rapport%

 

for /f "tokens=1* delims=" %%A in ('type "Tools\Llave"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%A

Tools\swreg acl "%%A" /ge:f;d /p /q /oa >nul 2>&1

Tools\swreg query "%%A">nul 2>&1&IF NOT ERRORLEVEL 1 (

Tools\swreg delete "%%A" >nul 2>nul

echo %Del% [%%A] >> %Rapport% ))

 

for %%b in (

111111s1ro1s1a

m_hook

pci32

rosa

SK9OU0S

srosa

) do (

for /f "tokens=*" %%a in ('Tools\swreg.exe query "HKLM\SYSTEM" ^|find.exe /i "ControlSet"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%a\Services\%%b

Tools\swreg.exe acl "%%a\Services\%%b" /ge:f;d /p /q /oa >nul 2>&1

Tools\swreg.exe query "%%a\Services\%%b" >nul &&(

Tools\swreg.exe delete "%%a\Services\%%b">nul 2>nul )))

 

for %%b in (

LEGACY_111111s1ro1s1a

LEGACY_m_hook

LEGACY_pci32

LEGACY_rosa

LEGACY_SK9OU0S

LEGACY_srosa

) do (

for /f "tokens=*" %%a in ('Tools\swreg.exe query "HKLM\SYSTEM" ^|find.exe /i "ControlSet"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo %%a\Enum\Root\%%b

Tools\swreg.exe acl "%%a\Enum\Root\%%b" /ge:f;d /p /q /oa >nul 2>&1

Tools\swreg.exe query "%%a\Enum\Root\%%b" >nul &&(

Tools\swreg.exe delete "%%a\Enum\Root\%%b">nul 2>nul )))

 

for %%A in (

"KEY540534"

) do Tools\swreg query "HKCU\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\UI %%~A

Tools\swreg delete "HKCU\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&(

echo %Del% [HKCU\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport%

Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Microsoft\Windows\UI %%~A

Tools\swreg delete "HKU\%User%\Software\Microsoft\Windows\UI" /v "%%~A" >nul 2>&1 &&(

echo %Del% [HKU\%User%\Software\Microsoft\Windows\UI] "%%~A" >> %Rapport% ))))

 

Call :Defil 70

 

for %%A in (

"drvsyskit"

"eMuleAutoStart"

"german.exe"

"mule_st_key"

"hldrrr"

"flec003.exe"

) do Tools\swreg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Microsoft\Windows\CurrentVersion\Run %%~A

Tools\swreg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

echo %Del% [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% )

Tools\swreg query "HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run %%~A

Tools\swreg delete "HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

echo %Del% [HKU\%User%\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% )

Tools\swreg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %%~A

Tools\swreg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

echo %Del% [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% )

Tools\swreg query "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run %%~A

Tools\swreg delete "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%~A" >nul 2>&1 &&(

echo %Del% [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "%%~A" >> %Rapport% )))))

 

for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software" ^|findstr /I "\<bisoft\> \<CHKPTR\> \<Dat33eTim7\> \<DateTime4\> \<EWZ\> \<FFC\> \<FirstRRRun\> \<FirtR\> \<FirstRuxzx\> \<FR79732423\> \<MuleAppData\> \<XYZ\> \<XEW\>"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\%User%\Software\%%~A

Tools\swreg delete "HKU\%User%\Software\%%~A" >nul 2>nul

echo %Del% [HKU\%User%\Software\%%~A] >> %Rapport% )

 

Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 (

for /f "tokens=4 delims=\" %%A in ('Tools\swreg query "HKCU\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKCU\Software\Local AppWizard-Generated Applications\%%~A

Tools\swreg delete "HKCU\Software\Local AppWizard-Generated Applications\%%~A" >nul 2>&1 &&(

echo %Del% [HKCU\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% )))

 

Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications">nul 2>&1&IF NOT ERRORLEVEL 1 (

for /f "tokens=5 delims=\" %%A in ('Tools\swreg query "HKU\%User%\Software\Local AppWizard-Generated Applications" ^|findstr /I "\<crack\> \<cracked\> \<flec006\> \<hldrrr\> \<key_gen\> \<key_generator\> \<keygen\> \<mdelk\> \<nideiect\> \<patch\> \<run\> \<serial\> \<winfilse\> \<wintems\> \<winupgro\>"') do (

cls&echo.&echo.&echo.&Tools\echox -n -c 0C " Key : " &echo HKU\...\Software\Local AppWizard-Generated Applications\%%~A

