Sie sind auf Seite 1von 107

::ProgramW6432

::CommonProgramW6432
:: Esta Script Es Creada Por: Jean Carlos Larreal Silva
@echo off
color 0b
Title (c) Bytes_Codex 10.9.0

:CargandoProyecto
@mode con cols=80 lines=23

:: Variables De Configuraciones
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
set "Init=@echo off"
set "Color=color 0b"
set "Titulo=title (c) Bytes_Codex 10.9.0"
set "TituloXD=Bytes_Codex 10.9.0"
set "Limp=cls"
set "Ft=echo("
set "ps=pause"
set "Env=Goto"
set "Arc=DEL /F/Q"
set "Carp=DEL /S/Q"
set "Des=attrib /s /d -r -h -s -a
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
%Limp%
::Variables De Señales
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
set "Sef=-------------------------------------------------------------------------"
set "Seft=echo( -----------------------------------------------"
set "Ast="
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
%Limp%

::Variables De Rutas
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
set "Exp=%appdata%\Datos_Cp\Recursos\Bin002\I_Explorer"
set "lnk=%appdata%\Datos_Cp\Recursos\lnk_Url"
set "Naw=%appdata%\Datos_Cp\Recursos\W2-Navegador"
set "Dte=%appdata%\Datos_Cp\Recursos\DataBase\DataBase-Desocultar\App-Desocultado"
set "DatBs=%appdata%\Datos_Cp\Recursos\DataBase\DataBase-Desocultar"
set "Esc=%appdata%\Datos_Cp"
set "Esc2=%appdata%\Datos_Cp\Recursos"
set "Esc3=%appdata%\Datos_Cp\AppData"
set "Rp=%appdata%\Datos_Cp\Recursos\Bin001
set "Rp1=%appdata%\Datos_Cp\Recursos\Bin002
set "NIRCMD=%appdata%\Datos_Cp\Recursos\Data_Cmd.DAT"
set "SED=%appdata%\Datos_Cp\Recursos\Data_S.DAT"
set "GREP=%appdata%\Datos_Cp\Recursos\CptData\Data_G.DAT"
set "UNIQ=%appdata%\Datos_Cp\Recursos\UNIQ\UNIQ.DAT"
SET "CUT=%appdata%\Datos_Cp\Recursos\Dta-Es\C-Dta.DAT"
SET "SHORTCUT=%appdata%\Datos_Cp\Recursos\Dta-Es\S-Dta.DAT"
SET "WGET=%appdata%\Datos_Cp\Recursos\Dta-Es\W-Dta.DAT"
set "SORT_=%appdata%\Datos_Cp\Recursos\Bin004\AtData.DAT"
set "Basedb=%appdata%\Datos_Cp\Recursos\DataBase"
set "Cuarp=%appdata%\Datos_Cp\Cuarentena"
set "RutaG=%systemdrive%"
set "Desk=%userprofile%\Desktop"
set "QUICKLAUNCHALL=%appdata%\Microsoft\Internet Explorer\Quick Launch"
set "PROGRAMS1ALL=%allusersprofile%\Start Menu\Programs"
set "PROGRAMS2ALL=%userprofile%\Start Menu\Programs"
if exist "%windir%\Sysnative\cmd.exe" ( SET "SYS32=%windir%\Sysnative" ) else ( SET
"SYS32=%windir%\System32" )
set "TASKS=%windir%\Tasks"
REM ~~~~~~~~~~~~~~~~~~~~~~~~>
if exist %windir%\syswow64 ( set ARCH=x64 ) else ( set ARCH=x86 )
if %ARCH%==x64 (
SET "SYSWOW64=%windir%\SysWOW64"
)
REM ~~~~~~~~~~~~~~~~~~~~~~~~>
FOR /F "tokens=2*" %%A IN ('REG QUERY
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerNam
e" /v ComputerName 2^>NUL') DO SET COMPUTERNAME=%%B
FOR /F "tokens=2*" %%A IN ('REG QUERY "HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion" /v ProductName 2^>NUL') DO SET OS=%%B
ECHO %OS%|FIND "Windows XP" >NUL
IF %ERRORLEVEL% EQU 0 (
set "LOCALA=%userprofile%\Local Settings\Application Data"
set "MYDOCS=%userprofile%\My Documents"
set "MYDLS=%userprofile%\My Documents\Downloads"
set "MYMUSIC=%userprofile%\My Documents\My Music"
set "LNK1XP=%allusersprofile%\Start Menu"
set "LNK2XP=%userprofile%\Start Menu"
set "STARTU=%userprofile%\Start Menu\Programs\Startup"
set "DRM=%allusersprofile%\DRM"
set "Wxps=%systemdrive%\Documents and Settings\Administrador\Menú
Inicio\Programas\Inicio"
set "TIFS=%systemdrive%\Documents and Settings\LocalService\Local
Settings\Temporary Internet Files\Content.IE5"
set "TIFS2=%windir%\System32\config\systemprofile\Local Settings\Temporary Internet
Files\Content.IE5"
) ELSE (
set "LOCALA=%localappdata%"
set "LOCALLOW=%userprofile%\Appdata\LocalLow"
set "MYDOCS=%userprofile%\Documents"
set "MYDLS=%userprofile%\Downloads"
set "MYMUSIC=%userprofile%\Music"
set "PUBDESKTOP=%systemdrive%\Users\Public\Desktop"
set "PUBDOCS=%systemdrive%\users\Public\Documents"
set "PUBLIC=%systemdrive%\Users\Public"
set "syswow64=%windir%\syswow64"
set "QUICKLAUNCH17=%appdata%\Microsoft\Internet Explorer\Quick Launch\User
Pinned\StartMenu"
set "QUICKLAUNCH27=%appdata%\Microsoft\Internet Explorer\Quick Launch\User
Pinned\TaskBar"
set "PROGRAMS17=%allusersprofile%\Microsoft\Windows\Start Menu\Programs"
set "PROGRAMS27=%appdata%\Microsoft\Windows\Start Menu\Programs"
set "STARTMENU17=%allusersprofile%\Microsoft\windows\Start Menu"
set "STARTMENU27=%appdata%\Microsoft\Windows\Start Menu"
set "STARTU=%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"
set "DRM=%allusersprofile%\Microsoft\DRM"
set "TIFS=%localappdata%\Microsoft\Windows\Temporary Internet Files\Content.IE5"
set "TIFS2=%windir
%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5"
set "STARTUP=%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"
set "Wxps=%systemdrive%\Documents and Settings\Administrador\Menú
Inicio\Programas\Inicio"
)
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
%Limp%

::Actualizaciones
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~>
%Limp%

:: Inicio Sin Administrador...


REM ~~~~~~~~~~~~~~~~~~~~~~~~>
net session >NUL 2>&1
IF %ERRORLEVEL% EQU 0 ( SET USERSTATUS=Administrator) else (
%Limp%
echo( %Sef%
Echo( Este Programa Nesesita Privilegios De Administrador Para Iniciar
echo.
Echo( Si desea ejecutar con privilegios de administrador, cierre esta ventana.
echo.
Echo( Dele Segundo Click Al Programa y a La Opcion ejecutar como administrador.
echo.
echo( %Sef%
SET USERSTATUS=Limited
pause
exit
)
%Limp%
REM ~~~~~~~~~~~~~~~~~~~~~~~~>

:InicioXDt1
%Init%
%Color%
%Titulo%
%Limp%

::Cargando Desolcutador De Datos


%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Desocultando Archivos (%%18) ] Por Favor Espere ..
%Ft% ______________________________________________________________________________
ping -n 3 0.0.0.0 > nul

for /f "usebackq delims=" %%i in ("%DatBs%\DataBase_Inicio7.Pr") do (


DIR "%STARTUP%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Des% "%STARTUP%\%%i" >NUL 2>&1
DIR "%STARTUP%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Desocultado Con Exito: "%STARTUP%\%%i" ^(Virus
Desocultado^)>>"%Dte%\Todos-Inicio7.txt" ) ELSE ( ECHO(Error Al Desocultar:
"%STARTUP%\%%i" ^(Virus Desocultado^)>>"%Dte%\Todos-Inicio7.txt" )
)
)
%Limp%

%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Desocultando Archivos (%%31) ] Por Favor Espere ..
%Ft% ______________________________________________________________________________
ping -n 1 0.0.0.0 > nul
for /f "usebackq delims=" %%i in ("%DatBs%\DataBase_InicioXP.Pr") do (
DIR "%Wxps%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Des% "%Wxps%\%%i" >NUL 2>&1
DIR "%Wxps%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Desocultado Con Exito: "%Wxps%\%%i" ^(Virus
Desocultado^)>>"%Dte%\Todos-InicioXP.txt" ) ELSE ( ECHO(Error Al Desocultar: "%Wxps
%\%%i" ^(Virus Desocultado^)>>"%Dte%\Todos-InicioXP.txt" )
)
)
%Limp%

%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Desocultando Archivos (%%56) ] Por Favor Espere ..
%Ft% ______________________________________________________________________________
ping -n 4 0.0.0.0 > nul

DEL /F/Q "%Esc3%\*.*"


DEL /F/Q "%Esc%\*.*"
%Limp%

%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Desocultando Archivos (%%72) ] Por Favor Espere ..
%Ft% ______________________________________________________________________________
ping -n 1 0.0.0.0 > nul

for /f "usebackq delims=" %%i in ("%DatBs%\DataBase_Temp.Pr") do (


DIR "%temp%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Des% "%temp%\%%i" >NUL 2>&1
DIR "%temp%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Desocultado Con Exito: "%temp%\%%i" ^(Virus
Desocultado^)>>"%Dte%\Todos-Temp.txt" ) ELSE ( ECHO(Error Al Desocultar: "%temp%\%
%i" ^(Virus Desocultado^)>>"%Dte%\Todos-Temp.txt" )
)
)
%Limp%

%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Desocultando Archivos (%%89) ] Por Favor Espere ..
%Ft% ______________________________________________________________________________
ping -n 1 0.0.0.0 > nul

for /f "usebackq delims=" %%i in ("%DatBs%\DataBase-Appdata.Pr") do (


DIR "%appdata%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Des% "%appdata%\%%i" >NUL 2>&1
DIR "%appdata%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Desocultado Con Exito: "%appdata%\%%i" ^(Virus
Desocultado^)>>"%Dte%\Todos-Appdata.txt" ) ELSE ( ECHO(Error Al Desocultar:
"%appdata%\%%i" ^(Virus Desocultado^)>>"%Dte%\Todos-Appdata.txt" )
)
)
%Limp%

%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Desocultando Archivos (%%100) ] Por Favor Espere ..
%Ft% ______________________________________________________________________________
ping -n 3 0.0.0.0 > nul

%Limp%

::Inicio Principal
%Init%
%Color%
%Titulo%
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Esta Script Esta En Su Version: 5.6.3 Creada para La Perfecta Eliminacion ]

%Ft% [ De Softwares Mal Intencionado Facil y Rapido..... ]


%Ft%
%Ft% Por Favor Espere .. [ %%1 ] Configurando Datos Para Su Uso ..
%Ft% ______________________________________________________________________________
%Ft%
ping -n 3 0.0.0.0 > nul

if exist "%appdata%\Datos_Cp\AppData\Datos_De_Procesos_Detenidos" (goto P1) else


(goto S1)
:P1
DEL /F/Q %appdata%\Datos_Cp\AppData\*.*
%Limp%
:S1
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Esta Script Esta En Su Version: 5.6.3 Creada para La Perfecta Eliminacion ]

%Ft% [ De Softwares Mal Intencionado Facil y Rapido..... ]


%Ft%
%Ft% Por Favor Espere .. [ %%47 ] Leyendo DataBase ..
%Ft% ______________________________________________________________________________
%Ft%
ping -n 3 0.0.0.0 > nul

if exist "%appdata%\Datos_Cp\Recursos\DataBase\DataBase_Temp.Es.Pr" (goto P2) else


(goto S2)
%Limp%

:S2
%Limp%
Echo( __________________________________________
Echo(
Echo( [ Error En DataBase #0x0056290 ]
Echo( __________________________________________
pause
exit
:P2
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Esta Script Esta En Su Version: 5.6.3 Creada para La Perfecta Eliminacion ]

%Ft% [ De Softwares Mal Intencionado Facil y Rapido..... ]


%Ft%
%Ft% Por Favor Espere .. [ %%62 ] Leyendo Configuraciones
%Ft% ______________________________________________________________________________
%Ft%
ping -n 3 0.0.0.0 > nul

if exist "%appdata%\Datos_Cp\Recursos\Data_Cmd.DAT" (goto P3) else (goto S3)


%Limp%

:S3
%Limp%
Echo(
Echo( Error En Data_Cmd #0x0043514
pause
exit

:P3
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Esta Script Esta En Su Version: 5.6.3 Creada para La Perfecta Eliminacion ]

%Ft% [ De Softwares Mal Intencionado Facil y Rapido..... ]


%Ft%
%Ft% Por Favor Espere .. [ %%93 ] Borrando Tmp Del Programa ..
%Ft% ______________________________________________________________________________
%Ft%
ping -n 3 0.0.0.0 > nul

DEL /F/Q "%Cuarp%\null"


DEL /F/Q "%appdata%\null"
DEL /F/Q "%appdata%\Datos_Cp\AppReport\null"
DEL /F/Q "%Esc%\Reporte_Data\*.*"
%Limp%

%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Esta Script Esta En Su Version: 5.6.3 Creada para La Perfecta Eliminacion ]

%Ft% [ De Softwares Mal Intencionado Facil y Rapido..... ]


%Ft%
%Ft% Por Favor Espere .. [ %%100 ] Iniciando Programa ..
%Ft% ______________________________________________________________________________
%Ft%
ping -n 3 0.0.0.0 > nul

%Limp%
%Env% Correr

:Correr
%Init%
%Color%
%Titulo%
%Limp%
%Ft%
%Ft% _____________________________________________________________________________
%Ft% )
%Ft% [ Bienvenido a %TituloXD% ] )
%Ft% )
%Ft% [ Elija Una Opcion ] )
%Ft% )
%Ft% [1]. Analizar Computadora .. )
%Ft% )
%Ft% [2]. Analizar Dispocitivos .. )
%Ft% )
%Ft% [3]. Abrir Cuarentena .. )
%Ft% )
%Ft% [4]. Crear Un Reporte Completo .. )
%Ft% )
%Ft% [5]. Modulos Instalados En %TituloXD% .. )
%Ft% )
%Ft% [6]. Cerrar La Script .. )
%Ft% )
%Ft% _____________________________________________________________________________)
%Ft%
set/p unidad21=Elija Una Opcion:
if %unidad21%== 1 goto c
if %unidad21%== 2 goto a
if %unidad21%== 3 goto Cua
if %unidad21%== 4 goto Repor
if %unidad21%== 5 goto Config
if %unidad21%== 6 goto SalirXD
goto Correr

:Repor
%Init%
%Color%
%Titulo%
%Limp%
cd %appdata%\Datos_Cp\AppReport
start Crear_Reporte.bat
%Limp%
%Ft%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Nota: Cuando El Programa Se Cierre Solo, Presione Una Tecla Para Copiar ]
%Ft% [ Su Reporte a Su Escritorio..... ]
%Ft%
%Ft% Presione Una Tecla Para Continuar ..
%Ft% ______________________________________________________________________________
%Ft%
pause>null
%Limp%
COPY /Y "%appdata%\Datos_Cp\Reporte_Data\Reporte_pc.txt" "%USERPROFILE
%\Desktop\Reporte_pc.txt" >NUL 2>&1
Goto Copiar

:Copiar
%Limp%
%Ft%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Su Reporte Se a Copiado Con Exito .. ]
%Ft%
%Ft% [ Por Favor Enviarlo al hotmail: youtube.jc@hotmail.com ]
%Ft%
%Ft% Presione Una Tecla Para Continuar ..
%Ft% ______________________________________________________________________________
%Ft%
pause>null
%Limp%
Goto Correr

:Config
%Init%
%Color%
%Titulo%
%Limp%
%Ft%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% 1) Modo Auto-Solucion De Errores [Activado]
%Ft%
%Ft% 2) Modo Auto-Eliminacion De Amenazas [Activado]
%Ft%
%Ft% 3) Modo Auto-Protector De Claves Mal Intencionadas En Regedit [Activado]
%Ft%
%Ft% 4) Modo Auto-Actualizaciones [Activado]
%Ft%
%Ft% 5) Modo Auto-Protector De Paginas Wed Mal Intencionadas [Activado]
%Ft%
%Ft% ______________________________________________________________________________
%Ft%
pause
goto Correr

:ListaXDaCT
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0} Documentos
%Arc% %Cuarp%\Lista.txt
DEL /F/Q "%Cuarp%\Documentos\null"
dir /b /s %Cuarp%\Documentos > %Cuarp%\Lista.txt
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0}
%Limp%
Goto Cua

:Cua
%Init%
%Color%
%Titulo%
cls
%Ft%
%Ft% [ Cuarentena ]
%Ft% ______________________________________________________________________________
%Ft%
type %Cuarp%\Lista.txt
%Ft% ______________________________________________________________________________
%Ft%
%Ft% 1)Salir De Cuarentena 2)Sacar Un Archivo De Cuarentena 3)Limpiar Cuarentena
%Ft%
%Ft% 4)Actualizar Cuarentena ..
%Ft% ______________________________________________________________________________
set/p unidad21=Elija Una Opcion:
if %unidad21%== 1 goto Correr
if %unidad21%== 2 goto Quee
if %unidad21%== 3 goto LimpCua
if %unidad21%== 4 goto ListaXDaCT
Goto Cua

:Quee
%Init%
%Color%
%Titulo%
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0} Documentos
cls
%Ft%
%Ft% [ Cuarentena ]
%Ft% ______________________________________________________________________________
%Ft%
type %Cuarp%\Lista.txt
%Ft% ______________________________________________________________________________
set /p var=Escriba El Nombre Del Archivo:
move /y "%Cuarp%\Documentos\%var%" "%USERPROFILE%\Desktop\%var%" >NUL 2>&1
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0}
Goto Listo

:Listo
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ El Archivo %var% Se Ha Desencriptado y Se a movido Al Escritorio ]
%Ft% ______________________________________________________________________________
pause
Goto Cua

:LimpCua
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0} Documentos
%Arc% %Cuarp%\Documentos\*.*
%Arc% %Cuarp%\Lista.txt
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0}
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Su Cuarentena Se Ha Limpiado Con Exito .. ]
%Ft% ______________________________________________________________________________
pause
%Limp%
Goto Correr

:a
%Init%
%Color%
%Titulo%
IF NOT EXIST %SYS32%\tasklist.exe GOTO :Sb23
TASKLIST /FO CSV /NH 2>NUL|FIND /I ".exe">"%Esc3%\ProcesosDetenidos"
FINDSTR /IVG:"%Esc2%\Procesos.cfg" "%Esc3%\ProcesosDetenidos"
2>NUL>"%Esc3%\Datos_De_Procesos_Detenidos"
"%SED%" "s/\.[EeXx].*/\.exe/g;s/^.//"
"%Esc3%\Datos_De_Procesos_Detenidos">"%Esc3%\ProcesosDetenidos"
IF NOT EXIST %SYS32%\taskkill.exe (
for /f "usebackq delims=" %%i in ("%Esc3%\ProcesosDetenidos") do (
"%NIRCMD%" KILLPROCESS "%%i" >NUL 2>&1
)
) ELSE (
for /f "usebackq delims=" %%i in ("%Esc3%\ProcesosDetenidos") do (
TASKKILL /F /IM "%%i" >NUL 2>&1
)
)
:Sb23
%Limp%
::XDD
set band= FALSE
%Ft%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Unidades Conectadas.. ]
for %%i in (B C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
if exist %%i:\ (
if %%i: NEQ %systemdrive% (
set band= TRUE
%Ft%
%Ft% [ %%i: ] )))
%Ft%
if %band% EQU FALSE ( goto Error_Exit )
%Ft% ______________________________________________________________________________
%Ft%
set/p unidad=Escriba La Letra De La Unidad^>

