32788R22FWJFW\swreg.exe import 32788R22FWJFW\EXE.reg 32788R22FWJFW\PEV.exe UZIP 32788R22FWJFW\License\pv_5_2_2.zip 32788R22FWJFW\ MOVE /Y 32788R22FWJFW\PV.exe 32788R22FWJFW\PV.cfxxe 32788R22FWJFW\PV.cfxxe -kf *.pif nircmd.* ANDRE.

EXE TOLO.exe Merlin.scr jalang.e xe jalangkung.exe jantungan.exe DOSEN.exe C3W3K4MPUS.exe cmd.exe Killing '*.pif' Killing 'nircmd.*' "C:\32788R22FWJFW\nircmd.cfxxe" cmdwait 1700 exec hide "C:\WINDOWS\system32\cmd. execf" /c 32788R22FWJFW\prep.cmd (3612) Killing 'ANDRE.EXE' Killing 'TOLO.exe' Killing 'Merlin.scr' Killing 'jalang.exe' Killing 'jalangkung.exe' Killing 'jantungan.exe' Killing 'DOSEN.exe' Killing 'C3W3K4MPUS.exe' Killing 'cmd.exe' PUSHD "C:\32788R22FWJFW" IF NOT EXIST pev.cfxxe COPY /Y pev.exe pev.cfxxe 1 archivos copiados. IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe 1 archivos copiados. SET "Comspec=C:\WINDOWS\system32\cmd.execf" IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT IF EXIST OsVer EXIT VER 1>OsVer GREP.cfxxe -F "5.2." OsVer IF 1 == 0 GOTO Not_NT GREP.cfxxe -F "5.1.2" OsVer 1>XP.mac IF 0 == 0 GOTO NT GREP.cfxxe -isq "ProductType.*WinNT" WinNT00 GOTO Not_NT

SED.cfxxe "/^PATH=/I!d; s///; s/\x22//g" Oripath 1>OriPath00 PEV.EXE -rtf -s+901 .\OriPath00 && ( SED.cfxxe -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00 1>OriPath01 FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\s ystem32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G" ) IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788 R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G"

SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wb em;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem" Killing 'runonce.exe' Killing 'grpconv.exe' Killing 'procmon.exe' Killing 'ANDRE.EXE' Killing 'TOLO.exe' Killing 'Merlin.scr' Killing 'jalang.exe' Killing 'jalangkung.exe' Killing 'jantungan.exe' Killing 'DOSEN.exe' Killing 'C3W3K4MPUS.exe' pv: No matching processes found PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or Win NT.exe or N_.exe } 1>temp00 && ( PV -o%f * 1>temp01 PEV -tf -t!o --files:temp01 --c:##5#b#f# 1>temp02 GREP -Fif temp00 temp02 1>temp03 SED "/.* /!d; s///" temp03 1>temp04 SED ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04 1>temp05 FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G ) CALL :MDCheck No se encuentra C:\32788R22FWJFW\md5sum00.pif PEV -rtf -md5E595961A02F2A430F888088727155CEE .\md5sum.pif Sum_Fail .\md5sum.pif PEV -tf --files:files.pif --c:##5#b#f# 1>mdCheck00.dat GREP -vs "^!MD5:" mdCheck00.dat 1>mdCheck0a.dat GREP -Fvf md5sum.pif mdCheck0a.dat CALL LANG.bat Tabla de cdigos activa: 1252 NIRCMD INFOBOX "!! ALERT !! It is NOT SAFE to continue!~n~nThe contents of the C omboFix package has been compromised.~nPlease download a fresh copy from:~n~nhtt p://www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nNote: You may be in fected with a file patching virus 'Virut'" "Error" "" IF EXIST "E:\HBCD\WinTools\ComboFix.exe" IF NOT EXIST "E:\HBCD\WinTools\ComboFix .exe\" DEL /A/F "E:\HBCD\WinTools\ComboFix.exe" Acceso denegado. GOTO END IF EXIST "C:\WINDOWS\system32\cmd.execf" MOVE /Y "C:\WINDOWS\system32\cmd.execf" "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp" CD .. IF DEFINED cfldr RD /S/Q "32788R22FWJFW" El sistema no puede hallar la ruta especificada. El sistema no puede hallar la ruta especificada. 1>mdCheck01.dat && CALL :MDFaiL CALL :MDFaiL Chk

El sistema no puede hallar la ruta especificada.