Tools\swreg delete "HKU\%User%\Software\Local AppWizard-Generated Applications\%%~A" >nul 2>&1 &&(

echo %Del% [HKU\%User%\Software\Local AppWizard-Generated Applications\%%~A] >> %Rapport% )))

 

Call :Defil 80

 

cls&echo.&echo.&echo.&Tools\echox -n -c 0A " %step2% " &echo %wait%

 

(echo.&echo ################## ^| %etat% ^|&echo.)>>%Rapport%

 

for %%a in ( RpcSs wuauserv WinDefend MpsSvc wscsvc SharedAccess EapHost Wlansvc Ip6Fw ) do (

sc config "%%a" start= auto >nul 2>nul

sc start "%%a" >nul 2>nul )

 

for %%a in ( Ndisuio ) do (

sc config %%a start= demand >nul 2>nul )

 

Tools\swreg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio" >nul ||(

if "%Pack%"=="V" regedit /S Tools\Vista.reg&echo %Mse% >> %Rapport%&goto Fdc

if "%Pack%"=="3" regedit /S Tools\SP3.reg&echo %Mse% >> %Rapport%&goto Fdc

if not defined Pack regedit /S Tools\SP2.reg&echo %Mse% >> %Rapport%&goto Fdc )

 

(echo %MseOK%&echo.)>>%Rapport%

 

:: Fdc

 

Tools\swreg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden" /v Text >nul ||(

regedit /S Tools\Fdc.reg&echo %Fdc% >> %Rapport%&goto Uac )

 

(echo.&echo %FdcOK%&echo.)>> %Rapport%

 

:: Uac

 

if %OSVER%==1 (

regedit /S Tools\Uac.reg

for %%A in ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System") do (

for %%B in (EnableLUA) do (

Tools\swreg query "%%~A" /V %%B|FIND "1">NUL 2>&1&IF NOT ERRORLEVEL 1 (echo # Uac : OK >> %Rapport%&echo.>> %Rapport% ) else ( echo # ^(!^) Uac = 0x0 >> %Rapport%&echo.>> %Rapport%))))2>NUL

 

:: Services

 

for /f "tokens=1,2* delims=#" %%a in (

"Ndisuio#NDIS User Mode"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 3 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"EapHost#Extensible Authentication Protocol Host"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"WwanSvc#AutoConfig Service WWAN"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"Ip6Fw#IPv6 Windows Firewall Driver"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"MpsSvc#Windows Firewall"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"SharedAccess#Windows Firewall - Internet Connection Sharing"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"windefend#Windows Defender"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"wuauserv#Windows Update"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"wscsvc#Windows Security Center"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c"=="4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| ^Bad = 4 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c" NEQ "4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 2 ^| Bad = 4 ^)>> %Rapport%&echo.>>%Rapport% ))

 

for /f "tokens=1,2* delims=#" %%a in (

"KMService#Software licensing service - Non Genuine Copy of Windows"

) do Tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a">nul 2>&1 &&(

for /f "tokens=3" %%c in ('tools\swreg.exe query "HKLM\SYSTEM\CurrentControlSet\Services\%%~a" /v Start ^|find.exe "Start"') do (

if "%%c" NEQ "4" echo # ^(!^) %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^) >> %Rapport%&echo.>>%Rapport%

if "%%c"=="4" echo # %%~a ^( %%b ^) -^> Start = %%c ^( Good = 4 ^| Bad = 2 ^)>> %Rapport%&echo.>>%Rapport% ))

 

Call :Defil 90

 

(echo.&echo ################## ^| %proc5% ^|&echo.)>>%Rapport%

 

Tools\SniffC.exe

 

if exist Tools\$PEC ( type Tools\$PEC >> %Rapport% )

if not exist Tools\$PEC ( echo ... OK ! >> %Rapport% )

 

Call :Defil 95

 