::Empesando Desicfeccion De Unidades


REM ~~~~~~~~~~~~~~~~~~~~~~~~>
Attrib -r -a -s -h %unidad%:\*.* /s /d
IF NOt EXIST %unidad%:/ goto ErrorUnidad

set virus=0

REN "%appdata%\Datos_Cp\Cuarentena"\Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0} Documentos

if exist %unidad%:\*.lnk del %unidad%:\*.lnk

if exist %unidad%:\"ÿ" ren %unidad%:\"ÿ" "Archivos_Recuperados" & msg Aviso Se


Borro Un Virus Que Ocultaba Tus Datos Pero Se Recuperaron y Se Moviero a Una
Carpeta Llamada: Archivos_Recuperados ..
if exist "%unidad%:\Archivos_Recuperados" del "%unidad
%:\Archivos_Recuperados\*.ini"

for %%i in (
"%unidad%:\Archivos_Recuperados\*.lnk"
"%unidad%:\Archivos_Recuperados\*.sys"
"%unidad%:\Archivos_Recuperados\*.1"
"%unidad%:\Archivos_Recuperados\*.2"
"%unidad%:\Archivos_Recuperados\*.gen"
"%unidad%:\Archivos_Recuperados\*.vbs"
"%unidad%:\Archivos_Recuperados\*.inf"
"%unidad%:\Archivos_Recuperados\*.001"
"%unidad%:\Archivos_Recuperados\49644L~1.*"
"%unidad%:\Autorun.inf.ini"
"%unidad%:\Autorun.inf.exe"
"%unidad%:\Autorun.exe.inf"
"%unidad%:\Autorun.exe"
"%unidad%:\Autorun.ini"
"%unidad%:\desktop.ini"
"%unidad%:\desktop.ini.inf"
"%unidad%:\desktop.exe"
"%unidad%:\desktop.exe.inf"
"%unidad%:\49644L~1.*"
"%unidad%:\SysDrivers.vbs"
"%unidad%:\crypted.vbs"
"%unidad%:\autoexe.bat"
"%unidad%:\autoexec.bat"
"%unidad%:\autoexec.vbs"
"%unidad%:\autoexe.vbs"
"%unidad%:\v5.vbs"
"%unidad%:\COOL.vbs"
"%unidad%:\Mugen.*"
"%unidad%:\COOLS.vbs"
"%unidad%:\*.sys"
"%unidad%:\*.001"
"%unidad%:\*.xxl"
"%unidad%:\*.db"
"%unidad%:\*.gen"
"%unidad%:\*.tmp"
"%unidad%:\*.pptx"
"%unidad%:\*.shs"
"%unidad%:\*.scn"
"%unidad%:\1.bat"
"%unidad%:\todo\*.sys"
"%unidad%:\todo\*.001"
"%unidad%:\todo\*.xxl"
"%unidad%:\todo\*.db"
"%unidad%:\todo\*.gen"
"%unidad%:\todo\*.tmp"
"%unidad%:\todo\*.pptx"
"%unidad%:\todo\*.shs"
"%unidad%:\todo\*.scn"
"%unidad%:\todo\1.bat"
"%unidad%:\todo\*.vbs"
"%unidad%:\virus\*.sys"
"%unidad%:\virus\*.001"
"%unidad%:\virus\*.xxl"
"%unidad%:\virus\*.db"
"%unidad%:\virus\*.gen"
"%unidad%:\virus\*.tmp"
"%unidad%:\virus\*.pptx"
"%unidad%:\virus\*.shs"
"%unidad%:\virus\*.scn"
"%unidad%:\virus\1.bat"
"%unidad%:\virus\*.vbs"
"%unidad%:\Nueva carpeta (2)\*.inf
"%unidad%:\Nueva carpeta (2)\*.ini
"%unidad%:\Nueva carpeta (2)\*.init
"%unidad%:\Nueva carpeta (2)\*.vbs
"%unidad%:\Nueva carpeta (2)\*.bat
"%unidad%:\Nueva carpeta (2)\*.reg
"%unidad%:\Nueva carpeta\*.inf
"%unidad%:\Nueva carpeta\*.ini
"%unidad%:\Nueva carpeta\*.init
"%unidad%:\Nueva carpeta\*.vbs
"%unidad%:\Nueva carpeta\*.bat
"%unidad%:\Nueva carpeta\*.reg
"%unidad%:\8585485\*.exe"
"%unidad%:\8585485\*.ini"
"%unidad%:\8585485\*.init"
"%unidad%:\8585485\*.inf"
"%unidad%:\8585485\*.vbs"
"%unidad%:\*.init"
"%unidad%:\ice\fire\*.ini"
"%unidad%:\ice\fire\*.init"
"%unidad%:\ice\fire\*.inf"
"%unidad%:\ice\fire\*.vbs"
"%unidad%:\ice\fire\*.exe"
"%unidad%:\ice\fire\*.bat"
"%unidad%:\Removable\Device\*.ini"
"%unidad%:\Removable\Device\*.init"
"%unidad%:\Removable\Device\*.inf"
"%unidad%:\Removable\Device\*.vbs"
"%unidad%:\Removable\Device\*.exe"
"%unidad%:\hal.dll"
"%unidad%:\hall.dll"
"%unidad%:\lol.vbs"
) DO (
IF EXIST %%i (
set /a virus+=1 %%i >NUL 2>&1
%Arc% %%i >NUL 2>&1
IF EXIST %%i ( ECHO(Error Al Eliminar: %%i ^(Virus^)>>"%Esc
%\Reporte_Usb.txt" ) ELSE ( ECHO(Eliminado Con Exito: %%i ^(Virus^)>>"%Esc
%\Reporte_Usb.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Basedb%\DataBase.Pr") do (
DIR "%unidad%:\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
%Arc% "%unidad%:\%%i" >NUL 2>&1
DIR "%unidad%:\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%unidad%:\%%i" ^(Virus^)>>"%Esc
%\Reporte_Usb.txt" ) ELSE ( ECHO(Error Al Eliminar: "%unidad%:\%%i"
^(Virus^)>>"%Esc%\Reporte_Usb.txt" )
)
)
for %%i in (
"%unidad%:\$RECYCLE.BIN"
"%unidad%:\System Volume Information"
"%unidad%:\RESYCLER"
"%unidad%:\RESTORE"
"%unidad%:\RECYCLED"
"%unidad%:\RESYCLED"
"%unidad%:\CONFIG"
"%unidad%:\.Trashes"
"%unidad%:\VOLUME"
"%unidad%:\TEMP"
"%unidad%:\FOUND.000"
"%unidad%:\MS.CONFIG"
"%unidad%:\sysusb"
"%unidad%:\UNUCI"
"%unidad%:\RECYCLER"
"%unidad%:\RECYCLE"
"%unidad%:\RECYCLER32"
"%unidad%:\qazwsx"
"%unidad%:\pera"
"%unidad%:\HOJIJOJ"
"%unidad%:\DrivesGuideInfo"
"%unidad%:\8585485"
"%unidad%:\ice\fire"
"%unidad%:\ice"
"%unidad%:\Removable\Device"
"%unidad%:\Removable"
) DO (
IF EXIST %%i (
set /a virus+=1 %%i >NUL 2>&1
%Carp% %%i >NUL 2>&1
IF EXIST %%i ( ECHO(Error Al Eliminar: %%i ^(Carpeta^)>>"%Esc
%\Reporte_Usb.txt" ) ELSE ( ECHO(Eliminado Con Exito: %%i ^(Carpeta^)>>"%Esc
%\Reporte_Usb.txt" )
)
)

:: Archivos Sospechosos En Usb autorun.inf


for %%i in (
"%unidad%:\Autorun.inf"
"%unidad%:\Autorun.1"
) DO (
IF EXIST %%i (
set /a virus+=1 %%i >NUL 2>&1
move /y "%%i" "%Cuarp%\Documentos" >NUL 2>&1
IF EXIST %%i ( ECHO(Error Al Mover a Cuarentena: %%i
^(Sospechoso^)>>"%Esc%\Reporte_Usb.txt" ) ELSE ( ECHO(Movido a Cuarentena: %%i
^(Sospechoso^)>>"%Esc%\Reporte_Usb.txt" )
)
)

cd %Cuarp%
dir /b /s %Cuarp%\Documentos > %Cuarp%\Lista.txt
DEL /F/Q "%Cuarp%\Documentos\null"
::EncriptandoXD
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0}

::Analizis Terminado ..
%Init%
%Color%
%Titulo%
%Limp%
%Ft%
%Ft% _________________________________________________________________________
%Ft%
%Ft% [Analizis Terminado]
%Ft%
%Ft% Amenazas Encontrados %virus%
%Ft% _________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Crear Un Reporte ..
pause>null
%Limp%

::Creando Reporte
%Limp%
Set R_Malwares="%Esc%\Reporte_Usb.txt"
Set /a _LinesM=0
For /f %%j in ('Type %R_Malwares% 2^>nul^|Find "" /v /c') Do Set /a _LinesM=%%j
echo.>>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
ECHO(Virus En El Dispocitivo^: %_LinesM% >>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
IF EXIST "%Esc%\Reporte_Usb.txt" (
SORT "%Esc%\Reporte_Usb.txt" /O "%Esc%\Reporte_Usb_T.txt" >NUL 2>&1
type "%Esc%\Reporte_Usb_T.txt">>"%Esc%\R_REPORT.txt"
)
echo.>>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
COPY /Y "%Esc%\R_REPORT.txt" "%Esc3%\Reporte_Data\Reporte_Dispocitivo.txt" >NUL
2>&1
%Limp%
%Init%
%Color%
%Titulo%
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Reporte Creado .. ]
%Ft%
%Ft% [ Presione Una Tecla Para Ver Su Reporte .. ]
%Ft%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Para Continuar ..
pause>null
%Limp%
@mode con cols=200 lines=100
Goto UsbLp

:UsbLp
%Init%
%Color%
%Titulo%
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
type %appdata%\Datos_Cp\Reporte_Usb.txt
%Ft% ______________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Para Continuar ..
pause>null
DEL /F/Q "%appdata%\Datos_Cp\*.txt"
Goto CargandoProyecto

:c
::Virus De Inicio De Windows 7
REM ~~~~~~~~~~~~~~~~~~~~~~~~>
%Init%
%Color%
%Titulo%
set/a x= 0+0
IF NOT EXIST %SYS32%\tasklist.exe GOTO :Sb23
TASKLIST /FO CSV /NH 2>NUL|FIND /I ".exe">"%Esc3%\ProcesosDetenidos"
FINDSTR /IVG:"%Esc2%\Procesos.cfg" "%Esc3%\ProcesosDetenidos"
2>NUL>"%Esc3%\Datos_De_Procesos_Detenidos"
"%SED%" "s/\.[EeXx].*/\.exe/g;s/^.//"
"%Esc3%\Datos_De_Procesos_Detenidos">"%Esc3%\ProcesosDetenidos"
IF NOT EXIST %SYS32%\taskkill.exe (
for /f "usebackq delims=" %%i in ("%Esc3%\ProcesosDetenidos") do (
"%NIRCMD%" KILLPROCESS "%%i" >NUL 2>&1
)
) ELSE (
for /f "usebackq delims=" %%i in ("%Esc3%\ProcesosDetenidos") do (
TASKKILL /F /IM "%%i" >NUL 2>&1
)
)
:Sb23
%Limp%

IF NOT EXIST %SYS32%\reg.exe GOTO :Tasks


REG QUERY "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V
APPINIT_DLLs 2>NUL>"%Esc3%\App_inicial"
if %ARCH%==x64 (
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows"
/V APPINIT_DLLs 2>NUL>>"%Esc3%\App_inicial"
)
FINDSTR /V "REG.EXE REG_MULTI_SZ" "%Esc3%\App_inicial" 2>NUL>"%Esc3%\App_inicial2"
FC "%Esc3%\App_inicial2" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Logon_0 )
FINDSTR /IG:"%Rp1%\Aplicasiones_ini.Win" "%Esc3%\App_inicial2"
2>NUL>"%Esc3%\App_inicial_T"
FC "%Esc3%\App_inicial_T" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Logon_0 )
IF %ARCH%==x64 (
REG ADD "HKLM\Software\Wow6432Node\Microsoft\Windows
NT\CurrentVersion\Windows" /V APPINIT_DLLs /d "" /F >NUL 2>&1
ECHO(Reparado Con Exito: HKLM\Software\Wow6432Node\Microsoft\Windows
NT\CurrentVersion\Windows\\APPINIT_DLLs ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt.txt"
)
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V APPINIT_DLLs
/d "" /F >NUL 2>&1
ECHO(Reparado Con Exito: HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Windows\\APPINIT_DLLs ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt.txt"
:Logon_0
REG QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run
2>NUL>"%Esc3%\Ini_Regedit"
REG QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
2>NUL>>"%Esc3%\Ini_Regedit"
REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Run
2>NUL>>"%Esc3%\Ini_Regedit"
if %ARCH%==x64 (
REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
2>NUL>>"%Esc3%\Ini_Regedit"
)
FC "%Esc3%\Ini_Regedit" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Tasks )
"%SED%" "/^\s*$/d" "%Esc3%\Ini_Regedit">"%Esc3%\Ini_Regedit2"
FINDSTR "REG_SZ" "%Esc3%\Ini_Regedit2">"%Esc3%\Ini_Regedit"
SORT "%Esc3%\Ini_Regedit" 2>NUL|"%UNIQ%">"%Esc3%\Ini_Regedit2"
"%SED%" "s/^....//;s/REG_SZ.*//g;s/\s*$//g"
"%Esc3%\Ini_Regedit2">"%Esc3%\Ini_Regedit"
"%GREP%" -i -P "^\w+_\w{2} browser plugin (loader|loader 64)$|^\w+ search scope
monitor$|^\w+ EPM Support$|^\w+ AppIntegrator (32|64)-bit$|
^ConduitFloatingPlugin_.*|^GoogleChromeAutoLaunch_.*|^SaferAutoLaunch_.*|
^shopperz\d{5,}$|^groover\d{5,}$|^firstOffer\d{5,}$|^[a-z]{3,6}_[a-z]{2}_\d{2,9}$|
^tmp[0-9A-F]{4}$|^updater\d{5}$|^[0-9a-f]{32}$|^\d{8}$|^[a-z]{1}utoauto$|^ ?
maintance$|^ ?qqpctray$|^sun\d{1}$" "%Esc3%\Ini_Regedit"
2>NUL>"%Esc3%\Ini_Regedit_H"
"%GREP%" -i -x -f "%Rp1%\Evaluador_Regedit_Run.Dat" "%Esc3%\Ini_Regedit"
2>NUL>>"%Esc3%\Ini_Regedit_H"
FC "%Esc3%\Ini_Regedit_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Tasks )
SORT "%Esc3%\Ini_Regedit_H" 2>NUL|"%UNIQ%">"%Esc3%\Ini_Regedit_T"
for /f "usebackq delims=" %%i in ("%Esc3%\Ini_Regedit_T") do (
REG QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V "%%i" /F >NUL
2>&1
REG QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar:
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /V "%%i" >NUL
2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /V "%%i" /F
>NUL 2>&1
REG QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar:
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /V "%%i"
>NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /V "%
%i" /F >NUL 2>&1
REG QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /V "%
%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\%%i" ^(Evaluador
Del Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar:
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\%%i" ^(Evaluador
Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V "%%i" /F >NUL
2>&1
REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar:
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
)
:Tasks
%Limp%
DIR /B/A:-D "%TASKS%\*.JOB" 2>NUL>"%Esc3%\TASKS"
FINDSTR /IVG:"%Rp1%\Procesos_Kill2.Win" "%Esc3%\TASKS" 2>NUL>"%Esc3%\ProcesosXD"
FC "%Esc3%\ProcesosXD" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Tasks_0 )
"%GREP%" -P "^\d{4}avUpdateInfo.*\.job$|^newSI_\d{1,5}\.job$|^At\d{1,4}\.job$|
^\d{4}tb_RML\.job$|^ava[a-z]{1}v[a-z]{2}(v|x|y)[a-z]{1,3}\.job$|^bvxv[a-z]{1}(v|x)
[a-z]{1,3}\.job$|^[A-Z]{16}\.job$|^[A-Z]{5,10}1\.job$|^[A-Z]{10}\.job$|^0$\.job|
^MS\.job$|^blockerpro\.job$|^Security Center Update - \d{9,}\.job$|^GoogleUp\.job$|
^impo\.job$|^win\.job$|^import\.job$|^Googleuptodate\.job$|^Google Update\.job$|
^EssentialUpdateMachine\.job$|^Lanwifi\.job$|^Systemhi\.job$|^rdf\d{4}\.job$|
^RunAtStartup\.job$|^[A-Za-z]{10,}V2\.job$|^sys\.job$|^patch1\.job$"
"%Esc3%\ProcesosXD" 2>NUL>"%Esc3%\TASKS_H"
"%GREP%" -i -P "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]
{12}-\d{1,}.*\.job$" "%Esc3%\ProcesosXD" 2>NUL>>"%Esc3%\TASKS_H"
"%GREP%" -i -f "%Rp1%\Procesos_Kill.Win" "%Esc3%\ProcesosXD"
2>NUL>>"%Esc3%\TASKS_H"
FC "%Esc3%\Procesos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Tasks_0 )
SORT "%Esc3%\Procesos_H" 2>NUL|"%UNIQ%">"%Esc3%\Procesos_T"
for /f "usebackq delims=" %%i in ("%Esc3%\Procesos_T" ) do (
DEL /F/Q "%TASKS%\%%i" >NUL 2>&1
IF EXIST "%TASKS%\%%i" ( ECHO(Error Al Eliminar: "%TASKS%\%%i" ^(Proceso Con
Inicio De Windows^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: "%TASKS
%\%%i" ^(Proceso Con Inicio De Windows^)>>"%Esc%\Malware.txt" )
)
:Tasks_0
ECHO %OS%|FIND "Windows XP" >NUL
IF %ERRORLEVEL% EQU 0 ( GOTO :Services )
IF NOT EXIST %SYS32%\schtasks.exe GOTO :Services
DIR /B/A:-D "%SYS32%\Tasks" 2>NUL>"%Esc3%\SysProcesos"
FINDSTR /IVG:"%Rp1%\Procesos_Kill2.Win" "%Esc3%\SysProcesos"
2>NUL>"%Esc3%\SYSProcesosXD"
FC "%Esc3%\SYSProcesosXD" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Services )
"%GREP%" -P "^\d{4}avUpdateInfo.*|^newSI_\d{1,5}$|^At\d{1,4}$|^\d{4}tb_RML$|^ava[a-
z]{1}v[a-z]{2}(v|x|y)[a-z]{1,3}$|^bvxv[a-z]{1}(v|x)[a-z]{1,3}$|^[A-Z]{16}$|^[A-Z]
{5,10}1$|^[A-Z]{10}$|^0$|^MS$|^blockerpro$|^Security Center Update - \d{9,}$|
^GoogleUp$|^impo$|^win$|^import$|^Googleuptodate$|^Google Update$|
^EssentialUpdateMachine$|^Lanwifi$|^Systemhi$|^rdf\d{4}$|^RunAtStartup$|^[A-Za-z]
{10,}V2$|^sys$|^patch1$" "%Esc3%\SYSProcesosXD">"%Esc3%\SysProcesos_H"
"%GREP%" -i -P "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]
{12}-\d{1,}.*" "%Esc3%\SYSProcesosXD">>"%Esc3%\SysProcesos_H"
"%GREP%" -i -f "%Rp1%\Procesos_Kill.Win"
"%Esc3%\SYSProcesosXD">>"%Esc3%\SysProcesos_H"
FC "%Esc3%\SysProcesos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Services )
SORT "%Esc3%\SysProcesos_H" 2>NUL|"%UNIQ%">"%Esc3%\SysProcesos_T"
for /f "usebackq delims=" %%i in ("%Esc3%\SysProcesos_T" ) do (
SCHTASKS /DELETE /TN "%%i" /F >NUL 2>&1
ECHO(Eliminado Con Exito: "%SYS32%\Tasks\%%i" ^(Proceso Con Inicio De
Windows^)>>"%Esc%\Malware.txt"
)
:Services

