32788R22FWJFW\swreg.exe import 32788R22FWJFW\EXE.

reg
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
32788R22FWJFW\PEV.exe UZIP 32788R22FWJFW\License\pv_5_2_2.zip 32788R22FWJFW\
MOVE /Y 32788R22FWJFW\PV.exe 32788R22FWJFW\PV.cfxxe
Le texte du message associ au num ro 0x236e est introuvable dans le fichier de mess
ages pour Application.
32788R22FWJFW\PV.cfxxe -kf *.pif nircmd.* ANDRE.EXE TOLO.exe Merlin.scr jalang.e
xe jalangkung.exe jantungan.exe DOSEN.exe C3W3K4MPUS.exe cmd.exe
Killing '*.pif'
Killing 'nircmd.*'
"C:\32788R22FWJFW\nircmd.cfxxe" cmdwait 1700 exec hide "C:\Windows\system32\cmd.
execf" /c 32788R22FWJFW\prep.cmd (892)
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
Killing 'cmd.exe'
PUSHD "C:\32788R22FWJFW"
IF NOT EXIST pev.cfxxe COPY /Y pev.exe pev.cfxxe
Le texte du message associ au num ro 0x2336 est introuvable dans le fichier de mess
ages pour Application.
IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
Le texte du message associ au num ro 0x2336 est introuvable dans le fichier de mess
ages pour Application.
SET "Comspec=C:\Windows\system32\cmd.execf"
IF NOT EXIST C:\Windows\system32\cmd.exe GOTO Not_NT
IF EXIST OsVer EXIT
VER 1>OsVer
GREP.cfxxe -F "5.2." OsVer
IF 1 == 0 GOTO Not_NT
GREP.cfxxe -F "5.1.2" OsVer 1>XP.mac
IF 1 == 0 GOTO NT
DEL XP.mac
GREP.cfxxe -F "6.0.6" OsVer 1>Vista.mac
IF 1 == 0 GOTO NT
DEL Vista.mac
GREP.cfxxe -F "5.00.2" OsVer 1>W2K.mac
IF 1 == 0 GOTO NT
DEL W2K.mac
GREP.cfxxe -sq "currentversion.* 6.0" OsVer00 && GOTO NT
GREP.cfxxe -isq "ProductType.*WinNT" WinNT00 || GOTO Not_NT
Le texte du message associ au num ro 0x236e est introuvable dans le fichier de mess
ages pour Application.
SED.cfxxe "/^PATH=/I!d; s///; s/\x22//g" Oripath 1>OriPath00
PEV.EXE -rtf -s+901 .\OriPath00 && (
SED.cfxxe -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00 1>OriPath01
FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\Windows\s
ystem32;C:\Windows;C:\Windows\system32\wbem;%G"
)
IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788
R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;%G"
SET "PATH=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wb
em;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;C:\P
rogram Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\QuickTime\QTSys
tem\"
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Killing 'runonce.exe'
Killing 'grpconv.exe'
Killing 'procmon.exe'
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
pv: No matching processes found
PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or Win
NT.exe or N_.exe } 1>temp00 && (
PV -o%f * 1>temp01
PEV -tf -t!o --files:temp01 --c:##5#b#f# 1>temp02
GREP -Fif temp00 temp02 1>temp03
SED "/.* /!d; s///" temp03 1>temp04
SED ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04 1>temp05
FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G
)
CALL :MDCheck
Le texte du message associ au num ro 0x40002712 est introuvable dans le fichier de
messages pour Application.