(echo.&echo ################## ^| Upload ^|&echo.)>>%Rapport%

 

Tools\Sniff.exe a "%HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip" "%Rapport%" >nul 2>nul

Tools\Sniff.exe a "%HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip" "$RefMd5" >nul 2>nul

 

if %idioma%==A ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:A )

if %idioma%==E ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:E )

if %idioma%==F ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:F )

if %idioma%==K ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:K )

if %idioma%==P ( CSCRIPT.exe //NOLOGO Tools\FYK.vbs /Clean:P )

 

if exist "%HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip" (

 

echo %envoi% %HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip : http://eldesaparecido.com/upload.html >> %Rapport%

echo %contrib% >> %Rapport%

 

Call :Suivi

 

Tools\echox -n -c 0F " %envoi% "

Tools\echox -n -c 0C " %HomeDrive%\FindyKill_Upload_Me_%UserDomain%.zip "

echo.

echo.&echo %contrib%

echo.

pause

Start iexplore.exe http://eldesaparecido.com/upload.html

)

 

(echo.&echo ################## ^| %findurapport% ^|&echo.)>>%Rapport%

 

Call :Defil 100

 

if exist $* del /F /Q $*

if exist Tools\$* del /F /Q Tools\$*

if exist err.log del /F /Q err.log

 

mode con: cols=80 lines=16& color 0F&call :Suivi&echo.&echo %ou%&echo.&echo %merci%

 

notepad %Rapport%

exit )

 

 

::############################################################################################################################################################################

 

:Tuto

 

if %idioma%==A ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html )

if %idioma%==E ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html )

if %idioma%==F ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html )

if %idioma%==K ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html )

if %idioma%==P ( "%ProgramFiles%\Internet Explorer\iexplore.exe" http://www.teamxscript.org/findykill.html )

 

exit

 

 

::############################################################################################################################################################################

 

:Desinstal

 

if exist %Rapport% del /F /Q %Rapport%

if exist $* del /F /Q $*

if exist Tools\$* del /F /Q Tools\$*

 

rd /s/q %HomeDrive%\FindyKill >nul 2>nul

exit

 

::############################################################################################################################################################################

 

:Donate

 

Start iexplore.exe http://eldesaparecido.com/donate.html

 

exit

 

::############################################################################################################################################################################

 

:Suivi

 

cls

cls&mode con: cols=80 lines=16& color 0F

echo.&echo.&echo.

echo.

echo ^|\ _,,,--,,_ ,) %fixname% %fixvers%

echo /,`.-'`' -, ;-;;'

echo __ ^|,4- ) )-,_ ) /\__________________________________________________________

echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

echo.&echo.

goto :eof

 

 

::############################################################################################################################################################################

 

:Fix

 

set "tfa=%~1"

set "tfa=%tfa:~,1%"

 

if not exist "Quarantine\%tfa%%~p1" md "Quarantine\%tfa%%~p1" >nul 2>&1

 

attrib -r -s -h -a "%~1" /s /d >nul 2>&1

MOVE /Y "%~1" "Quarantine\%tfa%%~pnx1.vir">nul 2>&1

del /a /f /s /q "%~1">nul 2>&1

rmdir /S /Q "%~1" >nul 2>&1

 

if not exist "%~1" echo %Del% %~1 >> %Rapport%

if exist "%~1" echo ^(!^) %NoDel% %~1 >> %Rapport%

 

set tfa=

goto :eof

 

 

::############################################################################################################################################################################

 

:Check_md5

 

if "%~1"=="" goto :eof

if "%2"=="" goto :eof

 

set tfa=%~1

set tfa=%tfa:~0,-1%

FOR /f "tokens=1" %%a in ('tools\fsum.exe -s -crc32 -jnc -d"%tfa%" %2') do (

FOR /f "tokens=1" %%g in ('tools\fsum.exe -s -md5 -jnc -d"%tfa%" %2') do (

echo %%a>>Tools\RefMD5.def

echo %%g>>Tools\RefMD5.def

echo %tfa%\%2#%%a#%%g#>>$RefMd5 ))

 

set tfa=

goto :eof

 

 

::############################################################################################################################################################################

 