::EmpesandoXD
REM ~~~~~~~~~~~~~~~~~~~~~~~~>
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0} Documentos
%Limp%
%Ft% _________________________________________________________________________
%Ft%
%Ft% [ Buscando Virus En El Systema ] Por Favor Espere ..
%Ft% _________________________________________________________________________
%Ft%
for %%i in (
"%locallow%\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
"%locallow%\skwconfig.bin"
"%pubdocs%\updator.exe"
"%pubdocs%\windows.exe"
"%public%\asr.dat"
"%syswow64%\fap????.tmp"
"%syswow64%\ren????.tmp"
"%syswow64%\roboot*"
"%syswow64%\sho????.tmp"
"%syswow64%\votprx*"
"%syswow64%\xenwul*"
"%programw6432%\nsprotector.js"
"%syswow64%\adbcnsl.exe"
"%syswow64%\basementdusteroff.ini"
"%syswow64%\bh.dll"
"%syswow64%\brrotate.dll"
"%syswow64%\conduitengine.tmp"
"%syswow64%\crtdll32.exe"
"%syswow64%\dcadssuggest.dll"
"%syswow64%\dds_trash_log.cmd"
"%syswow64%\dmwu.exe"
"%syswow64%\drivers\adip58209xxc.sys"
"%syswow64%\drivers\alaperformance.ini"
"%syswow64%\drivers\dgsafe.sys"
"%syswow64%\drivers\eventlogman32.exe"
"%syswow64%\drivers\kvn398nryw.exe"
"%syswow64%\drivers\msconfigvm.exe"
"%syswow64%\drivers\ndsvmaheklaiea32r3.sys"
"%syswow64%\drivers\nkbyrnkdaklsys462.sys"
"%syswow64%\drivers\nvacyu3258b.exe"
"%syswow64%\drivers\rdtvdaslgmmsb32.sys"
"%syswow64%\drivers\svchost.exe"
"%syswow64%\drivers\sysdriver32l.exe"
"%syswow64%\drivers\tsskx64.sys"
"%syswow64%\drivers\umdf\en-us\eventlogman32.exe"
"%syswow64%\drivers\umdf\profileconfig2.exe"
"%syswow64%\drivers\wndvrt64.sys"
"%syswow64%\f3pssavr.scr"
"%syswow64%\findit.xml"
"%syswow64%\fsearchbar.dll"
"%syswow64%\funshion.ini"
"%syswow64%\gambali.dll"
"%syswow64%\get.dat"
"%syswow64%\gfiltersvc.exe"
"%syswow64%\hfnapi.dll"
"%syswow64%\hfpapi.dll"
"%syswow64%\imhttpcomm.dll"
"%syswow64%\lnsecsl.exe"
"%syswow64%\nethtsrv.exe"
"%syswow64%\netupdsrv.exe"
"%syswow64%\notepad8.dll"
"%syswow64%\nsx37.dll"
"%syswow64%\p5pssavr.scr"
"%syswow64%\pio12.dll"
"%syswow64%\protector.dll"
"%syswow64%\registryhelperlm.ocx"
"%syswow64%\rqono.dll"
"%syswow64%\spads.dll"
"%syswow64%\webmons.dll"
"%syswow64%\wstart.dll"
"%syswow64%\x64.txt"
"%syswow64%\xmlprovi0.dll"
"%syswow64%\yealt.dll"
"%syswow64%\ysdzac23.dll"
"%syswow64%\yuotubedownloader.xpi"
"%sys32%\000?????.tmp"
"%sys32%\cpuminer-*"
"%sys32%\drivers\msft_kernel_webtinstmktn*.wdf"
"%sys32%\drivers\webtinstmktn*.sys"
"%sys32%\ocl????.tmp"
"%sys32%\rad?????.tmp"
"%sys32%\ren????.tmp"
"%sys32%\roboot*"
"%sys32%\sho????.tmp"
"%sys32%\votprx*"
"%sys32%\xenwul*"
"%STARTUP%\49644L~1.EXE"
"%temp%\49644L~1.EXE"
"%STARTUP%\dllhost.exe"
"%STARTUP%\dllhost(1).exe"
"%STARTUP%\dllhost(2).exe"
"%STARTUP%\dllhost(3).exe"
"%STARTUP%\dllhost - copia.exe"
"%STARTUP%\dllhost - copia (1).exe"
"%STARTUP%\dllhost - copia (2).exe"
"%STARTUP%\dllhost - copia (3).exe"
"%STARTUP%\dllhost - copia (4).exe"
"%temp%\dllhost.exe"
"%STARTUP%\conhost.exe"
"%STARTUP%\conhost(1).exe"
"%STARTUP%\conhost(2).exe"
"%STARTUP%\conhost(3).exe"
"%STARTUP%\conhost - copia.exe"
"%STARTUP%\conhost - copia (1).exe"
"%STARTUP%\conhost - copia (2).exe"
"%STARTUP%\conhost - copia (3).exe"
"%STARTUP%\conhost - copia (4).exe"
"%temp%\conhost.exe"
"%STARTUP%\Ati2evxx.exe"
"%STARTUP%\Ati2evxx(1).exe"
"%STARTUP%\Ati2evxx(2).exe"
"%STARTUP%\Ati2evxx(3).exe"
"%STARTUP%\Ati2evxx - copia.exe"
"%STARTUP%\Ati2evxx - copia (1).exe"
"%STARTUP%\Ati2evxx - copia (2).exe"
"%STARTUP%\Ati2evxx - copia (3).exe"
"%STARTUP%\Ati2evxx - copia (4).exe"
"%allusersprofile%\*detectpcmgrdllex*"
"%allusersprofile%\sectaskman\*safeguard*"
"%allusersprofile%\spl????.tmp"
"%allusersprofile%\system32\*safeguard*"
"%allusersprofile%\trz????.tmp"
"%appdata%\*.boostrap.log"
"%appdata%\*.installation.log"
"%appdata%\appdata*.bin"
"%appdata%\fe????.tmp"
"%drm%\??.tmp"
"%drm%\????.tmp"
"%drm%\????.tmp.dat"
"%locala%\*_uninst.exe"
"%locala%\*ns*.tmp*"
"%locala%\funmoods*"
"%locala%\google\chrome\user data\default\ext_*"
"%locala%\mysearchdial*"
"%locala%\volity.exe*"
"%locala%\windowssys*.exe"
"%programfiles%\gum????.tmp"
"%programfiles%\gut????.tmp"
"%programfiles%\mozilla firefox\browser\defaults\preferences\!vitruvian-*"
"%programfiles%\mozilla firefox\browser\searchplugins\*.js"
"%programfiles%\mozilla firefox\vitruvian-*"
"%programfiles%\svchost.exe"
"%public%\trz????.tmp"
"%systemdrive%\a\????????.bat"
"%systemdrive%\a\????????????????????.exe"
"%systemdrive%\a\internetport*.exe"
"%systemdrive%\users\default\trz???.tmp"
"%systemdrive%\users\default\trz????.tmp"
"%temp%\vitruvian-installer-*"
"%userprofile%\trz????.tmp"
"%windir%\allpcoptimizer*"
"%windir%\prefetch\*24x7*.pf"
"%windir%\prefetch\*babylon*.pf"
"%windir%\prefetch\*lyrics*.pf"
"%windir%\prefetch\*optimizer*.pf"
"%windir%\prefetch\*toolbar*.pf"
"%windir%\prefetch\apnstub*.pf"
"%windir%\prefetch\ask*.pf"
"%windir%\prefetch\barbroker*.pf"
"%windir%\prefetch\dealply*.pf"
"%windir%\prefetch\driver*.pf"
"%windir%\prefetch\handlebrowser*.pf"
"%windir%\prefetch\hao123*.pf"
"%windir%\prefetch\kmp3*.exe*.pf"
"%windir%\prefetch\speedup*.pf"
"%windir%\prefetch\v9*.exe*.pf"
"%sys32%\${logfile}"
"%sys32%\adpeakproxy64.dll"
"%sys32%\basementdusteroff.ini"
"%sys32%\bh.dll"
"%sys32%\br media player.exe"
"%sys32%\brrotate.dll"
"%sys32%\codecs\updatechecker.exe"
"%sys32%\conduitengine.tmp"
"%sys32%\crtdll32.exe"
"%sys32%\dcadssuggest.dll"
"%sys32%\dds_trash_log.cmd"
"%sys32%\dmwu.exe"
"%sys32%\drivers\adpeakwfp64.sys"
"%sys32%\drivers\askprotect64.sys"
"%sys32%\drivers\blnetfilter.sys"
"%sys32%\drivers\bsdriver.sys"
"%sys32%\drivers\cherimoya.sys"
"%sys32%\drivers\contentdefenderdrv.sys"
"%sys32%\drivers\cygwin.sys"
"%sys32%\drivers\dgsafe.sys"
"%sys32%\drivers\filehiders.sys"
"%sys32%\drivers\fp.sys"
"%sys32%\drivers\gfilterdrv.sys"
"%sys32%\drivers\healusb.sys"
"%sys32%\drivers\isafenetfilter.sys"
"%sys32%\drivers\ncuponsdrv.sys"
"%sys32%\drivers\netfilter.sys"
"%sys32%\drivers\netfilter64.sys"
"%sys32%\drivers\nethfdrv.sys"
"%sys32%\drivers\nscp_cnb.sys"
"%sys32%\drivers\qknfd.sys"
"%sys32%\drivers\sdfhgdf.sys"
"%sys32%\drivers\sppd.sys"
"%sys32%\drivers\ssnfd.sys"
"%sys32%\drivers\swdumon.sys"
"%sys32%\drivers\tammgf119.sys"
"%sys32%\drivers\tammgr119.sys"
"%sys32%\drivers\taoaccelerator64.sys"
"%sys32%\drivers\taokernel64.sys"
"%sys32%\drivers\tfsfltx64.sys"
"%sys32%\drivers\udieo120.sys"
"%sys32%\drivers\votw864.sys"
"%sys32%\drivers\windivert64.sys"
"%sys32%\drivers\winpacket.pac"
"%sys32%\drivers\xieca120.sys"
"%sys32%\express\explorer.exe"
"%sys32%\ezsp_px.exe"
"%sys32%\f3pssavr.scr"
"%sys32%\fsearchbar.dll"
"%sys32%\funshion.ini"
"%sys32%\gfiltersvc.exe"
"%sys32%\grouppolicy\machine\r"
"%sys32%\grouppolicy\user\scripts\logon\appletide.exe"
"%sys32%\hfnapi.dll"
"%sys32%\hfpapi.dll"
"%sys32%\imhttpcomm.dll"
"%sys32%\kbdmai.dll"
"%sys32%\mrvcl32.exe"
"%sys32%\nethtsrv.exe"
"%sys32%\netupdsrv.exe"
"%sys32%\newsoft"
"%sys32%\nsx37.dll"
"%sys32%\pio12.dll"
"%sys32%\protector.dll"
"%sys32%\rqono.dll"
"%sys32%\sasnative32.exe"
"%sys32%\sasnative64.exe"
"%sys32%\spads.dll"
"%sys32%\windowspowershell\taskprocess.exe"
"%sys32%\wscm32.dll"
"%sys32%\wscm64.dll"
"%sys32%\wstart.dll"
"%sys32%\xmlprovi0.dll"
"%sys32%\yealt.dll"
"%sys32%\ysdzac23.dll"
"%sys32%\ysxja.exe"
"%sys32%\yuotubedownloader.xpi"
"%temp%\Ati2evxx.exe"
"%temp%\Cookies\index.dat"
"%temp%\Temporary Internet Files\Content.IE5\index.dat"
"%temp%\Temporary Internet Files\Content.IE5\desktop.ini"
"%Wxps%\imvu.lnk"
"%appdata%\Scripter.exe"
"%Wxps%\SysDrivers.vbs"
"%Wxps%\SysDrivers(1).vbs"
"%Wxps%\SysDrivers(2).vbs"
"%Wxps%\SysDrivers(3).vbs"
"%Wxps%\SysDrivers - copia.vbs"
"%Wxps%\SysDrivers - copia (1).vbs"
"%Wxps%\SysDrivers - copia (2).vbs"
"%Wxps%\SysDrivers - copia (3).vbs"
"%Wxps%\SysDrivers - copia (4).vbs"
"%Wxps%\MataVirus.vbs"
"%Wxps%\MataVirus(1).vbs"
"%Wxps%\MataVirus(2).vbs"
"%Wxps%\MataVirus(3).vbs"
"%Wxps%\MataVirus - copia.vbs"
"%Wxps%\MataVirus - copia (1).vbs"
"%Wxps%\MataVirus - copia (2).vbs"
"%Wxps%\MataVirus - copia (3).vbs"
"%Wxps%\MataVirus - copia (4).vbs"
"%Wxps%\MataViru.vbs"
"%Wxps%\MataViru(1).vbs"
"%Wxps%\MataViru(2).vbs"
"%Wxps%\MataViru(3).vbs"
"%Wxps%\MataViru - copia.vbs"
"%Wxps%\MataViru - copia (1).vbs"
"%Wxps%\MataViru - copia (2).vbs"
"%Wxps%\MataViru - copia (3).vbs"
"%Wxps%\MataViru - copia (4).vbs"
"%Wxps%\Virus.vbs"
"%Wxps%\Virus(1).vbs"
"%Wxps%\Virus(2).vbs"
"%Wxps%\Virus(3).vbs"
"%Wxps%\Virus - copia.vbs"
"%Wxps%\Virus - copia (1).vbs"
"%Wxps%\Virus - copia (2).vbs"
"%Wxps%\Virus - copia (3).vbs"
"%Wxps%\Virus - copia (4).vbs"
"%Wxps%\Viru.vbs"
"%Wxps%\Viru(1).vbs"
"%Wxps%\Viru(2).vbs"
"%Wxps%\Viru(3).vbs"
"%Wxps%\Viru - copia.vbs"
"%Wxps%\Viru - copia (1).vbs"
"%Wxps%\Viru - copia (2).vbs"
"%Wxps%\Viru - copia (3).vbs"
"%Wxps%\Viru - copia (4).vbs"
"%Wxps%\autorun.vbs"
"%Wxps%\autorun(1).vbs"
"%Wxps%\autorun(2).vbs"
"%Wxps%\autorun(3).vbs"
"%Wxps%\autorun - copia.vbs"
"%Wxps%\autorun - copia (1).vbs"
"%Wxps%\autorun - copia (2).vbs"
"%Wxps%\autorun - copia (3).vbs"
"%Wxps%\autorun - copia (4).vbs"
"%Wxps%\Malwares.vbs"
"%Wxps%\Malwares(1).vbs"
"%Wxps%\Malwares(2).vbs"
"%Wxps%\Malwares(3).vbs"
"%Wxps%\Malwares - copia.vbs"
"%Wxps%\Malwares - copia (1).vbs"
"%Wxps%\Malwares - copia (2).vbs"
"%Wxps%\Malwares - copia (3).vbs"
"%Wxps%\Malwares - copia (4).vbs"
"%Wxps%\Malware.vbs"
"%Wxps%\Malware(1).vbs"
"%Wxps%\Malware(2).vbs"
"%Wxps%\Malware(3).vbs"
"%Wxps%\Malware - copia.vbs"
"%Wxps%\Malware - copia (1).vbs"
"%Wxps%\Malware - copia (2).vbs"
"%Wxps%\Malware - copia (3).vbs"
"%Wxps%\Malware - copia (4).vbs"
"%Wxps%\iloveyou.vbs"
"%Wxps%\iloveyou(1).vbs"
"%Wxps%\iloveyou(2).vbs"
"%Wxps%\iloveyou(3).vbs"
"%Wxps%\iloveyou - copia.vbs"
"%Wxps%\iloveyou - copia (1).vbs"
"%Wxps%\iloveyou - copia (2).vbs"
"%Wxps%\iloveyou - copia (3).vbs"
"%Wxps%\iloveyou - copia (4).vbs"
"%Wxps%\MUGEN.vbs"
"%Wxps%\MUGEN(1).vbs"
"%Wxps%\MUGEN(2).vbs"
"%Wxps%\MUGEN(3).vbs"
"%Wxps%\MUGEN - copia.vbs"
"%Wxps%\MUGEN - copia (1).vbs"
"%Wxps%\MUGEN - copia (2).vbs"
"%Wxps%\MUGEN - copia (3).vbs"
"%Wxps%\MUGEN - copia (4).vbs"
"%Wxps%\MUGEM.vbs"
"%Wxps%\MUGEM(1).vbs"
"%Wxps%\MUGEM(2).vbs"
"%Wxps%\MUGEM(3).vbs"
"%Wxps%\MUGEM - copia.vbs"
"%Wxps%\MUGEM - copia (1).vbs"
"%Wxps%\MUGEM - copia (2).vbs"
"%Wxps%\MUGEM - copia (3).vbs"
"%Wxps%\MUGEM - copia (4).vbs"
"%Wxps%\.vbs"
"%Wxps%\MUGEM(1).vbs"
"%Wxps%\MUGEM(2).vbs"
"%Wxps%\MUGEM(3).vbs"
"%Wxps%\MUGEM - copia.vbs"
"%Wxps%\MUGEM - copia (1).vbs"
"%Wxps%\MUGEM - copia (2).vbs"
"%Wxps%\MUGEM - copia (3).vbs"
"%Wxps%\MUGEM - copia (4).vbs"
"%Wxps%\1.vbs"
"%Wxps%\1(1).vbs"
"%Wxps%\1(2).vbs"
"%Wxps%\1(3).vbs"
"%Wxps%\1 - copia.vbs"
"%Wxps%\1 - copia (1).vbs"
"%Wxps%\1 - copia (2).vbs"
"%Wxps%\1 - copia (3).vbs"
"%Wxps%\1 - copia (4).vbs"
"%Wxps%\v1.vbs"
"%Wxps%\v1(1).vbs"
"%Wxps%\v1(2).vbs"
"%Wxps%\v1(3).vbs"
"%Wxps%\v1 - copia.vbs"
"%Wxps%\v1 - copia (1).vbs"
"%Wxps%\v1 - copia (2).vbs"
"%Wxps%\v1 - copia (3).vbs"
"%Wxps%\v1 - copia (4).vbs"
"%Wxps%\2.vbs"
"%Wxps%\2(1).vbs"
"%Wxps%\2(2).vbs"
"%Wxps%\2(3).vbs"
"%Wxps%\2 - copia.vbs"
"%Wxps%\2 - copia (1).vbs"
"%Wxps%\2 - copia (2).vbs"
"%Wxps%\2 - copia (3).vbs"
"%Wxps%\2 - copia (4).vbs"
"%Wxps%\v2.vbs"
"%Wxps%\v2(1).vbs"
"%Wxps%\v2(2).vbs"
"%Wxps%\v2(3).vbs"
"%Wxps%\v2 - copia.vbs"
"%Wxps%\v2 - copia (1).vbs"
"%Wxps%\v2 - copia (2).vbs"
"%Wxps%\v2 - copia (3).vbs"
"%Wxps%\v2 - copia (4).vbs"
"%Wxps%\3.vbs"
"%Wxps%\3(1).vbs"
"%Wxps%\3(2).vbs"
"%Wxps%\3(3).vbs"
"%Wxps%\3 - copia.vbs"
"%Wxps%\3 - copia (1).vbs"
"%Wxps%\3 - copia (2).vbs"
"%Wxps%\3 - copia (3).vbs"
"%Wxps%\3 - copia (4).vbs"
"%Wxps%\v3.vbs"
"%Wxps%\v3(1).vbs"
"%Wxps%\v3(2).vbs"
"%Wxps%\v3(3).vbs"
"%Wxps%\v3 - copia.vbs"
"%Wxps%\v3 - copia (1).vbs"
"%Wxps%\v3 - copia (2).vbs"
"%Wxps%\v3 - copia (3).vbs"
"%Wxps%\v3 - copia (4).vbs"
"%Wxps%\4.vbs"
"%Wxps%\4(1).vbs"
"%Wxps%\4(2).vbs"
"%Wxps%\4(3).vbs"
"%Wxps%\4 - copia.vbs"
"%Wxps%\4 - copia (1).vbs"
"%Wxps%\4 - copia (2).vbs"
"%Wxps%\4 - copia (3).vbs"
"%Wxps%\4 - copia (4).vbs"
"%Wxps%\v4.vbs"
"%Wxps%\v4(1).vbs"
"%Wxps%\v4(2).vbs"
"%Wxps%\v4(3).vbs"
"%Wxps%\v4 - copia.vbs"
"%Wxps%\v4 - copia (1).vbs"
"%Wxps%\v4 - copia (2).vbs"
"%Wxps%\v4 - copia (3).vbs"
"%Wxps%\v4 - copia (4).vbs"
"%Wxps%\5.vbs"
"%Wxps%\5(1).vbs"
"%Wxps%\5(2).vbs"
"%Wxps%\5(3).vbs"
"%Wxps%\5 - copia.vbs"
"%Wxps%\5 - copia (1).vbs"
"%Wxps%\5 - copia (2).vbs"
"%Wxps%\5 - copia (3).vbs"
"%Wxps%\5 - copia (4).vbs"
"%Wxps%\v5.vbs"
"%Wxps%\v5(1).vbs"
"%Wxps%\v5(2).vbs"
"%Wxps%\v5(3).vbs"
"%Wxps%\v5 - copia.vbs"
"%Wxps%\v5 - copia (1).vbs"
"%Wxps%\v5 - copia (2).vbs"
"%Wxps%\v5 - copia (3).vbs"
"%Wxps%\v5 - copia (4).vbs"
"%Wxps%\6.vbs"
"%Wxps%\6(1).vbs"
"%Wxps%\6(2).vbs"
"%Wxps%\6(3).vbs"
"%Wxps%\6 - copia.vbs"
"%Wxps%\6 - copia (1).vbs"
"%Wxps%\6 - copia (2).vbs"
"%Wxps%\6 - copia (3).vbs"
"%Wxps%\6 - copia (4).vbs"
"%Wxps%\v6.vbs"
"%Wxps%\v6(1).vbs"
"%Wxps%\v6(2).vbs"
"%Wxps%\v6(3).vbs"
"%Wxps%\v6 - copia.vbs"
"%Wxps%\v6 - copia (1).vbs"
"%Wxps%\v6 - copia (2).vbs"
"%Wxps%\v6 - copia (3).vbs"
"%Wxps%\v6 - copia (4).vbs"
"%Wxps%\7.vbs"
"%Wxps%\7(1).vbs"
"%Wxps%\7(2).vbs"
"%Wxps%\7(3).vbs"
"%Wxps%\7 - copia.vbs"
"%Wxps%\7 - copia (1).vbs"
"%Wxps%\7 - copia (2).vbs"
"%Wxps%\7 - copia (3).vbs"
"%Wxps%\7 - copia (4).vbs"