PEV -rtf -md5EBD121FE8B159AF39744B86ECED1E24F .\md5sum.pif || CALL :MDFaiL Chk
Sum_Fail
.\md5sum.pif
PEV -tf --files:files.pif --c:##5#b#f# 1>mdCheck00.dat
GREP -vs "^!MD5:" mdCheck00.dat 1>mdCheck0a.dat
GREP -Fvf md5sum.pif mdCheck0a.dat 1>mdCheck01.dat && CALL :MDFaiL
GOTO :EOF
=============================================
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jean-Michel\AppData\Roaming
cfExt=cfxxe
CFLDR=32788R22FWJFW
Chksum=EBD121FE8B159AF39744B86ECED1E24F
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-JEAN-MICH
ComSpec=C:\Windows\system32\cmd.execf
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jean-Michel
KMD=CF27145.exe
LOCALAPPDATA=C:\Users\Jean-Michel\AppData\Local
LOGONSERVER=\\PC-DE-JEAN-MICH
MSWorksProductCode={3B160861-7250-451E-B5EE-8B92BF30A710}
NUMBER_OF_PROCESSORS=4
OnlineServices=Online Services
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:
\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;C:\Progra
m Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\QuickTime\QTSystem\
PATHEXT=.cfxxe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
Platform=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$
PUBLIC=C:\Users\Public
Qrntn=C:\Qoobox\Quarantine
QTJAVA=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
sfxcmd="C:\ComboFix.exe"
sfxname=C:\ComboFix.exe
SYSTEM=C:\Windows\system32
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\JEAN-M~1\AppData\Local\Temp
TMP=C:\Users\JEAN-M~1\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-
BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=PC-de-Jean-Mich
USERNAME=Jean-Michel
USERPROFILE=C:\Users\Jean-Michel
windir=C:\Windows
=============================================

IF NOT DEFINED sfxname GOTO END

GREP -F \ temp01 && CALL :Aux
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
GREP -Fi "C:\Windows\system32\userinit.exe" Userinit00 || (SWREG ADD "hklm\sof
tware\microsoft\windows nt\currentversion\winlogon" /v Userinit /d "C:\Windows\s
ystem32\userinit.exe," )
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
CALL LANG.bat
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Page de codes activeÿ: 1252
SET SfxCmd 1>SET00
SED -r "/SfxCmd=/I!d; s///; s/\s*$//; s/^(\x22[^\x22]*\x22|[^\x22]\S*) +//; s/^\
x22*C:\\ComboFix.exe\x22*//I; s/^([^\x22]\S*)/@SET SfxCmd=\x22\1\x22/; s/^(\x22.
*)/@SET SfxCmd=\1/" SET00 1>sfx.cmd
DEL /A/F SET00
ATTRIB +R "C:\ComboFix.exe"
CALL sfx.cmd
CALL AV.cmd
SET /a AVCount+=1
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
IF NOT EXIST AvBlack00 GREP -Fisf AVBlack resident.txt 1>AvBlack00 && (
SED -r "s/\x22//g; s/.*\) //; s/.*(\{.{8}-.{4}-.{4}-.{4}-.{12}\}).*/\1/" AvBlack
00 1>AvBlack01
FOR /F "TOKENS=*" %G IN (AvBlack01) DO @CSCRIPT.EXE //NOLOGO //E:VBSCRIPT //T:5
wmi_rem.vbs "%~G"
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
)
GREP -Fivf AVWhite resident.txt | GREP -E "^(AV|SP): .*enabled\* \(" 1>AVChk
&& (
SED -r "s/^AV:/antivirus: /; s/^SP:/antispyware: /; s/ \*(On-access scanni
ng |)enabled\*.*//" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB
NIRCMD LOOP 2 80 BEEP 3000 200
 IF 1 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix has de
tected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and i
ntrusion prevention programs are known to interfere~nwith ComboFix's running. Th
is may lead to unpredictable results or~npossible machine damage.~n~nPlease disa
ble these scanners before clicking 'OK'." "Warning !!" "" && GOTO Av-check
IF 1 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nThe above
real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kind
ly note that this is at your own risk" "Warning !!" ""
)
DEL /A/F/Q AVChk? AvWhite AvBlack AvBlack0?
SET AVCount=
IF EXIST vista.mac CALL :Vista
IF NOT DEFINED RKEY_ GOTO :EOF
IF /I "" EQU "RKEYB" GOTO RKEYB
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
COPY /Y /B C:\Windows\system32\sc.exe C:\Windows\system32\swsc.exe
Le texte du message associé au numéro 0x2336 est introuvable dans le fichier de mess
ages pour Application.
HANDLE csrss.exe.mui 1>MUI00
SED -r "/.*(.:\\.*)\\[^\\]*$/!d; s//\1/" MUI00 1>MUI01
SED -r -n "G; s/\n/&&/; /^([ -~]*\n).*\n\1/d; s/\n//; h; P" MUI01 1>MUI
FOR /F "TOKENS=*" %G IN (MUI) DO (
IF EXIST "%~G\sc.exe.mui" COPY /Y /B "%~G\sc.exe.mui" "%~G\swsc.exe.mui"
IF EXIST "%~G\cmd.exe.mui" (
SWXCACLS "%~G\cmd.exe.mui" /OA /Q
SWXCACLS "%~G\cmd.exe.mui" /P /GA:F /GS:F /GP:X /GU:X /Q
COPY /Y "%~G\cmd.exe.mui" "%~G\CF27145.exe.mui"
SWXCACLS "%~G\cmd.exe.mui" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853
292631-2271478464:f /GA:X /GS:X /GP:X /GU:X /Q
SWXCACLS "%~G\cmd.exe.mui" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853
292631-2271478464 /Q
)
)
DEL /A/F/Q MUI0?