:Md5

 

if "%~1"=="" goto :eof

if "%~2"=="" goto :eof

 

set tfa=%~1

set tfa=%tfa:~0,-1%

 

FOR /f "tokens=1" %%c in ('tools\fsum.exe -s -crc32 -jnc -d"%tfa%" %~2') do (

FOR /f "tokens=1" %%g in ('tools\fsum.exe -s -md5 -jnc -d"%tfa%" %~2') do find /i "%%g"<Tools\RefMD5.def>nul &&(

 

echo "%tfa%\%~2#%%c#%%g#">>$Tmp ))

 

set tfa=

goto :eof

 

 

::############################################################################################################################################################################

 

:SniffZip

 

 

set Nblignes=

set NbFichiers=

set match=

 

if exist tmp.txt del /Q /F tmp.txt

if exist tmp2.txt del /Q /F tmp2.txt

 

 

Tools\Sniff.exe l -slt %1 | FIND.EXE /I "=">>tmp2.txt

 

 

 

if exist tmp2.txt (

FINDSTR.EXE /i /N "=" tmp2.txt>>tmp.txt

del /q /f tmp2.txt

)

 

if not exist tmp.txt goto :eof

 

 

set Nblignes=0

 

for /f "delims=" %%a in (tmp.txt) do set /a Nblignes +=1

 

set /a match=%Nblignes% %% 13

 

 

IF %match% NEQ 0 GOTO :EOF

 

 

set /a NbFichiers=%Nblignes%/13

 

 

FOR /L %%A in (1,1,%NbFichiers%) do call :StripZip %%A %1

 

goto :eof

 

 

::############################################################################################################################################################################

 

:StripZip

 

 

SETLOCAL ENABLEDELAYEDEXPANSION

 

set /a LinePath=(%1*13)-12

set /a LineSize=(%1*13)-10

set /a LineCRC=(%1*13)-2

 

set Cat=

 

for /f "tokens=3 delims= " %%B in ('findstr /i "^%LinePath%: ^%LineSize%: ^%LineCRC%:" tmp.txt') do SET "Cat=!Cat!%%B#"

echo.%2#%Cat% | find /I ".exe">>ziptest.txt

 

ENDLOCAL

 

set Cat=

set LinePath=

set LineSize=

set LineCRC=

 

goto :eof

 

 

::############################################################################################################################################################################

 

:FindZip

 

 

 

for /f "tokens=1,2,3,4 delims=#" %%A in (ziptest.txt) do (

 

echo.%%B | FIND.EXE /I /V "\" >nul && (

 

echo.%%A#%%B#%%C#%%D#>>FileArchive.txt

 

) || (

 

echo.%%A#%%B#%%C#%%D#>>FileinFolder.txt

)

 

)

 

)

 

goto :eof

 

 

::############################################################################################################################################################################

 

:ZipFile

 

for /f "tokens=1,2,3,4 delims=#" %%A in (%1) DO (

 

if not exist "%%A" GOTO :EOF

 

FIND.EXE /I "%%D"<tools\RefMd5.def >nul &&(

 

 

if "%2"=="list" (

 

echo.Bagle ! %%A >>%Rapport%

echo.-^> Contain %%B ^|Size : %%C ^|With Bagle CRC32 : %%D >>%Rapport%

echo.>>%Rapport%

 

)

 

 

if "%2"=="kill" Call :KillZip %%A %%B %%C %%D >nul 2>nul

 

if "%2"=="del" (

 

DEL /F /Q "%%A" >nul 2>nul

 

if not exist "%%A" (

 

echo.%del% %%~A>>%Rapport%

echo.-^> Contain %%B ^|Size : %%C ^|With Bagle CRC32 : %%D >>%Rapport%

echo.>>%Rapport%

)

 

if exist "%%A" (

echo.^(!^) %NoDel% %%~A>>%Rapport%

echo.>>%Rapport%

)

)

 

 

 

 

) || (

 

Call :CheckZip %%A %%B %%C %%D

)

)

 

 

 

goto :eof

 

 

::############################################################################################################################################################################

 

 

:KillZip

 

 

Tools\sniff.exe d "%1" "%2"

echo "%1" "%2" %ERRORLEVEL% >>err.log

 