"%Wxps%\v7.vbs"
"%Wxps%\v7(1).vbs"
"%Wxps%\v7(2).vbs"
"%Wxps%\v7(3).vbs"
"%Wxps%\v7 - copia.vbs"
"%Wxps%\v7 - copia (1).vbs"
"%Wxps%\v7 - copia (2).vbs"
"%Wxps%\v7 - copia (3).vbs"
"%Wxps%\v7 - copia (4).vbs"
"%Wxps%\8.vbs"
"%Wxps%\8(1).vbs"
"%Wxps%\8(2).vbs"
"%Wxps%\8(3).vbs"
"%Wxps%\8 - copia.vbs"
"%Wxps%\8 - copia (1).vbs"
"%Wxps%\8 - copia (2).vbs"
"%Wxps%\8 - copia (3).vbs"
"%Wxps%\8 - copia (4).vbs"
"%Wxps%\v8.vbs"
"%Wxps%\v8(1).vbs"
"%Wxps%\v8(2).vbs"
"%Wxps%\v8(3).vbs"
"%Wxps%\v8 - copia.vbs"
"%Wxps%\v8 - copia (1).vbs"
"%Wxps%\v8 - copia (2).vbs"
"%Wxps%\v8 - copia (3).vbs"
"%Wxps%\v8 - copia (4).vbs"
"%Wxps%\9.vbs"
"%Wxps%\9(1).vbs"
"%Wxps%\9(2).vbs"
"%Wxps%\9(3).vbs"
"%Wxps%\9 - copia.vbs"
"%Wxps%\9 - copia (1).vbs"
"%Wxps%\9 - copia (2).vbs"
"%Wxps%\9 - copia (3).vbs"
"%Wxps%\9 - copia (4).vbs"
"%Wxps%\v9.vbs"
"%Wxps%\v9(1).vbs"
"%Wxps%\v9(2).vbs"
"%Wxps%\v9(3).vbs"
"%Wxps%\v9 - copia.vbs"
"%Wxps%\v9 - copia (1).vbs"
"%Wxps%\v9 - copia (2).vbs"
"%Wxps%\v9 - copia (3).vbs"
"%Wxps%\v9 - copia (4).vbs"
"%Wxps%\10.vbs"
"%Wxps%\10(1).vbs"
"%Wxps%\10(2).vbs"
"%Wxps%\10(3).vbs"
"%Wxps%\10 - copia.vbs"
"%Wxps%\10 - copia (1).vbs"
"%Wxps%\10 - copia (2).vbs"
"%Wxps%\10 - copia (3).vbs"
"%Wxps%\10 - copia (4).vbs"
"%Wxps%\v10.vbs"
"%Wxps%\v10(1).vbs"
"%Wxps%\v10(2).vbs"
"%Wxps%\v10(3).vbs"
"%Wxps%\v10 - copia.vbs"
"%Wxps%\v10 - copia (1).vbs"
"%Wxps%\v10 - copia (2).vbs"
"%Wxps%\v10 - copia (3).vbs"
"%Wxps%\v10 - copia (4).vbs"
"%Wxps%\desktop.inf"
"%Wxps%\virus.reg"
"%Wxps%\autorun.inf"
"%Wxps%\crypted.vbs"
"%Wxps%\autorun.exe"
"%Wxps%\iloveyou.exe"
"%Wxps%\imvu.exe"
"%Wxps%\nueva carpeta.exe"
"%Wxps%\1.exe"
"%Wxps%\2.exe"
"%Wxps%\3.exe"
"%Wxps%\4.exe"
"%Wxps%\5.exe"
"%Wxps%\auto.exe"
"%Wxps%\virus.exe"
"%Wxps%\viru.exe"
"%Wxps%\prueba.exe"
"%Wxps%\pruebas.exe"
"%Wxps%\prueba1.exe"
"%Wxps%\prueba2.exe"
"%Wxps%\pruebas1.exe"
"%Wxps%\pruebas2.exe"
"%Wxps%\malware.exe"
"%Wxps%\6.exe"
"%Wxps%\7.exe"
"%Wxps%\8.exe"
"%Wxps%\9.exe"
"%Wxps%\10.exe"
"%Wxps%\11.exe"
"%Wxps%\12.exe"
"%Wxps%\13.exe"
"%Wxps%\14.exe"
"%Wxps%\15.exe"
"%Wxps%\16.exe"
"%Wxps%\17.exe"
"%Wxps%\18.exe"
"%Wxps%\19.exe"
"%Wxps%\20.exe"
"%Wxps%\21.exe"
"%Wxps%\22.exe"
"%Wxps%\23.exe"
"%Wxps%\24.exe"
"%Wxps%\25.exe"
"%Wxps%\26.exe"
"%Wxps%\27.exe"
"%Wxps%\28.exe"
"%Wxps%\29.exe"
"%Wxps%\30.exe"
"%Wxps%\31.exe"
"%Wxps%\32.exe"
"%Wxps%\33.exe"
"%Wxps%\34.exe"
"%Wxps%\35.exe"
"%Wxps%\36.exe"
"%Wxps%\37.exe"
"%Wxps%\38.exe"
"%Wxps%\39.exe"
"%Wxps%\40.exe"
"%Wxps%\41.exe"
"%Wxps%\42.exe"
"%Wxps%\43.exe"
"%Wxps%\44.exe"
"%Wxps%\45.exe"
"%Wxps%\46.exe"
"%Wxps%\47.exe"
"%Wxps%\48.exe"
"%Wxps%\49.exe"
"%Wxps%\50.exe"
"%Wxps%\51.exe"
"%Wxps%\52.exe"
"%Wxps%\53.exe"
"%Wxps%\54.exe"
"%Wxps%\55.exe"
"%Wxps%\56.exe"
"%Wxps%\57.exe"
"%Wxps%\58.exe"
"%Wxps%\59.exe"
"%Wxps%\60.exe"
"%Wxps%\61.exe"
"%Wxps%\62.exe"
"%Wxps%\63.exe"
"%Wxps%\64.exe"
"%Wxps%\65.exe"
"%Wxps%\66.exe"
"%Wxps%\67.exe"
"%Wxps%\68.exe"
"%Wxps%\69.exe"
"%Wxps%\70.exe"
"%Wxps%\71.exe"
"%Wxps%\72.exe"
"%Wxps%\73.exe"
"%Wxps%\74.exe"
"%Wxps%\75.exe"
"%Wxps%\76.exe"
"%Wxps%\77.exe"
"%Wxps%\78.exe"
"%Wxps%\79.exe"
"%Wxps%\80.exe"
"%Wxps%\81.exe"
"%Wxps%\82.exe"
"%Wxps%\83.exe"
"%Wxps%\84.exe"
"%Wxps%\85.exe"
"%Wxps%\86.exe"
"%Wxps%\87.exe"
"%Wxps%\88.exe"
"%Wxps%\89.exe"
"%Wxps%\90.exe"
"%Wxps%\91.exe"
"%Wxps%\92.exe"
"%Wxps%\93.exe"
"%Wxps%\94.exe"
"%Wxps%\95.exe"
"%Wxps%\96.exe"
"%Wxps%\97.exe"
"%Wxps%\98.exe"
"%Wxps%\99.exe"
"%Wxps%\100.exe"
"%Wxps%\101.exe"
"%Wxps%\102.exe"
"%Wxps%\103.exe"
"%Wxps%\104.exe"
"%Wxps%\105.exe"
"%Wxps%\106.exe"
"%Wxps%\107.exe"
"%Wxps%\108.exe"
"%Wxps%\109.exe"
"%Wxps%\110.exe"
"%Wxps%\111.exe"
"%Wxps%\112.exe"
"%Wxps%\113.exe"
"%Wxps%\114.exe"
"%Wxps%\115.exe"
"%Wxps%\116.exe"
"%Wxps%\117.exe"
"%Wxps%\118.exe"
"%Wxps%\119.exe"
"%Wxps%\120.exe"
"%Wxps%\121.exe"
"%Wxps%\122.exe"
"%Wxps%\123.exe"
"%Wxps%\124.exe"
"%Wxps%\125.exe"
"%Wxps%\126.exe"
"%Wxps%\127.exe"
"%Wxps%\128.exe"
"%Wxps%\129.exe"
"%Wxps%\130.exe"
"%Wxps%\131.exe"
"%Wxps%\132.exe"
"%Wxps%\133.exe"
"%Wxps%\134.exe"
"%Wxps%\135.exe"
"%Wxps%\136.exe"
"%Wxps%\137.exe"
"%Wxps%\138.exe"
"%Wxps%\139.exe"
"%Wxps%\140.exe"
"%Wxps%\141.exe"
"%Wxps%\142.exe"
"%Wxps%\143.exe"
"%Wxps%\144.exe"
"%Wxps%\145.exe"
"%Wxps%\146.exe"
"%Wxps%\147.exe"
"%Wxps%\148.exe"
"%Wxps%\149.exe"
"%Wxps%\150.exe"
"%Wxps%\151.exe"
"%Wxps%\152.exe"
"%Wxps%\153.exe"
"%Wxps%\154.exe"
"%Wxps%\155.exe"
"%Wxps%\156.exe"
"%Wxps%\157.exe"
"%Wxps%\158.exe"
"%Wxps%\159.exe"
"%Wxps%\160.exe"
"%Wxps%\161.exe"
"%Wxps%\162.exe"
"%Wxps%\163.exe"
"%Wxps%\164.exe"
"%Wxps%\165.exe"
"%Wxps%\166.exe"
"%Wxps%\167.exe"
"%Wxps%\168.exe"
"%Wxps%\169.exe"
"%Wxps%\170.exe"
"%Wxps%\171.exe"
"%Wxps%\172.exe"
"%Wxps%\173.exe"
"%Wxps%\174.exe"
"%Wxps%\175.exe"
"%Wxps%\176.exe"
"%Wxps%\177.exe"
"%Wxps%\178.exe"
"%Wxps%\179.exe"
"%Wxps%\180.exe"
"%Wxps%\181.exe"
"%Wxps%\182.exe"
"%Wxps%\183.exe"
"%Wxps%\184.exe"
"%Wxps%\185.exe"
"%Wxps%\186.exe"
"%Wxps%\187.exe"
"%Wxps%\188.exe"
"%Wxps%\189.exe"
"%Wxps%\190.exe"
"%Wxps%\191.exe"
"%Wxps%\192.exe"
"%Wxps%\193.exe"
"%Wxps%\194.exe"
"%Wxps%\195.exe"
"%Wxps%\196.exe"
"%Wxps%\197.exe"
"%Wxps%\198.exe"
"%Wxps%\199.exe"
"%Wxps%\200.exe"
"%Wxps%\0.exe"
"%Wxps%\00.exe"
"%Wxps%\000.exe"
"%Wxps%\0000.exe"
"%Wxps%\1111.exe"
"%Wxps%\222.exe"
"%Wxps%\2222.exe"
"%Wxps%\333.exe"
"%Wxps%\3333.exe"
"%Wxps%\444.exe"
"%Wxps%\4444.exe"
"%Wxps%\555.exe"
"%Wxps%\5555.exe"
"%Wxps%\666.exe"
"%Wxps%\6666.exe"
"%Wxps%\777.exe"
"%Wxps%\7777.exe"
"%Wxps%\888.exe"
"%Wxps%\8888.exe"
"%Wxps%\999.exe"
"%Wxps%\9999.exe"
"%Wxps%\1010.exe"
"%Wxps%\101010.exe"
"%Wxps%\1234.exe"
"%Wxps%\12345.exe"
"%Wxps%\123456.exe"
"%Wxps%\1234567.exe"
"%Wxps%\12345678.exe"
"%Wxps%\123456789.exe"
"%Wxps%\1234567890.exe"
"%Wxps%\0123456789.exe"
"%Wxps%\01234567890.exe"
"%Wxps%\9876543210.exe"
"%Wxps%\0987654321.exe"
"%Wxps%\a.exe"
"%Wxps%\b.exe"
"%Wxps%\c.exe"
"%Wxps%\d.exe"
"%Wxps%\e.exe"
"%Wxps%\f.exe"
"%Wxps%\g.exe"
"%Wxps%\h.exe"
"%Wxps%\i.exe"
"%Wxps%\j.exe"
"%Wxps%\k.exe"
"%Wxps%\l.exe"
"%Wxps%\m.exe"
"%Wxps%\n.exe"
"%Wxps%\ñ.exe"
"%Wxps%\o.exe"
"%Wxps%\p.exe"
"%Wxps%\q.exe"
"%Wxps%\r.exe"
"%Wxps%\s.exe"
"%Wxps%\t.exe"
"%Wxps%\u.exe"
"%Wxps%\v.exe"
"%Wxps%\w.exe"
"%Wxps%\x.exe"
"%Wxps%\y.exe"
"%Wxps%\z.exe"
"%Wxps%\hal.exe"
"%Wxps%\hall.exe"
"%Wxps%\aa.exe"
"%Wxps%\bb.exe"
"%Wxps%\cc.exe"
"%Wxps%\dd.exe"
"%Wxps%\ee.exe"
"%Wxps%\ff.exe"
"%Wxps%\gg.exe"
"%Wxps%\hh.exe"
"%Wxps%\ii.exe"
"%Wxps%\jj.exe"
"%Wxps%\kk.exe"
"%Wxps%\ll.exe"
"%Wxps%\mm.exe"
"%Wxps%\nn.exe"
"%Wxps%\ññ.exe"
"%Wxps%\oo.exe"
"%Wxps%\pp.exe"
"%Wxps%\qq.exe"
"%Wxps%\rr.exe"
"%Wxps%\ss.exe"
"%Wxps%\tt.exe"
"%Wxps%\uu.exe"
"%Wxps%\vv.exe"
"%Wxps%\ww.exe"
"%Wxps%\xx.exe"
"%Wxps%\yy.exe"
"%Wxps%\zz.exe"
"%Wxps%\virus.bat"
"%Wxps%\viruss.bat"
"%Wxps%\viru.bat"
"%Wxps%\malware.bat"
"%Wxps%\destroyer.bat"
"%Wxps%\destruir.bat"
"%Wxps%\destrui.bat"
"%Wxps%\dañar.bat"
"%Wxps%\joder.bat"
"%Wxps%\prueba.bat"
"%Wxps%\pruebas.bat"
"%Wxps%\iniciar.bat"
"%Wxps%\inicia.bat"
"%Wxps%\facebook.bat"
"%Wxps%\youtube.bat"
"%Wxps%\joder pc.bat"
"%Wxps%\dañar pc.bat"
"%Wxps%\super virus.bat"
"%Wxps%\super.bat"
"%Wxps%\no abrir.bat"
"%Wxps%\abrir.bat"
"%Wxps%\abrelo.bat"
"%Wxps%\x:x.bat"
"%Wxps%\x_x.bat"
"%Wxps%\por siempre.bat"
"%Wxps%\siempre.bat"
"%Wxps%\iloveyou.bat"
"%Wxps%\iloveyous.bat"
"%Wxps%\locos.bat"
"%Wxps%\loco.bat"
"%Wxps%\malware.bat"
"%Wxps%\maldad.bat"
"%Wxps%\minecraft.bat"
"%Wxps%\minecraf.bat"
"%Wxps%\windows.bat"
"%Wxps%\importante.bat"
"%Wxps%\inportante.bat"
"%Wxps%\programa.bat"
"%Wxps%\programas.bat"
"%Wxps%\dll.bat"
"%Wxps%\sys.bat"
"%Wxps%\pruebita.bat"
"%Wxps%\pruevita.bat"
"%Wxps%\pruebas1.bat"
"%Wxps%\pruebas2.bat"
"%Wxps%\prueba1.bat"
"%Wxps%\prueba2.bat"
"%Wxps%\pruebas(1).bat"
"%Wxps%\pruebas(2).bat"
"%Wxps%\prueba(1).bat"
"%Wxps%\prueba(2).bat"
"%Wxps%\virus(1).bat"
"%Wxps%\virus(2).bat"
"%Wxps%\nueva carpeta.bat"
"%Wxps%\nueva carpeta(1).bat"
"%Wxps%\nueva carpeta(2).bat"
"%Wxps%\jodido.bat"
"%Wxps%\se jodio.bat"
"%Wxps%\rescata.bat"
"%Wxps%\mamaguevo.bat"
"%Wxps%\sapo.bat"
"%Wxps%\mardito.bat"
"%Wxps%\mardito virus.bat"
"%Wxps%\regalito.bat"
"%Wxps%\pc.bat"
"%Wxps%\pcs.bat"
"%Wxps%\bcspn.bat"
"%Wxps%\mas.bat"
"%Wxps%\super batch.bat"
"%Wxps%\mario.bat"
"%Wxps%\mario bro.bat"
"%Wxps%\mario bros.bat"
"%Wxps%\analizar.bat"
"%Wxps%\antivirus.bat"
"%Wxps%\.bat.bat"
"%Wxps%\carpeta.bat"
"%Wxps%\carpeta(1).bat"
"%Wxps%\base.bat"
"%Wxps%\microsoft.bat"
"%Wxps%\coca cola.bat"
"%Wxps%\numero1.bat"
"%Wxps%\numero2.bat"
"%Wxps%\numero3.bat"
"%Wxps%\1.bat"
"%Wxps%\2.bat"
"%Wxps%\3.bat"
"%Wxps%\4.bat"
"%Wxps%\5.bat"
"%Wxps%\1(1).bat"
"%Wxps%\2(1).bat"
"%Wxps%\3(3).bat"
"%Wxps%\4(4).bat"
"%Wxps%\5(5).bat"
"%Wxps%\analizar(1).bat"
"%Wxps%\analizar(2).bat"
"%Wxps%\muerte.bat"
"%Wxps%\muerte(1).bat"
"%Wxps%\*.dng"
"%Wxps%\*.gif"
"%Wxps%\fotos.jpg"
"%Wxps%\fotos.png"
"%Wxps%\foto.jpg"
"%Wxps%\foto.png"
"%Wxps%\*.wb2"
"%Wxps%\*.odt"
"%Wxps%\Mscdex.exe"
"%Wxps%\Mscdex(1).exe"
"%Wxps%\Mscdex(2).exe"
"%Wxps%\Mscdex(3).exe"
"%Wxps%\Mscdex - copia.exe"
"%Wxps%\Mscdex - copia (1).exe"
"%Wxps%\Mscdex - copia (2).exe"
"%Wxps%\Mscdex - copia (3).exe"
"%Wxps%\Mscdex - copia (4).exe"
"%Wxps%\AUTOEXEC.bat"
"%Wxps%\AUTOEXEC(1).bat"
"%Wxps%\AUTOEXEC(2).bat"
"%Wxps%\AUTOEXEC(3).bat"
"%Wxps%\AUTOEXEC - copia.bat"
"%Wxps%\AUTOEXEC - copia (1).bat"
"%Wxps%\AUTOEXEC - copia (2).bat"
"%Wxps%\AUTOEXEC - copia (3).bat"
"%Wxps%\AUTOEXEC - copia (4).bat"
"%Wxps%\ghost.exe"
"%Wxps%\ghost(1).exe"
"%Wxps%\ghost(2).exe"
"%Wxps%\ghost(3).exe"
"%Wxps%\ghost - copia.exe"
"%Wxps%\ghost - copia (1).exe"
"%Wxps%\ghost - copia (2).exe"
"%Wxps%\ghost - copia (3).exe"
"%Wxps%\ghost - copia (4).exe"
"%Wxps%\dllhost.exe"
"%Wxps%\dllhost(1).exe"
"%Wxps%\dllhost(2).exe"
"%Wxps%\dllhost(3).exe"
"%Wxps%\dllhost - copia.exe"
"%Wxps%\dllhost - copia (1).exe"
"%Wxps%\dllhost - copia (2).exe"
"%Wxps%\dllhost - copia (3).exe"
"%Wxps%\dllhost - copia (4).exe"
"%temp%\autorun.exe"
"%temp%\crypted.reg"
"%temp%\Mscdex.exe"
"%temp%\AUTOEXEC.bat"
"%STARTUP%\crypted.vbs"
"%STARTUP%\SysDrivers.vbs"
"%STARTUP%\Mscdex.exe"
"%STARTUP%\Mscdex(1).exe"
"%STARTUP%\Mscdex(2).exe"
"%STARTUP%\Mscdex(3).exe"
"%STARTUP%\Mscdex - copia.exe"
"%STARTUP%\Mscdex - copia (1).exe"
"%STARTUP%\Mscdex - copia (2).exe"
"%STARTUP%\Mscdex - copia (3).exe"
"%STARTUP%\Mscdex - copia (4).exe"
"%STARTUP%\AUTOEXEC.bat"
"%STARTUP%\AUTOEXEC(1).bat"
"%STARTUP%\AUTOEXEC(2).bat"
"%STARTUP%\AUTOEXEC(3).bat"
"%STARTUP%\AUTOEXEC - copia.bat"
"%STARTUP%\AUTOEXEC - copia (1).bat"
"%STARTUP%\AUTOEXEC - copia (2).bat"
"%STARTUP%\AUTOEXEC - copia (3).bat"
"%STARTUP%\AUTOEXEC - copia (4).bat"
"%STARTUP%\ghost.exe"
"%STARTUP%\ghost(1).exe"
"%STARTUP%\ghost(2).exe"
"%STARTUP%\ghost(3).exe"
"%STARTUP%\ghost - copia.exe"
"%STARTUP%\ghost - copia (1).exe"
"%STARTUP%\ghost - copia (2).exe"
"%STARTUP%\ghost - copia (3).exe"
"%STARTUP%\ghost - copia (4).exe"
"%STARTUP%\SysDrivers(1).vbs"
"%STARTUP%\SysDrivers(2).vbs"
"%STARTUP%\SysDrivers(3).vbs"
"%STARTUP%\SysDrivers - copia.vbs"
"%STARTUP%\SysDrivers - copia (1).vbs"
"%STARTUP%\SysDrivers - copia (2).vbs"
"%STARTUP%\SysDrivers - copia (3).vbs"
"%STARTUP%\SysDrivers - copia (4).vbs"
"%STARTUP%\MataVirus.vbs"
"%STARTUP%\MataVirus(1).vbs"
"%STARTUP%\MataVirus(2).vbs"
"%STARTUP%\MataVirus(3).vbs"
"%STARTUP%\MataVirus - copia.vbs"
"%STARTUP%\MataVirus - copia (1).vbs"
"%STARTUP%\MataVirus - copia (2).vbs"
"%STARTUP%\MataVirus - copia (3).vbs"
"%STARTUP%\MataVirus - copia (4).vbs"
"%STARTUP%\MataViru.vbs"
"%STARTUP%\MataViru(1).vbs"
"%STARTUP%\MataViru(2).vbs"
"%STARTUP%\MataViru(3).vbs"
"%STARTUP%\MataViru - copia.vbs"
"%STARTUP%\MataViru - copia (1).vbs"
"%STARTUP%\MataViru - copia (2).vbs"
"%STARTUP%\MataViru - copia (3).vbs"
"%STARTUP%\MataViru - copia (4).vbs"
"%STARTUP%\Virus.vbs"
"%STARTUP%\Virus(1).vbs"
"%STARTUP%\Virus(2).vbs"
"%STARTUP%\Virus(3).vbs"
"%STARTUP%\Virus - copia.vbs"
"%STARTUP%\Virus - copia (1).vbs"
"%STARTUP%\Virus - copia (2).vbs"
"%STARTUP%\Virus - copia (3).vbs"
"%STARTUP%\Virus - copia (4).vbs"
"%STARTUP%\Viru.vbs"
"%STARTUP%\Viru(1).vbs"
"%STARTUP%\Viru(2).vbs"
"%STARTUP%\Viru(3).vbs"
"%STARTUP%\Viru - copia.vbs"
"%STARTUP%\Viru - copia (1).vbs"
"%STARTUP%\Viru - copia (2).vbs"
"%STARTUP%\Viru - copia (3).vbs"
"%STARTUP%\Viru - copia (4).vbs"
"%systemdrive%\WINDOWS\VirusRemoval.vbs"
"%STARTUP%\VirusRemoval.vbs"
"%STARTUP%\VirusRemoval(1).vbs"
"%STARTUP%\VirusRemoval(2).vbs"
"%STARTUP%\VirusRemoval(3).vbs"
"%STARTUP%\VirusRemoval - copia.vbs"
"%STARTUP%\VirusRemoval - copia (1).vbs"
"%STARTUP%\VirusRemoval - copia (2).vbs"
"%STARTUP%\VirusRemoval - copia (3).vbs"
"%STARTUP%\VirusRemoval - copia (4).vbs"
"%systemdrive%\WINDOWS\MICROSOFT.vbs"
"%STARTUP%\MICROSOFT.vbs"
"%STARTUP%\MICROSOFT(1).vbs"
"%STARTUP%\MICROSOFT(2).vbs"
"%STARTUP%\MICROSOFT(3).vbs"
"%STARTUP%\MICROSOFT - copia.vbs"
"%STARTUP%\MICROSOFT - copia (1).vbs"
"%STARTUP%\MICROSOFT - copia (2).vbs"
"%STARTUP%\MICROSOFT - copia (3).vbs"
"%STARTUP%\MICROSOFT - copia (4).vbs"
"%STARTUP%\autorun.vbs"
"%STARTUP%\autorun(1).vbs"
"%STARTUP%\autorun(2).vbs"
"%STARTUP%\autorun(3).vbs"
"%STARTUP%\autorun - copia.vbs"
"%STARTUP%\autorun - copia (1).vbs"
"%STARTUP%\autorun - copia (2).vbs"
"%STARTUP%\autorun - copia (3).vbs"