GOTO :EOF
GREP -Fx "REGEDIT4" Fin.dat || (
ECHO.1>"C:\Users\JEAN-M~1\AppData\Local\Temp\tdsstdss"
PEV -rtf "C:\Users\JEAN-M~1\AppData\Local\Temp\tdsstdss" || (
ECHO.1>wtf_tdssserv
CALL c.bat
GOTO END
)
GOTO AbortD
)
REGEDIT4
IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort
IF EXIST "C:\Users\JEAN-M~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log" D
EL /A/F "C:\Users\JEAN-M~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log"
COPY /Y /B "C:\Windows\system32\cmd.execf" "C:\Windows\system32\CF27145.exe"
Le texte du message associé au numéro 0x2336 est introuvable dans le fichier de mess
ages pour Application.
SET "COMSPEC=C:\Windows\system32\CF27145.exe"
FOR /F "TOKENS=*" %G IN ("C:\ComboFix.exe") DO (
SET "FileName=%~NG"
SET "FilePath=%~DPG"
)
(
SET "FileName=ComboFix"
SET "FilePath=C:\"
)
SET FileName 1>FileName
GREP -ix "FileName=[-[:alnum:]@.]*" FileName || GOTO AbortB
FileName=ComboFix
DIR /AD/B C:\* 1>DirName00
GREP -ivx ComboFix DirName00 1>DirName01
GREP -Fisqx "ComboFix" DirName01 && CALL :NameChk
IF EXIST DirName0? DEL /A/F/Q DirName0?
IF EXIST Oldsfxname00 DEL /A/F Oldsfxname00
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
IF EXIST "\ComboFix" DIR /AD "\ComboFix" 1>N_\7896 && (
RD /S/Q "\ComboFix"
IF EXIST "\ComboFix" (
PV -kf *.cfxxe
RD /S/Q "\ComboFix"
)
IF EXIST "\ComboFix" (
HANDLE "C:\ComboFix" 1>temp00
SED -R "/.* pid: (\d*) +(\S*):.*/I!d;s//@ECHO.y|Handle -c \2 -p \1/" temp00 1>
temp00.bat
CALL temp00.bat
DEL /A/F temp00.bat temp00
RD /S/Q "\ComboFix"
)
)
IF EXIST "\ComboFix" RD /S/Q "\ComboFix"
IF EXIST "\ComboFix" GOTO :EOF
PEV UZIP "License\streamtools.zip" License && MOVE /Y License\SF.exe 1>N_\111
08 2>&1
GREP -Eisq "=.\/u.$" sfx.cmd && IF EXIST MsName.bat (ECHO.@SET SfxCmd= 1>sfx.c
md ) ELSE echo..1>ItsBeenPhun
DEL /A/F prep.done MsName.bat
CD ..
(
ECHO.MD "\ComboFix"
ECHO.ATTRIB -H -S "\32788R22FWJFW\*"
ECHO.MOVE /y "\32788R22FWJFW\*" "\ComboFix"
ECHO.RD /S/Q "\32788R22FWJFW"
IF EXIST "\32788R22FWJFW.0.tmp\" ECHO.RD /S/Q "\32788R22FWJFW.0.tmp"
IF EXIST "C:\32788R22FWJFW\ItsBeenPhun" ECHO.NIRCMD EXEC2 HIDE "C:\ComboFix" "C
:\Windows\system32\CF27145.exe" /c c.bat
IF NOT EXIST "C:\32788R22FWJFW\ItsBeenPhun" ECHO.START "." /d"C:\ComboFix" "C:\
Windows\system32\CF27145.exe" /k c.bat
ECHO.PV -kf cmd.exe cmd.execf
ECHO.DEL /A/F \Start_.cmd
) 1>Start_.cmd
SET "PATH=C:\ComboFix;C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows
\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin
\Python;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\Qui
ckTime\QTSystem\"
HIDEC "C:\Windows\system32\CF27145.exe" /F:OFF /D /C Start_.cmd
Le texte du message associé au numéro 0x236c est introuvable dans le fichier de mess
ages pour Application.