PUSHD "C:\327882R2FWJFW\" IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT VER 1>temp00 C:\WINDOWS\system32\FIND.exe "Microsoft Windows [Version 5.2.

3790]" temp00 1>NU LL IF NOT ERRORLEVEL 1 GOTO Not_NT C:\WINDOWS\system32\FIND.exe "Windows XP" temp00 1>NULL PV -o"%i\t%l" bat CALL temp00.bat DEL temp00.bat temp00 2>NULL ============================================= ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrateur\Application Data asl.log=Destination=file CFLDR=327882R2FWJFW CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=OCP ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrateur KMD=CF1585.exe LOGONSERVER=\\OCP NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C: \WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$ SAFEBOOT_OPTION=MINIMAL SESSIONNAME=Console sfxname=C:\Documents and Settings\mona\Bureau\package ocp\ComboFix.exe SYSTEM=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=OCP USERNAME=Administrateur USERPROFILE=C:\Documents and Settings\Administrateur windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI | SED "/\t.*\\nircmd\.inf$/!d; s///; s/./@pv -kfi &/" 1>temp00.

============================================= IF NOT DEFINED sfxname GOTO END IF /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" GOTO Abort IF EXIST "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" DEL "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 (C) Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was succes sful COPY /Y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF1585.exe" 1 fichier(s) copi (s). ( SET "FileName=ComboFix" SET "FilePath=C:\Documents and Settings\mona\Bureau\package ocp\" ) SET FileName 1>FileName 2>NULL GREP -isqx "FileName=[-[:alnum:]@.]*" FileName || ( Nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another nam e, preferbaly made up of alphanumeric characters" "" GOTO END ) DIR /AD/B C:\* | FINDSTR -IVX ComboFix 1>dirname00 1>NULL && CALL :NameChk

FINDSTR -LIXC:"ComboFix" dirname00 IF EXIST dirname0? DEL /Q dirname0?

IF EXIST "\ComboFix" DIR /AD "\ComboFix" 1>NULL && ( RD /S/Q "\ComboFix" IF EXIST "\ComboFix" ( PV -kf *.cfexe RD /S/Q "\ComboFix" ) IF EXIST "\ComboFix" ( HANDLE "C:\ComboFix" | SED -R "/.* pid: (\d*) +([^ ]*):.*/I!d;s//@ECHO.y|Handl e -c \2 -p \1/" 1>temp00.bat CALL temp00.bat DEL temp00.bat RD /S/Q "\ComboFix" ) ) 1>NULL 2>&1 IF EXIST "\ComboFix" RD /S/Q "\ComboFix" IF EXIST "\ComboFix" GOTO :eof