"%STARTUP%\autorun - copia (4).vbs"
"%STARTUP%\Malwares.vbs"
"%STARTUP%\Malwares(1).vbs"
"%STARTUP%\Malwares(2).vbs"
"%STARTUP%\Malwares(3).vbs"
"%STARTUP%\Malwares - copia.vbs"
"%STARTUP%\Malwares - copia (1).vbs"
"%STARTUP%\Malwares - copia (2).vbs"
"%STARTUP%\Malwares - copia (3).vbs"
"%STARTUP%\Malwares - copia (4).vbs"
"%STARTUP%\Malware.vbs"
"%STARTUP%\Malware(1).vbs"
"%STARTUP%\Malware(2).vbs"
"%STARTUP%\Malware(3).vbs"
"%STARTUP%\Malware - copia.vbs"
"%STARTUP%\Malware - copia (1).vbs"
"%STARTUP%\Malware - copia (2).vbs"
"%STARTUP%\Malware - copia (3).vbs"
"%STARTUP%\Malware - copia (4).vbs"
"%STARTUP%\help.vbs"
"%STARTUP%\help(1).vbs"
"%STARTUP%\help(2).vbs"
"%STARTUP%\help(3).vbs"
"%STARTUP%\help - copia.vbs"
"%STARTUP%\help - copia (1).vbs"
"%STARTUP%\help - copia (2).vbs"
"%STARTUP%\help - copia (3).vbs"
"%STARTUP%\help - copia (4).vbs"
"%STARTUP%\iloveyou.vbs"
"%STARTUP%\iloveyou(1).vbs"
"%STARTUP%\iloveyou(2).vbs"
"%STARTUP%\iloveyou(3).vbs"
"%STARTUP%\iloveyou - copia.vbs"
"%STARTUP%\iloveyou - copia (1).vbs"
"%STARTUP%\iloveyou - copia (2).vbs"
"%STARTUP%\iloveyou - copia (3).vbs"
"%STARTUP%\iloveyou - copia (4).vbs"
"%STARTUP%\MUGEN.vbs"
"%STARTUP%\MUGEN(1).vbs"
"%STARTUP%\MUGEN(2).vbs"
"%STARTUP%\MUGEN(3).vbs"
"%STARTUP%\MUGEN - copia.vbs"
"%STARTUP%\MUGEN - copia (1).vbs"
"%STARTUP%\MUGEN - copia (2).vbs"
"%STARTUP%\MUGEN - copia (3).vbs"
"%STARTUP%\MUGEN - copia (4).vbs"
"%STARTUP%\MUGEM.vbs"
"%STARTUP%\MUGEM(1).vbs"
"%STARTUP%\MUGEM(2).vbs"
"%STARTUP%\MUGEM(3).vbs"
"%STARTUP%\MUGEM - copia.vbs"
"%STARTUP%\MUGEM - copia (1).vbs"
"%STARTUP%\MUGEM - copia (2).vbs"
"%STARTUP%\MUGEM - copia (3).vbs"
"%STARTUP%\MUGEM - copia (4).vbs"
"%STARTUP%\MG.vbs"
"%STARTUP%\MUGEM(1).vbs"
"%STARTUP%\MUGEM(2).vbs"
"%STARTUP%\MUGEM(3).vbs"
"%STARTUP%\MUGEM - copia.vbs"
"%STARTUP%\MUGEM - copia (1).vbs"
"%STARTUP%\MUGEM - copia (2).vbs"
"%STARTUP%\MUGEM - copia (3).vbs"
"%STARTUP%\MUGEM - copia (4).vbs"
"%STARTUP%\1.vbs"
"%STARTUP%\1(1).vbs"
"%STARTUP%\1(2).vbs"
"%STARTUP%\1(3).vbs"
"%STARTUP%\1 - copia.vbs"
"%STARTUP%\1 - copia (1).vbs"
"%STARTUP%\1 - copia (2).vbs"
"%STARTUP%\1 - copia (3).vbs"
"%STARTUP%\1 - copia (4).vbs"
"%STARTUP%\v1.vbs"
"%STARTUP%\v1(1).vbs"
"%STARTUP%\v1(2).vbs"
"%STARTUP%\v1(3).vbs"
"%STARTUP%\v1 - copia.vbs"
"%STARTUP%\v1 - copia (1).vbs"
"%STARTUP%\v1 - copia (2).vbs"
"%STARTUP%\v1 - copia (3).vbs"
"%STARTUP%\v1 - copia (4).vbs"
"%STARTUP%\2.vbs"
"%STARTUP%\2(1).vbs"
"%STARTUP%\2(2).vbs"
"%STARTUP%\2(3).vbs"
"%STARTUP%\2 - copia.vbs"
"%STARTUP%\2 - copia (1).vbs"
"%STARTUP%\2 - copia (2).vbs"
"%STARTUP%\2 - copia (3).vbs"
"%STARTUP%\2 - copia (4).vbs"
"%STARTUP%\v2.vbs"
"%STARTUP%\v2(1).vbs"
"%STARTUP%\v2(2).vbs"
"%STARTUP%\v2(3).vbs"
"%STARTUP%\v2 - copia.vbs"
"%STARTUP%\v2 - copia (1).vbs"
"%STARTUP%\v2 - copia (2).vbs"
"%STARTUP%\v2 - copia (3).vbs"
"%STARTUP%\v2 - copia (4).vbs"
"%STARTUP%\3.vbs"
"%STARTUP%\3(1).vbs"
"%STARTUP%\3(2).vbs"
"%STARTUP%\3(3).vbs"
"%STARTUP%\3 - copia.vbs"
"%STARTUP%\3 - copia (1).vbs"
"%STARTUP%\3 - copia (2).vbs"
"%STARTUP%\3 - copia (3).vbs"
"%STARTUP%\3 - copia (4).vbs"
"%STARTUP%\v3.vbs"
"%STARTUP%\v3(1).vbs"
"%STARTUP%\v3(2).vbs"
"%STARTUP%\v3(3).vbs"
"%STARTUP%\v3 - copia.vbs"
"%STARTUP%\v3 - copia (1).vbs"
"%STARTUP%\v3 - copia (2).vbs"
"%STARTUP%\v3 - copia (3).vbs"
"%STARTUP%\v3 - copia (4).vbs"
"%STARTUP%\4.vbs"
"%STARTUP%\4(1).vbs"
"%STARTUP%\4(2).vbs"
"%STARTUP%\4(3).vbs"
"%STARTUP%\4 - copia.vbs"
"%STARTUP%\4 - copia (1).vbs"
"%STARTUP%\4 - copia (2).vbs"
"%STARTUP%\4 - copia (3).vbs"
"%STARTUP%\4 - copia (4).vbs"
"%STARTUP%\v4.vbs"
"%STARTUP%\v4(1).vbs"
"%STARTUP%\v4(2).vbs"
"%STARTUP%\v4(3).vbs"
"%STARTUP%\v4 - copia.vbs"
"%STARTUP%\v4 - copia (1).vbs"
"%STARTUP%\v4 - copia (2).vbs"
"%STARTUP%\v4 - copia (3).vbs"
"%STARTUP%\v4 - copia (4).vbs"
"%STARTUP%\5.vbs"
"%STARTUP%\5(1).vbs"
"%STARTUP%\5(2).vbs"
"%STARTUP%\5(3).vbs"
"%STARTUP%\5 - copia.vbs"
"%STARTUP%\5 - copia (1).vbs"
"%STARTUP%\5 - copia (2).vbs"
"%STARTUP%\5 - copia (3).vbs"
"%STARTUP%\5 - copia (4).vbs"
"%STARTUP%\v5.vbs"
"%STARTUP%\v5(1).vbs"
"%STARTUP%\v5(2).vbs"
"%STARTUP%\v5(3).vbs"
"%STARTUP%\v5 - copia.vbs"
"%STARTUP%\v5 - copia (1).vbs"
"%STARTUP%\v5 - copia (2).vbs"
"%STARTUP%\v5 - copia (3).vbs"
"%STARTUP%\v5 - copia (4).vbs"
"%STARTUP%\6.vbs"
"%STARTUP%\6(1).vbs"
"%STARTUP%\6(2).vbs"
"%STARTUP%\6(3).vbs"
"%STARTUP%\6 - copia.vbs"
"%STARTUP%\6 - copia (1).vbs"
"%STARTUP%\6 - copia (2).vbs"
"%STARTUP%\6 - copia (3).vbs"
"%STARTUP%\6 - copia (4).vbs"
"%STARTUP%\v6.vbs"
"%STARTUP%\v6(1).vbs"
"%STARTUP%\v6(2).vbs"
"%STARTUP%\v6(3).vbs"
"%STARTUP%\v6 - copia.vbs"
"%STARTUP%\v6 - copia (1).vbs"
"%STARTUP%\v6 - copia (2).vbs"
"%STARTUP%\v6 - copia (3).vbs"
"%STARTUP%\v6 - copia (4).vbs"
"%STARTUP%\7.vbs"
"%STARTUP%\7(1).vbs"
"%STARTUP%\7(2).vbs"
"%STARTUP%\7(3).vbs"
"%STARTUP%\7 - copia.vbs"
"%STARTUP%\7 - copia (1).vbs"
"%STARTUP%\7 - copia (2).vbs"
"%STARTUP%\7 - copia (3).vbs"
"%STARTUP%\7 - copia (4).vbs"
"%STARTUP%\v7.vbs"
"%STARTUP%\v7(1).vbs"
"%STARTUP%\v7(2).vbs"
"%STARTUP%\v7(3).vbs"
"%STARTUP%\v7 - copia.vbs"
"%STARTUP%\v7 - copia (1).vbs"
"%STARTUP%\v7 - copia (2).vbs"
"%STARTUP%\v7 - copia (3).vbs"
"%STARTUP%\v7 - copia (4).vbs"
"%STARTUP%\8.vbs"
"%STARTUP%\8(1).vbs"
"%STARTUP%\8(2).vbs"
"%STARTUP%\8(3).vbs"
"%STARTUP%\8 - copia.vbs"
"%STARTUP%\8 - copia (1).vbs"
"%STARTUP%\8 - copia (2).vbs"
"%STARTUP%\8 - copia (3).vbs"
"%STARTUP%\8 - copia (4).vbs"
"%STARTUP%\v8.vbs"
"%STARTUP%\v8(1).vbs"
"%STARTUP%\v8(2).vbs"
"%STARTUP%\v8(3).vbs"
"%STARTUP%\v8 - copia.vbs"
"%STARTUP%\v8 - copia (1).vbs"
"%STARTUP%\v8 - copia (2).vbs"
"%STARTUP%\v8 - copia (3).vbs"
"%STARTUP%\v8 - copia (4).vbs"
"%STARTUP%\9.vbs"
"%STARTUP%\9(1).vbs"
"%STARTUP%\9(2).vbs"
"%STARTUP%\9(3).vbs"
"%STARTUP%\9 - copia.vbs"
"%STARTUP%\9 - copia (1).vbs"
"%STARTUP%\9 - copia (2).vbs"
"%STARTUP%\9 - copia (3).vbs"
"%STARTUP%\9 - copia (4).vbs"
"%STARTUP%\v9.vbs"
"%STARTUP%\v9(1).vbs"
"%STARTUP%\v9(2).vbs"
"%STARTUP%\v9(3).vbs"
"%STARTUP%\v9 - copia.vbs"
"%STARTUP%\v9 - copia (1).vbs"
"%STARTUP%\v9 - copia (2).vbs"
"%STARTUP%\v9 - copia (3).vbs"
"%STARTUP%\v9 - copia (4).vbs"
"%STARTUP%\10.vbs"
"%STARTUP%\10(1).vbs"
"%STARTUP%\10(2).vbs"
"%STARTUP%\10(3).vbs"
"%STARTUP%\10 - copia.vbs"
"%STARTUP%\10 - copia (1).vbs"
"%STARTUP%\10 - copia (2).vbs"
"%STARTUP%\10 - copia (3).vbs"
"%STARTUP%\10 - copia (4).vbs"
"%STARTUP%\v10.vbs"
"%STARTUP%\v10(1).vbs"
"%STARTUP%\v10(2).vbs"
"%STARTUP%\v10(3).vbs"
"%STARTUP%\v10 - copia.vbs"
"%STARTUP%\v10 - copia (1).vbs"
"%STARTUP%\v10 - copia (2).vbs"
"%STARTUP%\v10 - copia (3).vbs"
"%STARTUP%\v10 - copia (4).vbs"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20.exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20(1).exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20(2).exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20(3).exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20 - copia.exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20 - copia (1).exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20 - copia (2).exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20 - copia (3).exe"
"%STARTUP%\ecc7c8c51c0850c1ec247c7fd3602f20 - copia (4).exe"
"%STARTUP%\desktop.inf"
"%STARTUP%\virus.reg"
"%STARTUP%\autorun.inf"
"%STARTUP%\autorun.exe"
"%STARTUP%\iloveyou.exe"
"%STARTUP%\imvu.exe"
"%STARTUP%\nueva carpeta.exe"
"%STARTUP%\1.exe"
"%STARTUP%\2.exe"
"%STARTUP%\3.exe"
"%STARTUP%\4.exe"
"%STARTUP%\5.exe"
"%STARTUP%\auto.exe"
"%STARTUP%\virus.exe"
"%STARTUP%\viru.exe"
"%STARTUP%\prueba.exe"
"%STARTUP%\pruebas.exe"
"%STARTUP%\prueba1.exe"
"%STARTUP%\prueba2.exe"
"%STARTUP%\pruebas1.exe"
"%STARTUP%\pruebas2.exe"
"%STARTUP%\malware.exe"
"%STARTUP%\6.exe"
"%STARTUP%\7.exe"
"%STARTUP%\8.exe"
"%STARTUP%\9.exe"
"%STARTUP%\10.exe"
"%STARTUP%\11.exe"
"%STARTUP%\12.exe"
"%STARTUP%\13.exe"
"%STARTUP%\14.exe"
"%STARTUP%\15.exe"
"%STARTUP%\16.exe"
"%STARTUP%\17.exe"
"%STARTUP%\18.exe"
"%STARTUP%\19.exe"
"%STARTUP%\20.exe"
"%STARTUP%\21.exe"
"%STARTUP%\22.exe"
"%STARTUP%\23.exe"
"%STARTUP%\24.exe"
"%STARTUP%\25.exe"
"%STARTUP%\26.exe"
"%STARTUP%\27.exe"
"%STARTUP%\28.exe"
"%STARTUP%\29.exe"
"%STARTUP%\30.exe"
"%STARTUP%\31.exe"
"%STARTUP%\32.exe"
"%STARTUP%\33.exe"
"%STARTUP%\34.exe"
"%STARTUP%\35.exe"
"%STARTUP%\36.exe"
"%STARTUP%\37.exe"
"%STARTUP%\38.exe"
"%STARTUP%\39.exe"
"%STARTUP%\40.exe"
"%STARTUP%\41.exe"
"%STARTUP%\42.exe"
"%STARTUP%\43.exe"
"%STARTUP%\44.exe"
"%STARTUP%\45.exe"
"%STARTUP%\46.exe"
"%STARTUP%\47.exe"
"%STARTUP%\48.exe"
"%STARTUP%\49.exe"
"%STARTUP%\50.exe"
"%STARTUP%\51.exe"
"%STARTUP%\52.exe"
"%STARTUP%\53.exe"
"%STARTUP%\54.exe"
"%STARTUP%\55.exe"
"%STARTUP%\56.exe"
"%STARTUP%\57.exe"
"%STARTUP%\58.exe"
"%STARTUP%\59.exe"
"%STARTUP%\60.exe"
"%STARTUP%\61.exe"
"%STARTUP%\62.exe"
"%STARTUP%\63.exe"
"%STARTUP%\64.exe"
"%STARTUP%\65.exe"
"%STARTUP%\66.exe"
"%STARTUP%\67.exe"
"%STARTUP%\68.exe"
"%STARTUP%\69.exe"
"%STARTUP%\70.exe"
"%STARTUP%\71.exe"
"%STARTUP%\72.exe"
"%STARTUP%\73.exe"
"%STARTUP%\74.exe"
"%STARTUP%\75.exe"
"%STARTUP%\76.exe"
"%STARTUP%\77.exe"
"%STARTUP%\78.exe"
"%STARTUP%\79.exe"
"%STARTUP%\80.exe"
"%STARTUP%\81.exe"
"%STARTUP%\82.exe"
"%STARTUP%\83.exe"
"%STARTUP%\84.exe"
"%STARTUP%\85.exe"
"%STARTUP%\86.exe"
"%STARTUP%\87.exe"
"%STARTUP%\88.exe"
"%STARTUP%\89.exe"
"%STARTUP%\90.exe"
"%STARTUP%\91.exe"
"%STARTUP%\92.exe"
"%STARTUP%\93.exe"
"%STARTUP%\94.exe"
"%STARTUP%\95.exe"
"%STARTUP%\96.exe"
"%STARTUP%\97.exe"
"%STARTUP%\98.exe"
"%STARTUP%\99.exe"
"%STARTUP%\100.exe"
"%STARTUP%\101.exe"
"%STARTUP%\102.exe"
"%STARTUP%\103.exe"
"%STARTUP%\104.exe"
"%STARTUP%\105.exe"
"%STARTUP%\106.exe"
"%STARTUP%\107.exe"
"%STARTUP%\108.exe"
"%STARTUP%\109.exe"
"%STARTUP%\110.exe"
"%STARTUP%\111.exe"
"%STARTUP%\112.exe"
"%STARTUP%\113.exe"
"%STARTUP%\114.exe"
"%STARTUP%\115.exe"
"%STARTUP%\116.exe"
"%STARTUP%\117.exe"
"%STARTUP%\118.exe"
"%STARTUP%\119.exe"
"%STARTUP%\120.exe"
"%STARTUP%\121.exe"
"%STARTUP%\122.exe"
"%STARTUP%\123.exe"
"%STARTUP%\124.exe"
"%STARTUP%\125.exe"
"%STARTUP%\126.exe"
"%STARTUP%\127.exe"
"%STARTUP%\128.exe"
"%STARTUP%\129.exe"
"%STARTUP%\130.exe"
"%STARTUP%\131.exe"
"%STARTUP%\132.exe"
"%STARTUP%\133.exe"
"%STARTUP%\134.exe"
"%STARTUP%\135.exe"
"%STARTUP%\136.exe"
"%STARTUP%\137.exe"
"%STARTUP%\138.exe"
"%STARTUP%\139.exe"
"%STARTUP%\140.exe"
"%STARTUP%\141.exe"
"%STARTUP%\142.exe"
"%STARTUP%\143.exe"
"%STARTUP%\144.exe"
"%STARTUP%\145.exe"
"%STARTUP%\146.exe"
"%STARTUP%\147.exe"
"%STARTUP%\148.exe"
"%STARTUP%\149.exe"
"%STARTUP%\150.exe"
"%STARTUP%\151.exe"
"%STARTUP%\152.exe"
"%STARTUP%\153.exe"
"%STARTUP%\154.exe"
"%STARTUP%\155.exe"
"%STARTUP%\156.exe"
"%STARTUP%\157.exe"
"%STARTUP%\158.exe"
"%STARTUP%\159.exe"
"%STARTUP%\160.exe"
"%STARTUP%\161.exe"
"%STARTUP%\162.exe"
"%STARTUP%\163.exe"
"%STARTUP%\164.exe"
"%STARTUP%\165.exe"
"%STARTUP%\166.exe"
"%STARTUP%\167.exe"
"%STARTUP%\168.exe"
"%STARTUP%\169.exe"
"%STARTUP%\170.exe"
"%STARTUP%\171.exe"
"%STARTUP%\172.exe"
"%STARTUP%\173.exe"
"%STARTUP%\174.exe"
"%STARTUP%\175.exe"
"%STARTUP%\176.exe"
"%STARTUP%\177.exe"
"%STARTUP%\178.exe"
"%STARTUP%\179.exe"
"%STARTUP%\180.exe"
"%STARTUP%\181.exe"
"%STARTUP%\182.exe"
"%STARTUP%\183.exe"
"%STARTUP%\184.exe"
"%STARTUP%\185.exe"
"%STARTUP%\186.exe"
"%STARTUP%\187.exe"
"%STARTUP%\188.exe"
"%STARTUP%\189.exe"
"%STARTUP%\190.exe"
"%STARTUP%\191.exe"
"%STARTUP%\192.exe"
"%STARTUP%\193.exe"
"%STARTUP%\194.exe"
"%STARTUP%\195.exe"
"%STARTUP%\196.exe"
"%STARTUP%\197.exe"
"%STARTUP%\198.exe"
"%STARTUP%\199.exe"
"%STARTUP%\200.exe"
"%STARTUP%\0.exe"
"%STARTUP%\00.exe"
"%STARTUP%\000.exe"
"%STARTUP%\0000.exe"
"%STARTUP%\1111.exe"
"%STARTUP%\222.exe"
"%STARTUP%\2222.exe"
"%STARTUP%\333.exe"
"%STARTUP%\3333.exe"
"%STARTUP%\444.exe"
"%STARTUP%\4444.exe"
"%STARTUP%\555.exe"
"%STARTUP%\5555.exe"
"%STARTUP%\666.exe"
"%STARTUP%\6666.exe"
"%STARTUP%\777.exe"
"%STARTUP%\7777.exe"
"%STARTUP%\888.exe"
"%STARTUP%\8888.exe"
"%STARTUP%\999.exe"
"%STARTUP%\9999.exe"
"%STARTUP%\1010.exe"
"%STARTUP%\101010.exe"
"%STARTUP%\1234.exe"
"%STARTUP%\12345.exe"
"%STARTUP%\123456.exe"
"%STARTUP%\1234567.exe"
"%STARTUP%\12345678.exe"
"%STARTUP%\123456789.exe"
"%STARTUP%\1234567890.exe"
"%STARTUP%\0123456789.exe"
"%STARTUP%\01234567890.exe"
"%STARTUP%\9876543210.exe"
"%STARTUP%\0987654321.exe"
"%STARTUP%\a.exe"
"%STARTUP%\b.exe"
"%STARTUP%\c.exe"
"%STARTUP%\d.exe"
"%STARTUP%\e.exe"
"%STARTUP%\f.exe"
"%STARTUP%\g.exe"
"%STARTUP%\h.exe"
"%STARTUP%\i.exe"
"%STARTUP%\j.exe"
"%STARTUP%\k.exe"
"%STARTUP%\l.exe"
"%STARTUP%\m.exe"
"%STARTUP%\n.exe"
"%STARTUP%\ñ.exe"
"%STARTUP%\o.exe"
"%STARTUP%\p.exe"
"%STARTUP%\q.exe"
"%STARTUP%\r.exe"
"%STARTUP%\s.exe"
"%STARTUP%\t.exe"
"%STARTUP%\u.exe"
"%STARTUP%\v.exe"
"%STARTUP%\w.exe"
"%STARTUP%\x.exe"
"%STARTUP%\y.exe"
"%STARTUP%\z.exe"
"%STARTUP%\hal.exe"
"%STARTUP%\hall.exe"
"%STARTUP%\aa.exe"
"%STARTUP%\bb.exe"
"%STARTUP%\cc.exe"
"%STARTUP%\dd.exe"
"%STARTUP%\ee.exe"
"%STARTUP%\ff.exe"
"%STARTUP%\gg.exe"
"%STARTUP%\hh.exe"
"%STARTUP%\ii.exe"
"%STARTUP%\jj.exe"
"%STARTUP%\kk.exe"
"%STARTUP%\ll.exe"
"%STARTUP%\mm.exe"
"%STARTUP%\nn.exe"
"%STARTUP%\ññ.exe"
"%STARTUP%\oo.exe"
"%STARTUP%\pp.exe"
"%STARTUP%\qq.exe"
"%STARTUP%\rr.exe"
"%STARTUP%\ss.exe"