IF %ERRORLEVEL%==0 (

 

echo.Cleaned : %~1 >>%Rapport%

echo.-^> %Del% %2 ^|Size : %3 ^|With bagle CRC32 : %4 >>%Rapport%

echo.>>%Rapport%

 

)

 

IF %ERRORLEVEL%==2 (

 

echo.^(!^) Not Cleaned : %~1 >>%Rapport%

echo.-^> Contain : %2 ^|Size : %3 ^|With bagle CRC32 : %4 >>%Rapport%

echo.>>%Rapport%

 

)

 

goto :eof

 

 

::############################################################################################################################################################################

 

:CheckZip

 

 

IF /I 1024000 LSS %3 (GOTO :EOF)

IF /I 512000 GTR %3 (GOTO :EOF)

 

FOR %%Z IN (

"crac"

"run"

"crack"

"install"

"key_generator"

"install_crack"

"install_patch"

"keygen"

"key_gen"

"key_generator"

"patch"

"serial"

) DO (

IF /I "%%~Z.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\crac.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\setup.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\run.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\crack.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\install.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\key_gen.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\key_generator.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\install_crack.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\install_patch.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\keygen.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\key_generator.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\patch.exe"=="%2" GOTO :SupectZip

IF /I "%%~Z\serial.exe"=="%2" GOTO :SupectZip

)

 

goto :eof

 

 

::############################################################################################################################################################################

 

:SupectZip

 

Tools\sniff e -y %1 %2 -o"%~dp0\Ziptest" >nul 2>nul

Tools\sniff.exe d "%1" "%2" >nul 2>nul

 

IF %ERRORLEVEL%==2 (

 

echo.Cleaned : %1 >>%Rapport%

echo.-^> %del% %2 ^|Size : %3 ^|CRC32 : %4 >>%Rapport%

echo.>>%Rapport%

if exist "%~dp0Ziptest" RD /Q /S "%~dp0Ziptest"

goto :eof

)

 

IF %ERRORLEVEL%==0 (

 

FOR /f "tokens=1" %%g in ('tools\fsum -md5 -jnc -d"%~dp0Ziptest" %~nx2 2^>nul') do (

echo.Cleaned : %1 >>%Rapport%

echo.-^> %del% %2 ^|Size : %3 ^|CRC32 : %4 ^|MD5 : %%g>>%Rapport%

echo.>>%Rapport%

if exist "%~dp0Ziptest" RD /Q /S "%~dp0Ziptest"

))

 

goto :eof

 

 

::############################################################################################################################################################################

 

:SniffTrace

 

for /f "tokens=*" %%b in ('type "%1" ^|findstr /I "mmzAg 7HPha ÞNJÈT ty_RKK"') do echo %~1 >>%Rapport%

 

goto :eof

 

 

::############################################################################################################################################################################

 

:Defil

 

SETLOCAL ENABLEDELAYEDEXPANSION

 

set ProgressPercent=%1

set /A NumBars=%ProgressPercent%/2

set /A NumSpaces=50-%NumBars%

set Meter=

 

for /l %%A in (%NumBars%,-1,1) do set Meter=!Meter!I

for /l %%A in (%NumSpaces%,-1,1) do set Meter=!Meter!

 

title FyK - El Desaparecido ^| Scan progress : [%Meter%] %ProgressPercent%%%

 

ENDLOCAL

 

goto :eof

 

 

::############################################################################################################################################################################

 

:NoSupport

 

title FyK - El Desaparecido ^| Unsupported Version

 

cls

cls&mode con: cols=80 lines=16& color 0F

echo.&echo.&echo.

echo.

echo ^|\ _,,,--,,_ ,) FindyKill

echo /,`.-'`' -, ;-;;'

echo __ ^|,4- ) )-,_ ) /\__________________________________________________________

echo ~~'---''(_/--' (_/-'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

echo.&echo.

echo Unsupported Version.

echo.

echo Windows XP / Vista / 7 only .....

echo.

echo ....... Press any key to exit .

pause>nul

 

 

::############################################################################################################################################################################

 

:end

exit

merci

A+

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×
×
  • Créer...