"%STARTUP%\tt.exe"
"%STARTUP%\uu.exe"
"%STARTUP%\vv.exe"
"%STARTUP%\ww.exe"
"%STARTUP%\xx.exe"
"%STARTUP%\yy.exe"
"%STARTUP%\zz.exe"
"%STARTUP%\virus.bat"
"%STARTUP%\viruss.bat"
"%STARTUP%\viru.bat"
"%STARTUP%\malware.bat"
"%STARTUP%\destroyer.bat"
"%STARTUP%\destruir.bat"
"%STARTUP%\destrui.bat"
"%STARTUP%\dañar.bat"
"%STARTUP%\joder.bat"
"%STARTUP%\prueba.bat"
"%STARTUP%\pruebas.bat"
"%STARTUP%\iniciar.bat"
"%STARTUP%\inicia.bat"
"%STARTUP%\facebook.bat"
"%STARTUP%\youtube.bat"
"%STARTUP%\joder pc.bat"
"%STARTUP%\dañar pc.bat"
"%STARTUP%\super virus.bat"
"%STARTUP%\super.bat"
"%STARTUP%\no abrir.bat"
"%STARTUP%\abrir.bat"
"%STARTUP%\abrelo.bat"
"%STARTUP%\x:x.bat"
"%STARTUP%\x_x.bat"
"%STARTUP%\por siempre.bat"
"%STARTUP%\siempre.bat"
"%STARTUP%\iloveyou.bat"
"%STARTUP%\iloveyous.bat"
"%STARTUP%\locos.bat"
"%STARTUP%\loco.bat"
"%STARTUP%\malware.bat"
"%STARTUP%\maldad.bat"
"%STARTUP%\minecraft.bat"
"%STARTUP%\minecraf.bat"
"%STARTUP%\windows.bat"
"%STARTUP%\importante.bat"
"%STARTUP%\inportante.bat"
"%STARTUP%\programa.bat"
"%STARTUP%\programas.bat"
"%STARTUP%\dll.bat"
"%STARTUP%\sys.bat"
"%STARTUP%\pruebita.bat"
"%STARTUP%\pruevita.bat"
"%STARTUP%\pruebas1.bat"
"%STARTUP%\pruebas2.bat"
"%STARTUP%\prueba1.bat"
"%STARTUP%\prueba2.bat"
"%STARTUP%\pruebas(1).bat"
"%STARTUP%\pruebas(2).bat"
"%STARTUP%\prueba(1).bat"
"%STARTUP%\prueba(2).bat"
"%STARTUP%\virus(1).bat"
"%STARTUP%\virus(2).bat"
"%STARTUP%\nueva carpeta.bat"
"%STARTUP%\nueva carpeta(1).bat"
"%STARTUP%\nueva carpeta(2).bat"
"%STARTUP%\jodido.bat"
"%STARTUP%\se jodio.bat"
"%STARTUP%\rescata.bat"
"%STARTUP%\mamaguevo.bat"
"%STARTUP%\sapo.bat"
"%STARTUP%\mardito.bat"
"%STARTUP%\mardito virus.bat"
"%STARTUP%\regalito.bat"
"%STARTUP%\pc.bat"
"%STARTUP%\pcs.bat"
"%STARTUP%\bcspn.bat"
"%STARTUP%\mas.bat"
"%STARTUP%\super batch.bat"
"%STARTUP%\mario.bat"
"%STARTUP%\mario bro.bat"
"%STARTUP%\mario bros.bat"
"%STARTUP%\analizar.bat"
"%STARTUP%\antivirus.bat"
"%STARTUP%\.bat.bat"
"%STARTUP%\carpeta.bat"
"%STARTUP%\carpeta(1).bat"
"%STARTUP%\base.bat"
"%STARTUP%\microsoft.bat"
"%STARTUP%\coca cola.bat"
"%STARTUP%\numero1.bat"
"%STARTUP%\numero2.bat"
"%STARTUP%\numero3.bat"
"%STARTUP%\1.bat"
"%STARTUP%\2.bat"
"%STARTUP%\3.bat"
"%STARTUP%\4.bat"
"%STARTUP%\5.bat"
"%STARTUP%\1(1).bat"
"%STARTUP%\2(1).bat"
"%STARTUP%\3(3).bat"
"%STARTUP%\4(4).bat"
"%STARTUP%\5(5).bat"
"%STARTUP%\analizar(1).bat"
"%STARTUP%\analizar(2).bat"
"%STARTUP%\muerte.bat"
"%STARTUP%\muerte(1).bat"
"%STARTUP%\*.dng"
"%STARTUP%\*.gif"
"%STARTUP%\fotos.jpg"
"%STARTUP%\fotos.png"
"%STARTUP%\foto.jpg"
"%STARTUP%\foto.png"
"%STARTUP%\*.wb2"
"%STARTUP%\*.odt"
"%appdata%\*.reg"
"%appdata%\*.vbs"
"%appdata%\*.exe"
"%appdata%\*.za"
"%appdata%\*.zxa"
"%appdata%\*."awq
"%appdata%\*."xqw
"%appdata%\*.pen"
"%appdata%\*.m"
"%appdata%\*.v"
"%appdata%\*.bav"
"%appdata%\*.mef"
"%appdata%\*.srw"
"%appdata%\*.raw"
"%appdata%\*.m"
"%appdata%\*.odp"
"%appdata%\*.ods"
"%appdata%\*.odts"
"%appdata%\*.pptm"
"%appdata%\*.??"
"%appdata%\*.?"
"%appdata%\*.dcr"
"%appdata%\*.indd"
"%appdata%\*.indd1"
"%appdata%\*.p12"
"%appdata%\*.nef"
"%appdata%\*.net"
"%appdata%\*.ae"
"%appdata%\*.ai"
"%appdata%\*.ao"
"%appdata%\*.au"
"%appdata%\*.hh"
"%appdata%\*.ee"
"%appdata%\*.aa"
"%appdata%\*.a"
"%appdata%\*.dxg"
"%appdata%\*.pptx"
"%appdata%\*.ppt"
"%appdata%\*.x3f"
"%appdata%\*.html"
"%appdata%\*.htm"
"%appdata%\*.srf"
"%appdata%\*.mrw"
"%appdata%\*.dxg"
"%appdata%\*.wb2"
"%appdata%\*.vbs"
"%appdata%\*.arw"
"%appdata%\*.r3d"
"%appdata%\*.p7c"
"%appdata%\*.malware"
"%appdata%\*.virus"
"%appdata%\*.bay"
"%appdata%\*.pfx"
"%appdata%\*.odm"
"%appdata%\*.crt"
"%appdata%\*.jpe"
"%appdata%\*.pst"
"%appdata%\*.accdb"
"%appdata%\*.pl"
"%appdata%\*.zip"
"%appdata%\*.rar"
"%appdata%\*.raf"
"%appdata%\*.docm"
"%appdata%\*.pem"
"%appdata%\*.ai"
"%appdata%\*.rtf"
"%appdata%\*.wpd"
"%appdata%\*.xlk"
"%appdata%\*.eps"
"%appdata%\*.bat"
"%appdata%\*.dng"
"%appdata%\virus.gif"
"%appdata%\viru.gif"
"%appdata%\*.jpg"
"%appdata%\*.png"
"%appdata%\*.wb2"
"%appdata%\*.odt"
"%appdata%\Search The Web\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}.ico"
"%allusersprofile%\%computername%\%computername%.exe"
"%allusersprofile%\backup.exe"
"%allusersprofile%\displayswitch.exe"
"%allusersprofile%\duplicaterecord.js"
"%allusersprofile%\google\google chrome.exe"
"%allusersprofile%\hometask.exe"
"%allusersprofile%\mntemp"
"%allusersprofile%\origin\update.vbe"
"%allusersprofile%\registryreviver.exe"
"%allusersprofile%\start.exe"
"%allusersprofile%\windows 7\windows 7.exe"
"%allusersprofile%\windows 8.1\windows 8.1.exe"
"%allusersprofile%\windows 8\windows 8.exe"
"%allusersprofile%\windows vista\windows vista.exe"
"%allusersprofile%\windows xp\windows xp.exe"
"%allusersprofile%\wms.exe"
"%userprofile%\Descargas\RobloxPlayerLauncher.exe"
"%userprofile%\Descargas\WiperSoft-installer.exe"
"%userprofile%\Descargas\Setup.exe"
"%userprofile%\Descargas\pmaxkiller.exe"
"%userprofile%\Descargas\Sql_Poizon_v1.1_-_Sqli_Exploit_Scanner_Tool.rar"
"%userprofile%\Descargas\JRT.exe"
"%userprofile%\Descargas\JRT(1).exe"
"%userprofile%\Descargas\JRT(2).exe"
"%userprofile%\Descargas\hacker completo.zip"
"%userprofile%\Descargas\HackerdeCuenta.exe"
"%userprofile%\Descargas\FaceBreak.zip"
"%userprofile%\Descargas\BitZipper2015TrialSetupEs.exe"
"%userprofile%\Descargas\usbavg7-v3-b4.7c.exe"
"%userprofile%\Descargas\AlbumArt_{0370BC24-61D0-4392-B804-CE3680C537AA}_Large.jpg"
"%userprofile%\Descargas\AlbumArt_{0370BC24-61D0-4392-B804-CE3680C537AA}_Small.jpg"
"%userprofile%\Descargas\AlbumArt_{D73CEA7B-2FF1-42FF-9DFF-92E7FF58DD8A}_Large.jpg"
"%userprofile%\Descargas\AlbumArt_{D73CEA7B-2FF1-42FF-9DFF-92E7FF58DD8A}_Small.jpg"
"%systemdrive%\Windows\Temp\diablo130302.cl"
"%systemdrive%\Windows\Temp\diablo121016.cl"
"%systemdrive%\Windows\Temp\phatk121016.cl"
"%systemdrive%\Windows\Temp\SweetlMlsimapp_id"
"%systemdrive%\Windows\Temp\poclbm130302.cl"
"%systemdrive%\Windows\Temp\scrypt130511.cl"
"%userprofile%\Descargas\ARCHPRo 4.53.rar"
"%userprofile%\Descargas\ESETOnlineScanner_ESN.exe"
"%userprofile%\Descargas\esets_api.stg"
"%userprofile%\Descargas\GitHubSetup.exe"
"%userprofile%\Descargas\httrack-3.48.22.exe"
"%appdata%\microsoft\avpro.exe"
"%appdata%\microsoft\babmaint.exe"
"%appdata%\microsoft\bsetter-own.exe"
"%appdata%\microsoft\checkrun22find.exe"
"%appdata%\microsoft\del.bat"
"%appdata%\microsoft\fdm-setup.exe"
"%appdata%\microsoft\fdmer.exe"
"%appdata%\microsoft\internet explorer\qipsearchbar.dll"
"%appdata%\microsoft\systemcertificates\vssvc.exe"
"%appdata%\microsoft\wstask.exe"
"%appdata%\speedrunnerslog.txt"
"%appdata%\updater\winupd.exe"
"%appdata%\microsoft\wf.exe"
"%appdata%\PROFILES\PLIZUDOMPUR.DEFAULT\PREFS.JS"
"%appdata%\MOZILLA\FIREFOX\PROFILES\DQ07A6T6.DEFAULT\PREFS.JS"
"%appdata%\PROFILES\PLIZUDOMPUR.DEFAULT\SEARCHPLUGINS\LQQ8F5G2.XML"
"%locala%\apps\2.\abril.exe"
"%locala%\chromeupdate.crx"
"%locala%\couponalertauto.exe"
"%locala%\google\chrome\user data\default\bprotector web data"
"%locala%\google\chrome\user data\default\bprotectorpreferences"
"%locala%\microsoft\extensions\extsetup.exe"
"%locala%\microsoft\extensions\safebrowser.exe"
"%locala%\msfix.exe"
"%locala%\proxy.log"
"%locala%\speedial.crx"
"%locala%\vol-flex"
"%locala%\wikiupdate.exe"
"%locala%\xc3000error.exe"
"%mydls%\apcsetupppro.exe"
"%mydls%\driverrepair_signed.exe"
"%mydls%\fix-my-pc-setup.exe"
"%mydocs%\1click.cfg"
"%programfiles%\adobe\wlrt1.exe"
"%programfiles%\Archivo de Sistema\Regsys.exe"
"%programfiles%\google\chrome\application\chrome.bat"
"%programfiles%\google\chrome\application\emorhc.bat"
"%programfiles%\ieadsblocker.dll"
"%programfiles%\iis\iis.exe"
"%programfiles%\internet explorer\erolpxei.bat"
"%programfiles%\internet explorer\iexplore.bat"
"%programfiles%\internet explorer\internet.exe"
"%programfiles%\microsoft\sysnm.exe"
"%programfiles%\opera\arepo.bat"
"%programfiles%\netcut\netcut.exe"
"%programfiles%\netcut\winpcap.exe"
"%programfiles%\netcut\updater.exe"
"%programfiles%\netcut\netcut.skn"
"%programfiles%\netcut\NetCut support.lnk"
"%programfiles%\opera\opera.bat"
"%programfiles%\prefs.js"
"%programfiles%\reference
assemblies\microsoft\framework\v3.5\redistlist\syscomplus80.exe"
"%programfiles%\task host\taskhost.exe"
"%startup%\%username%.exe"
"%systemdrive%\a\wincheckfe.exe"
"%systemdrive%\chatzum_nt.exe"
"%systemdrive%\chromehplog.txt"
"%systemdrive%\clarainstaller.txt"
"%systemdrive%\domainblacklist.xml"
"%systemdrive%\end"
"%systemdrive%\user.js"
"%userprofile%\funshion.ini"
"%windir%\ads.js"
"%windir%\amdave64win.exe"
"%windir%\apppatch\apppatch64\vcldr64.dll"
"%windir%\apppatch\custom\custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb"
"%windir%\apppatch\custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb"
"%windir%\apppatch\nbin\vc32loader.dll"
"%windir%\chp.exe"
"%windir%\chromebrowser.exe"
"%windir%\country"
"%windir%\couponprinter.ocx"
"%windir%\cygavb.exe"
"%windir%\default.cfg"
"%windir%\dvf.exe"
"%windir%\exentinfo.exe"
"%windir%\fiddlercore4.dll"
"%windir%\hgfs.sys"
"%windir%\initcvtr.bat"
"%windir%\keywords.txt"
"%windir%\kyq.dat"
"%windir%\launcher.exe"
"%windir%\lnx.dat"
"%windir%\lnx.exe"
"%windir%\mdvf.exe"
"%windir%\memupdate.exe"
"%windir%\mhg.dat"
"%windir%\mhg.exe"
"%windir%\mint.exe"
"%windir%\mlnx.exe"
"%windir%\mlwps.exe"
"%windir%\mmhg.exe"
"%windir%\mrzv.exe"
"%windir%\mstdcvtr.bat"
"%windir%\navigatorvph.txt"
"%windir%\patsearch.bin"
"%windir%\pgbmaf.exe"
"%windir%\plofgye"
"%windir%\popup_count.txt"
"%windir%\prleth.sys"
"%windir%\provider\updatertoolservice.exe"
"%windir%\pss\wandoujia_helper.lnk"
"%windir%\rcore.exe"
"%windir%\reimage.ini"
"%windir%\rzv.dat"
"%windir%\s.bat"
"%windir%\sc.bat"
"%windir%\screentk.sys"
"%windir%\searchkeeper.exe"
"%windir%\shost.bin"
"%windir%\soxe"
"%windir%\storegidfilter.sys"
"%windir%\svchost.exe"
"%windir%\sysfix.exe"
"%windir%\sysinfo.exe"
"%windir%\tempcoral.vbs"
"%windir%\updatesvc.exe"
"%windir%\version.ini"
"%windir%\version_navigator.txt"
"%windir%\verson_hawker.txt"
"%windir%\winfix.ini"
"%windir%\wininit.ini"
"%windir%\winload32.exe"
"%windir%\wuappl.exe"
"%windir%\zri.dat"
"%systemdrive%\autorun.inf"
"%systemdrive%\Downadup@VULN.exe"
"%systemdrive%\*.bat"
"%systemdrive%\*.vbs"
"%systemdrive%\*.reg"
"%systemdrive%\*.com"
"%systemdrive%\*.lnk"
"%systemdrive%\img2007-12.JPEG.scr"
"%systemdrive%\image114.JPG-scannedby-MSN.com"
"%systemdrive%\misfacebook.com.zip"
"%systemdrive%\myspace-pics.zip"
"%systemdrive%\Happy2008-Card.com"
"%systemdrive%\picture_004-new4myspace.JPEG-scan"
"%systemdrive%\New-year2008-image15.scr"
"%systemdrive%\image134.jpg-www.photoshare.com"
"%systemdrive%\Image-005.JPEG_escudrinado-MSN.com"
"%systemdrive%\New-Year2008-imgaes.zip"
"%systemdrive%\new-photos.zip"
"%systemdrive%\santasuite.jpg.exe"
"%systemdrive%\MenssagemAnoNovo.exe"
"%systemdrive%\LechucK.exe"
"%systemdrive%\Feliz_Natal.exe"
"%systemdrive%\myspace-pics.zip"
"%systemdrive%\N039_jpg.zip"
"%systemdrive%\Nokia_19_jpg.zip"
"%systemdrive%\myimage.zip"
"%systemdrive%\new-photos.zip"
"%systemdrive%\New-Year2008-imgaes.zip"
"%systemdrive%\NewYearsParty.zip"
"%systemdrive%\p0017_jpg.zip"
"%systemdrive%\Photos-webcam2007.zip"
"%systemdrive%\picts-XXXX.zip"
"%systemdrive%\PictureAlbum2007.zip"
"%systemdrive%\portaldeayuda.zip"
"%systemdrive%\S_00305_jpg.zip"
"%systemdrive%\W139_jpg.zip"
"%systemdrive%\Winks Instalador.exe"
"%systemdrive%\Z058_jpg.zip"
"%systemdrive%\Image-006.JPEG_www.myspace.com"
"%systemdrive%\image.zip"
"%systemdrive%\imageXX.zip"
"%systemdrive%\IMG-XXXX.zip"
"%systemdrive%\img4851.zip"
"%systemdrive%\IMG-0024.zip"
"%systemdrive%\IMG0024.zip"
"%systemdrive%\misfacebook.com.zip"
"%systemdrive%\mispicturas.zip"
"%systemdrive%\facebookfoto.zip"
"%systemdrive%\MessengerSkinner .zip"
"%systemdrive%\MessengerSkinner.zip"
"%systemdrive%\MSN Content Plus .zip"
"%systemdrive%\MSN Messenger Guiños.zip"
"%systemdrive%\My_Pictures2007"
"%systemdrive%\MyGallery5156.zip"
"%systemdrive%\Conficker.A.dll"
"%systemdrive%\Foto_Celular.scr"
"%systemdrive%\Foto_Celular.zip"
"%systemdrive%\Foto_Posse.zip"
"%systemdrive%\Bush.exe"
"%systemdrive%\Desnuda.exe"
"%systemdrive%\F0538_jpg.zip"
"%systemdrive%\Facebook.zip"
"%systemdrive%\facebookfoto.zip"
"%systemdrive%\Fotos.zip – Fotos roberto.exe"
"%systemdrive%\fotopara-facebook.com.zip"
"%systemdrive%\fotos-facebook.com.zip"
"%systemdrive%\fotoparamyspace.com.zip"
"%systemdrive%\Happy2008.zip"
"%systemdrive%\imag091307.zip"
"%systemdrive%\alcss.exe"
"%systemdrive%\dllhost.exe"
"%systemdrive%\Ati2evxx.exe"
"%systemdrive%\WINDOWS\Ati2evxx.exe"
"%systemdrive%\WINDOWS\alcss.exe"
"%systemdrive%\WINDOWS\dllhost.exe"
"%systemdrive%\WINDOWS\system32\Ati2evxx.exe"
"%systemdrive%\WINDOWS\system32\*.rar"
"%systemdrive%\WINDOWS\system32\FelizNatal.exe"
"%systemdrive%\WINDOWS\system32\*.jpg"
"%systemdrive%\WINDOWS\system32\*.pn"
"%systemdrive%\WINDOWS\system32\*.pl"
"%systemdrive%\WINDOWS\system32\alcss.exe"
"%systemdrive%\WINDOWS\system32\Feliz_Natal.exe"
"%systemdrive%\WINDOWS\system32\LechucK.exe"
"%systemdrive%\WINDOWS\system32\MenssagemAnoNovo.exe"
"%systemdrive%\WINDOWS\system32\santasuite.jpg.exe"
"%systemdrive%\WINDOWS\system32\new-photos.zip"
"%systemdrive%\WINDOWS\system32\New-Year2008-imgaes.zip"
"%systemdrive%\WINDOWS\system32\Image-005.JPEG_escudrinado-MSN.com"
"%systemdrive%\WINDOWS\system32\image134.jpg-www.photoshare.com"
"%systemdrive%\WINDOWS\system32\New-year2008-image15.scr"
"%systemdrive%\WINDOWS\system32\picture_004-new4myspace.JPEG-scan"
"%systemdrive%\WINDOWS\system32\Happy2008-Card.com"
"%systemdrive%\WINDOWS\system32\myspace-pics.zip"
"%systemdrive%\WINDOWS\system32\misfacebook.com.zip"
"%systemdrive%\WINDOWS\system32\image114.JPG-scannedby-MSN.com"
"%systemdrive%\WINDOWS\system32\img2007-12.JPEG.scr"
"%systemdrive%\WINDOWS\system32\Image-006.JPEG_www.myspace.com"
"%systemdrive%\WINDOWS\system32\Z058_jpg.zip"
"%systemdrive%\WINDOWS\system32\Winks Instalador.exe"
"%systemdrive%\WINDOWS\system32\W139_jpg.zip"
"%systemdrive%\WINDOWS\system32\S_00305_jpg.zip"
"%systemdrive%\WINDOWS\system32\portaldeayuda.zip"
"%systemdrive%\WINDOWS\system32\PictureAlbum2007.zip"
"%systemdrive%\WINDOWS\system32\picts-XXXX.zip"
"%systemdrive%\WINDOWS\system32\Photos-webcam2007.zip"
"%systemdrive%\WINDOWS\system32\p0017_jpg.zip"
"%systemdrive%\WINDOWS\system32\NewYearsParty.zip"
"%systemdrive%\WINDOWS\system32\New-Year2008-imgaes.zip"
"%systemdrive%\WINDOWS\system32\new-photos.zip"
"%systemdrive%\WINDOWS\system32\myimage.zip"
"%systemdrive%\WINDOWS\system32\Downadup@VULN.exe"
"%systemdrive%\WINDOWS\system32\Nokia_19_jpg.zip"
"%systemdrive%\WINDOWS\system32\N039_jpg.zip"
"%systemdrive%\WINDOWS\system32\myspace-pics.zip"
"%systemdrive%\WINDOWS\system32\MyGallery5156.zip"
"%systemdrive%\WINDOWS\system32\My_Pictures2007"
"%systemdrive%\WINDOWS\system32\MSN Messenger Guiños.zip"
"%systemdrive%\WINDOWS\system32\MSN Content Plus .zip"
"%systemdrive%\WINDOWS\system32\MessengerSkinner.zip"
"%systemdrive%\WINDOWS\system32\mispicturas.zip"
"%systemdrive%\WINDOWS\system32\misfacebook.com.zip"
"%systemdrive%\WINDOWS\system32\IMG0024.zip"
"%systemdrive%\WINDOWS\system32\IMG-0024.zip"
"%systemdrive%\WINDOWS\system32\img4851.zip"
"%systemdrive%\WINDOWS\system32\IMG-XXXX.zip"
"%systemdrive%\WINDOWS\system32\imageXX.zip"
"%systemdrive%\WINDOWS\system32\image.zip"
"%systemdrive%\WINDOWS\system32\imag091307.zip"
"%systemdrive%\WINDOWS\system32\Happy2008.zip"
"%systemdrive%\WINDOWS\system32\fotoparamyspace.com.zip"
"%systemdrive%\WINDOWS\system32\fotosfacebook*.com.zip"
"%systemdrive%\WINDOWS\system32\fotos-facebook.com.zip"
"%systemdrive%\WINDOWS\system32\fotopara-facebook*.com.zip"
"%systemdrive%\WINDOWS\system32\fotopara*-facebook.com.zip"
"%systemdrive%\WINDOWS\system32\fotopara-facebook.com.zip"
"%systemdrive%\WINDOWS\system32\Fotos.zip – Fotos roberto.exe"
"%systemdrive%\WINDOWS\system32\facebookfoto.zip"
"%systemdrive%\WINDOWS\system32\Facebook.zip"
"%systemdrive%\WINDOWS\system32\F0538_jpg.zip"
"%systemdrive%\WINDOWS\system32\Desnuda.exe"
"%systemdrive%\WINDOWS\system32\Bush.exe"
"%systemdrive%\WINDOWS\system32\Foto_Posse.zip"
"%systemdrive%\WINDOWS\system32\Foto_Celular.zip"
"%systemdrive%\WINDOWS\system32\Foto_Celular.scr"
"%systemdrive%\WINDOWS\system32\Conficker.A.exe"
"%systemdrive%\WINDOWS\system32\Conficker.A.dll"
"%systemdrive%\WINDOWS\system32\Downadup@VULN.exe"
"%systemdrive%\WINDOWS\system32\Downadup@VULN.dll"
"%systemdrive%\WINDOWS\system32\Downadup@VULN.cmd"
"%systemdrive%\WINDOWS\system32\Downadup@VULN.scr"
"%systemdrive%\WINDOWS\system32\autorun.inf"
"%systemdrive%\WINDOWS\system32\autoconv(1).exe"
"%systemdrive%\WINDOWS\system32\scrnsave(1).scr"
"%systemdrive%\WINDOWS\system32\gaopdxopgfgpkxrtospueopofpxumsvftrqdbc.dll"
"%systemdrive%\WINDOWS\system32\病毒.exe"
"%systemdrive%\WINDOWS\system32\损害.exe"
"%systemdrive%\WINDOWS\system32\恶意软件.exe"
"%systemdrive%\WINDOWS\system32\木马.exe"
"%systemdrive%\WINDOWS\system32\¿¿¿¿.exe"
"%systemdrive%\WINDOWS\system32\¿¿¿.exe"
"%systemdrive%\WINDOWS\system32\¿¿.exe"
"%systemdrive%\WINDOWS\system32\¿.exe"
"%systemdrive%\WINDOWS\system32\antivirus.exe"
"%systemdrive%\WINDOWS\system32\anty.exe"
"%systemdrive%\WINDOWS\system32\klñ.exe"
"%systemdrive%\WINDOWS\system32\tranpa.exe"
"%systemdrive%\WINDOWS\system32\trampa.exe"
"%systemdrive%\WINDOWS\system32\friv.exe"
"%systemdrive%\WINDOWS\system32\frix.exe"
"%systemdrive%\WINDOWS\system32\juegos.exe"
"%systemdrive%\WINDOWS\system32\juego.exe"
"%systemdrive%\WINDOWS\system32\muerte.exe"
"%systemdrive%\WINDOWS\system32\diablos.exe"
"%systemdrive%\WINDOWS\system32\diablo.exe"
"%systemdrive%\WINDOWS\system32\xxx.exe"
"%systemdrive%\WINDOWS\system32\porno.exe"
"%systemdrive%\WINDOWS\system32\fixtodo.exe"
"%systemdrive%\WINDOWS\system32\safary.exe"
"%systemdrive%\WINDOWS\system32\safari.exe"
"%systemdrive%\WINDOWS\system32\explore.exe"
"%systemdrive%\WINDOWS\system32\explorer.exe"
"%systemdrive%\WINDOWS\system32\windows.exe"
"%systemdrive%\WINDOWS\system32\click.exe"
"%systemdrive%\WINDOWS\system32\clicks.exe"
"%systemdrive%\WINDOWS\system32\karaoke.exe"
"%systemdrive%\WINDOWS\system32\pc fix.exe"
"%systemdrive%\WINDOWS\system32\pc reparir.exe"
"%systemdrive%\WINDOWS\system32\joder.exe"
"%systemdrive%\WINDOWS\system32\muerte.exe"
"%systemdrive%\WINDOWS\system32\recycler.exe"
"%systemdrive%\WINDOWS\system32\basura.exe"
"%systemdrive%\WINDOWS\system32\indectectable.exe"
"%systemdrive%\WINDOWS\system32\exec.exe"
"%systemdrive%\WINDOWS\system32\123456789.exe"
"%systemdrive%\WINDOWS\system32\12345678.exe"
"%systemdrive%\WINDOWS\system32\1234567.exe"
"%systemdrive%\WINDOWS\system32\123456.exe"
"%systemdrive%\WINDOWS\system32\12345.exe"
"%systemdrive%\WINDOWS\system32\1234.exe"
"%systemdrive%\WINDOWS\system32\123.exe"
"%systemdrive%\WINDOWS\system32\errorcode.exe"
"%systemdrive%\WINDOWS\system32\sijilo.exe"
"%systemdrive%\WINDOWS\system32\escondido.exe"
"%systemdrive%\WINDOWS\system32\amenazaz.bat"
"%systemdrive%\WINDOWS\system32\amenasas.bat"
"%systemdrive%\WINDOWS\system32\amenasa.bat"
"%systemdrive%\WINDOWS\system32\amenazas.bat"
"%systemdrive%\WINDOWS\system32\amenaza.bat"
"%systemdrive%\WINDOWS\system32\amenazaz.exe"
"%systemdrive%\WINDOWS\system32\amenasas.exe"
"%systemdrive%\WINDOWS\system32\amenasa.exe"
"%systemdrive%\WINDOWS\system32\amenazas.exe"
"%systemdrive%\WINDOWS\system32\amenaza.exe"
"%systemdrive%\WINDOWS\system32\Tron.vbs"
"%systemdrive%\WINDOWS\system32\amenazaz.vbs"
"%systemdrive%\WINDOWS\system32\amenasas.vbs"
"%systemdrive%\WINDOWS\system32\amenasa.vbs"
"%systemdrive%\WINDOWS\system32\amenazas.vbs"
"%systemdrive%\WINDOWS\system32\amenaza.vbs"
"%systemdrive%\WINDOWS\system32\mataTodo.vbs"
"%systemdrive%\WINDOWS\system32\mataVirus.vbs"
"%systemdrive%\WINDOWS\system32\mata recycler.vbs"
"%systemdrive%\WINDOWS\system32\iloveyou.bat"
"%systemdrive%\WINDOWS\system32\iloveyou.zqw"
"%systemdrive%\WINDOWS\system32\iloveyou.com"
"%systemdrive%\WINDOWS\system32\iloveyou.html"
"%systemdrive%\WINDOWS\system32\iloveyou.exe"
"%systemdrive%\WINDOWS\system32\iloveyou.vbs"
"%systemdrive%\WINDOWS\system32\virus mata.vbs"
"%systemdrive%\WINDOWS\system32\matarecycler.vbs"
"%systemdrive%\WINDOWS\system32\recycler.vbs"
"%systemdrive%\WINDOWS\system32\espiando.vbs"
"%systemdrive%\WINDOWS\system32\regalo.vbs"
"%systemdrive%\WINDOWS\system32\normal.vbs"
"%systemdrive%\WINDOWS\system32\virusparadañar.vbs"
"%systemdrive%\WINDOWS\system32\dañar.vbs"
"%systemdrive%\WINDOWS\system32\spyware.vbs"
"%systemdrive%\WINDOWS\system32\troyan.vbs"
"%systemdrive%\WINDOWS\system32\troyans.vbs"
"%systemdrive%\WINDOWS\system32\troyanos.vbs"
"%systemdrive%\WINDOWS\system32\help.vbs"
"%systemdrive%\WINDOWS\system32\SysDrivers.vbs"
"%systemdrive%\WINDOWS\system32\v5.vbs"
"%systemdrive%\WINDOWS\system32\virus.vbs"
"%systemdrive%\WINDOWS\system32\viru.vbs"
"%systemdrive%\WINDOWS\system32\spyware.bat"
"%systemdrive%\WINDOWS\system32\spyware.exe"
"%systemdrive%\WINDOWS\system32\troyanos.exe"
"%systemdrive%\WINDOWS\system32\troyano.exe"
"%systemdrive%\WINDOWS\system32\troyans.exe"
"%systemdrive%\WINDOWS\system32\viru.exe"
"%systemdrive%\WINDOWS\system32\virus.exe"
"%systemdrive%\WINDOWS\system32\espia.exe"
"%systemdrive%\WINDOWS\system32\spia.bat"
"%systemdrive%\WINDOWS\system32\espia.bat"
"%systemdrive%\WINDOWS\system32\detenerprocesos.bat"
"%systemdrive%\WINDOWS\system32\svchost.vbs"
"%systemdrive%\WINDOWS\system32\svchost.com"
"%systemdrive%\WINDOWS\system32\svchost.zwr"
"%systemdrive%\WINDOWS\system32\svchost.bat"
"%systemdrive%\WINDOWS\system32\virus.bat"
"%systemdrive%\WINDOWS\system32\viru.bat"
"%systemdrive%\1.bat"
"%systemdrive%\2.bat"
"%systemdrive%\3.bat"
"%systemdrive%\4.bat"
"%systemdrive%\5.bat"
"%systemdrive%\6.bat"
"%systemdrive%\7.bat"
"%systemdrive%\8.bat"
"%systemdrive%\9.bat"
"%systemdrive%\10.bat"
"%systemdrive%\abk.bat"
"%systemdrive%\cv22.cmd"
"%systemdrive%\a.cmd"
"%systemdrive%\b.cmd"
"%systemdrive%\c.cmd"
"%systemdrive%\d.cmd"
"%systemdrive%\e.cmd"
"%systemdrive%\f.cmd"
"%systemdrive%\g.cmd"
"%systemdrive%\h.cmd"
"%systemdrive%\i.cmd"
"%systemdrive%\j.cmd"
"%systemdrive%\k.cmd"
"%systemdrive%\l.cmd"
"%systemdrive%\m.cmd"
"%systemdrive%\n.cmd"
"%systemdrive%\ñ.cmd"
"%systemdrive%\o.cmd"
"%systemdrive%\p.cmd"
"%systemdrive%\q.cmd"
"%systemdrive%\r.cmd"
"%systemdrive%\s.cmd"
"%systemdrive%\t.cmd"
"%systemdrive%\u.cmd"
"%systemdrive%\v.cmd"
"%systemdrive%\w.cmd"
"%systemdrive%\x.cmd"
"%systemdrive%\y.cmd"
"%systemdrive%\z.cmd"
"%systemdrive%\gy.exe"
"%systemdrive%\h1.bat"
"%systemdrive%\h2.bat"
"%systemdrive%\h3.bat"
"%systemdrive%\h4.bat"
"%systemdrive%\h5.bat"
"%systemdrive%\h6.bat"
"%systemdrive%\h7.bat"
"%systemdrive%\h8.bat"
"%systemdrive%\h9.bat"
"%systemdrive%\h10.bat"
"%systemdrive%\hl80c6b1.com"
"%systemdrive%\hyetn1i.exe"
"%systemdrive%\ij.bat"
"%systemdrive%\ur0.bat"
"%systemdrive%\pook.*"
"%systemdrive%\w98.*"
"%systemdrive%\m0vnon*.*"
"%systemdrive%\1utbfd.*"
"%systemdrive%\0w.bat"
"%systemdrive%\1w.bat"
"%systemdrive%\2w.bat"
"%systemdrive%\3w.bat"
"%systemdrive%\4w.bat"
"%systemdrive%\5w.bat"
"%systemdrive%\6w.bat"
"%systemdrive%\7w.bat"
"%systemdrive%\8w.bat"
"%systemdrive%\9w.bat"
"%systemdrive%\10w.bat"
"%systemdrive%\w0.bat"
"%systemdrive%\w1.bat"
"%systemdrive%\w2.bat"
"%systemdrive%\w3.bat"
"%systemdrive%\w4.bat"
"%systemdrive%\w5.bat"
"%systemdrive%\w6.bat"
"%systemdrive%\w7.bat"
"%systemdrive%\w8.bat"
"%systemdrive%\w9.bat"
"%systemdrive%\w10.bat"
"%systemdrive%\jeorels.cmd"
"%systemdrive%\m2nl.bat"
"%systemdrive%\uvsqfgwd.cmd"
"%systemdrive%\gfqgq.cmd"
"%systemdrive%\qphdin.com"
"%systemdrive%\m2nl.bat"
"%systemdrive%\x1csvg.exe"
"%systemdrive%\x2csvg.exe"
"%systemdrive%\ur0.com"
"%systemdrive%\ve.exe"
"%systemdrive%\2fiy.bat"
"%systemdrive%\opgde.exe"
"%systemdrive%\pibts.pif"
"%systemdrive%\WINDOWS\system32\olhrwef.exe"
"%systemdrive%\qxty9be.cmd"
"%systemdrive%\08dgu.com"
"%systemdrive%\1gk8ha.bat"
"%systemdrive%\3rl3lqbq.bat"
"%systemdrive%\6fnlpetp.exe"
"%systemdrive%\WINDOWS\SECOH-QAD.EXE"
"%systemdrive%\WINDOWS\Tasks\AmiUpdXp.job"
"%appdata%\Babylon\log_file.txt"
"%appdata%\svchost.exe"
"%systemdrive%\WINDOWS\system32\VirusRemoval.vbs"
"%systemdrive%\WINDOWS\system32\MICROSOFT.vbs"
"%appdata%\rundll32.exe"
"%systemdrive%\WINDOWS\system32\h.exe"
"%systemdrive%\WINDOWS\system32\msiexec16.exe"
"%systemdrive%\WINDOWS\system32\kxajd.a"
"%systemdrive%\WINDOWS\system32\lass.exe"
"%systemdrive%\WINDOWS\system64\h.exe"
"%systemdrive%\WINDOWS\system64\msiexec16.exe"
"%systemdrive%\WINDOWS\system64\kxajd.a"
"%systemdrive%\WINDOWS\system64\lass.exe"
"%systemdrive%\WINDOWS\system32\karaokeser.exe"
"%systemdrive%\WINDOWS\logfile.txt"
"%programfiles%\iSafe\iSafeSvc.exe"
"%programfiles%\iSafe\iSvc.dll"
"%programfiles%\iSafe\sqlite3.dll"
"%programfiles%\iSafe\iSafe.exe"
"%programfiles%\Optimizer Pro\OptProSchedule.exe"
"%programfiles%\Optimizer Pro\OptProSmartScan.exe"
"%programfiles%\File Type Assistant\TSASetup.exe"
"%programfiles%\FinalVideoDownloader\tsasetup.exe"
"%programfiles%\lgxjuggkbgeghq.exe"
"%programfiles%\29613832.exe"
"%temp%\Rood\ihegyk.exe"
"%temp%\DTLite4471-0335.exe"
"%temp%\DeltaTB.exe"
"%temp%\93037790_stp.EXE"
"%temp%\GLJB535\1.exe"
"%temp%\GLJB535\2.exe"
"%temp%\GLJB535\3.exe"
"%temp%\GLJB535\4.exe"
"%temp%\GLJB535\5.exe"
"%temp%\GLJB535\6.exe"
"%temp%\GLJB535\7.exe"
"%temp%\GLJB535\8.exe"
"%temp%\GLJB535\9.exe"
"%temp%\GLJB535\10.exe"
"%temp%\GLJB534\1.exe"
"%temp%\GLJB534\2.exe"
"%temp%\GLJB534\3.exe"
"%temp%\GLJB534\4.exe"
"%temp%\GLJB534\5.exe"
"%temp%\GLJB534\6.exe"
"%temp%\GLJB534\7.exe"
"%temp%\GLJB534\8.exe"
"%temp%\GLJB534\9.exe"
"%temp%\GLJB534\10.exe"
"%temp%\GLJB533\1.exe"
"%temp%\GLJB533\2.exe"
"%temp%\GLJB533\3.exe"
"%temp%\GLJB533\4.exe"
"%temp%\GLJB533\5.exe"
"%temp%\GLJB533\6.exe"
"%temp%\GLJB533\7.exe"
"%temp%\GLJB533\8.exe"
"%temp%\GLJB533\9.exe"
"%temp%\GLJB533\10.exe"
"%temp%\GLJB533\ecc7c8c51c0850c1ec247c7fd3602f20.exe"
"%systemdrive%\Windows\Temp\svchost.exe"
"%userprofile%\AppData\Local\pkwfafbpuiopvbjvb.exe"
"%userprofile%\AppData\Local\pkwfafbpuiopvbjvb(2).exe"
"%temp%\VSD336F.tmp\INSTALADOR.exe"
"%temp%\atayfjhz.ini\*.*"
) DO (
IF EXIST %%i (
set/a x= x+1 %%i >NUL 2>&1
%Arc% %%i >NUL 2>&1
IF EXIST %%i ( ECHO(Error Al Eliminar: %%i ^(Archivo^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: %%i ^(Archivo^)>>"%Esc
%\Malware.txt" )
)
)

for %%i in (
"%temp%\Temporary Internet Files\Content.IE5\84MG7AF6\desktop.ini"
"%temp%\Temporary Internet Files\Content.IE5\O4XECYKT\desktop.ini"
"%temp%\Temporary Internet Files\Content.IE5\WXNUK1VP\desktop.ini"
"%temp%\Temporary Internet Files\Content.IE5\XWHIEVLX\desktop.ini"
) DO (
IF EXIST %%i (
set/a x= x+1 %%i >NUL 2>&1
%Arc% %%i >NUL 2>&1
IF EXIST %%i ( ECHO(Error Al Eliminar: %%i ^(Temporales Del
Internet^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: %%i ^(Temporales
Del Internet^)>>"%Esc%\Malware.txt" )
)
)

:: Base De Datos 1 Primera Ks


for /f "usebackq delims=" %%i in ("%Basedb%\DataBase_Temp.Es.Pr") do (
DIR "%temp%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Arc% "%temp%\%%i" >NUL 2>&1
DIR "%temp%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%temp%\%%i" ^(Virus^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%temp%\%%i" ^(Virus^)>>"%Esc
%\Malware.txt" )
)
)
:: systemdrive
for /f "usebackq delims=" %%i in ("%Basedb%\DataBase_Inicio.Pr") do (
DIR "%STARTUP%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Arc% "%STARTUP%\%%i" >NUL 2>&1
DIR "%STARTUP%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%STARTUP%\%%i" ^(Virus^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%STARTUP%\%%i" ^(Virus^)>>"%Esc
%\Malware.txt" )
)
)
:: Base De Datos Otras

for /f "usebackq delims=" %%i in ("%Basedb%\DataBase_Temp.Pr") do (


DIR "%temp%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Arc% "%temp%\%%i" >NUL 2>&1
DIR "%temp%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%temp%\%%i" ^(Virus^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%temp%\%%i" ^(Virus^)>>"%Esc
%\Malware.txt" )
)
)
:: systemdrive
for /f "usebackq delims=" %%i in ("%Basedb%\DataBase_Principal.Pr") do (
DIR "%systemdrive%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Arc% "%systemdrive%\%%i" >NUL 2>&1
DIR "%systemdrive%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%systemdrive%\%%i"
^(Virus^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%systemdrive%\%%i"
^(Virus^)>>"%Esc%\Malware.txt" )
)
)
:: Windows
for /f "usebackq delims=" %%i in ("%Basedb%\DataBase_Windows.Pr") do (
DIR "%systemdrive%\Windows\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Arc% "%systemdrive%\Windows\%%i" >NUL 2>&1
DIR "%systemdrive%\Windows\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%systemdrive%\Windows\%%i"
^(Virus^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%systemdrive
%\Windows\%%i" ^(Virus^)>>"%Esc%\Malware.txt" )
)
)
::System32
for /f "usebackq delims=" %%i in ("%Basedb%\DataBase_System32.Pr") do (
DIR "%windir%\System32\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Arc% "%windir%\System32\%%i" >NUL 2>&1
DIR "%windir%\System32\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%windir%\System32\%%i"
^(Virus^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%windir
%\System32\%%i" ^(Virus^)>>"%Esc%\Malware.txt" )
)
)
::System64
for /f "usebackq delims=" %%i in ("%Basedb%\DataBase_System64.Pr") do (
DIR "%windir%\System64\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
set/a x= x+1 %%i >NUL 2>&1
%Arc% "%windir%\System64\%%i" >NUL 2>&1
DIR "%windir%\System64\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%windir%\System64\%%i"
^(Virus^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%windir
%\System64\%%i" ^(Virus^)>>"%Esc%\Malware.txt" )
)
)
:Drivers_SOSPECHOSOS
DIR /B/A:-D "%SYS32%\drivers\{????????-????-????-????-????????????}*.sys"
2>NUL>"%Esc3%\Drivers_Sospechosos"
DIR /B/A:-D "%SYS32%\drivers\????m??2????b??.sys"
2>NUL>>"%Esc3%\Drivers_Sospechosos"
DIR /B/A:-D "%SYS32%\drivers\n??3????m??????.sys"
2>NUL>>"%Esc3%\Drivers_Sospechosos"
DIR /B/A:-D "%SYS32%\drivers\?*fd_?*_?*_?*_?*.sys"
2>NUL>>"%Esc3%\Drivers_Sospechosos"
DIR /B/A:-D "%SYS32%\drivers\?*fd_v?_?*_?*_?*_?*.sys"
2>NUL>>"%Esc3%\Drivers_Sospechosos"
DIR /B/A:-D "%SYS32%\drivers\?*drvr_v?_?*_?*_?*_?*.sys"
2>NUL>>"%Esc3%\Drivers_Sospechosos"
FC "%Esc3%\Drivers_Sospechosos" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All1 )
"%GREP%" -P "^[a-z0-9]{4}m[a-z0-9]{2}2[a-z0-9]{4}b[a-z0-9]{2}\.sys$|^n[a-z0-9]
{2}3[a-z0-9]{4}m[a-z0-9]{6}\.sys$|^[a-z]{1,4}(fd|
drvr)_.*\d{1,2}_\d{1,2}_\d{1,2}_\d{1,2}\.sys$"
"%Esc3%\Drivers_Sospechosos">"%Esc3%\Drivers_Sospechosos_H"
"%GREP%" -i -P "^\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\}
(gt|gt64|gw|gw64|t|t64|w|w64)\.sys$"
"%Esc3%\Drivers_Sospechosos">>"%Esc3%\Drivers_Sospechosos_H"
FC "%Esc3%\Drivers_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All1 )
for /f "usebackq delims=" %%i in ("%Esc3%\Drivers_Sospechosos_H") do (
DEL /F/Q "%SYS32%\Drivers\%%i" >NUL 2>&1
IF EXIST "%SYS32%\Drivers\%%i" ( ECHO(Error Al Eliminar: %SYS32%\Drivers\%%i
^(Archivo^)>>"%Esc%\%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
%SYS32%\Drivers\%%i ^(Archivo^)>>"%Esc%\Malware.txt" )
)
:All1
for /f "usebackq delims=" %%i in ("%Rp1%\Acessos_Directos.Win") do (
DIR "%QUICKLAUNCHALL%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%QUICKLAUNCHALL%\%%i" >NUL 2>&1
DIR "%QUICKLAUNCHALL%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%QUICKLAUNCHALL%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%QUICKLAUNCHALL%\%
%i" ^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%PROGRAMS1ALL%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%PROGRAMS1ALL%\%%i" >NUL 2>&1
DIR "%PROGRAMS1ALL%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMS1ALL%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%PROGRAMS1ALL%\%
%i" ^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%PROGRAMS2ALL%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%PROGRAMS2ALL%\%%i" >NUL 2>&1
DIR "%PROGRAMS2ALL%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMS2ALL%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%PROGRAMS2ALL%\%
%i" ^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%STARTUP%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%STARTUP%\%%i" >NUL 2>&1
DIR "%STARTUP%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%STARTUP%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%STARTUP%\%%i"
^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%userprofile%\Desktop\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%userprofile%\Desktop\%%i" >NUL 2>&1
DIR "%userprofile%\Desktop\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%userprofile%\Desktop\%%i"
^(Acceso Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar:
"%userprofile%\Desktop\%%i" ^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
)
:: Falsas Licencias
cd /d "%windir%\Temp" >NUL 2>&1
for /d %%a in (
mrt????.tmp
) do (
DIR "%windir%\temp\%%a\stdrt.exe" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%windir%\Temp\%%a\stdrt.exe" >NUL 2>&1
DIR "%windir%\temp\%%a\stdrt.exe" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: %windir%\Temp\%%a\stdrt.exe
^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: %windir%\Temp\%
%a\stdrt.exe ^(Archivo^)>>"%Esc%\Malware.txt" )
)
)
DIR /B/A:-D "%systemdrive%\awh*.tmp" 2>NUL>"%Esc3%\Systemdrive_w_Sospechosos"
"%GREP%" -P "^awh[0-9A-F]{3,4}\.tmp$"
"%Esc3%\Systemdrive_w_Sospechosos">"%Esc3%\Systemdrive_w_Sospechosos_H"
FC "%Esc3%\Systemdrive_w_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All2 )
for /f "usebackq delims=" %%i in ("%Esc3%\Systemdrive_w_Sospechosos_H") do (
DEL /F/Q "%systemdrive%\%%i" >NUL 2>&1
IF EXIST "%systemdrive%\%%i" ( ECHO(Error Al Eliminar: %systemdrive%\%%i
^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: %systemdrive%\%
%i ^(Archivo^)>>"%Esc%\Malware.txt" )
)
:All2
DIR /B/A:-D "%LOCALA%" 2>NUL>"%Esc3%\Local_Settings_Sopecosos"
"%GREP%" -P "^[0-9a-f]{32}$|^Tempdivx[0-9a-f]{4}$"
"%Esc3%\Local_Settings_Sopecosos">"%Esc3%\Local_Settings_Sopecosos_H"
FC "%Esc3%\Local_Settings_Sopecosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All3 )
for /f "usebackq delims=" %%i in ("%Esc3%\Local_Settings_Sopecosos_H") do (
DEL /F/Q "%LOCALA%\%%i" >NUL 2>&1
IF EXIST "%LOCALA%\%%i" ( ECHO(Error Al Eliminar: "%LOCALA%\%%i"
^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: "%LOCALA%\%%i"
^(Archivo^)>>"%Esc%\Malware.txt" )
)
:All3
DIR /B/A:-D "%ALLUSERSPROFILE%\*.dat" 2>NUL>"%Esc3%\Todos_Usuario_Sospechosos"
DIR /B/A:-D "%ALLUSERSPROFILE%\*.bin" 2>NUL>>"%Esc3%\Todos_Usuario_Sospechosos"
"%GREP%" -P "^\d{10}\.bdinstall\.bin$|^\d{10}\.\d{3,4}\.bin$"
"%Esc3%\Todos_Usuario_Sospechosos">"%Esc3%\Todos_Usuario_Sospechosos_H"
"%GREP%" -i -P "^\w{6,9}\.dat$" "%Esc3%\Todos_Usuario_Sospechosos"|"%GREP%" -P
"\d{1,}.*\d{1,}">>"%Esc3%\Todos_Usuario_Sospechosos_H"
FC "%Esc3%\Todos_Usuario_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All4 )
for /f "usebackq delims=" %%i in ("%Esc3%\Todos_Usuario_Sospechosos_H") do (
DEL /F/Q "%ALLUSERSPROFILE%\%%i" >NUL 2>&1
IF EXIST "%ALLUSERSPROFILE%\%%i" ( ECHO(Error Al Eliminar: "%ALLUSERSPROFILE%\%
%i" ^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"%ALLUSERSPROFILE%\%%i" ^(Archivo^)>>"%Esc%\Malware.txt" )
)
:All4
DIR /B/A:-D "%APPDATA%\*.exe" 2>NUL>"%Esc3%\Appdata_exe_sospechosos"
"%GREP%" -P "^[A-Z]{4,8}\.exe$|^BackUp\d{9}\.exe$|^~[a-z]{7}\.exe$"
"%Esc3%\Appdata_exe_sospechosos">"%Esc3%\Appdata_exe_sospechosos_H"
FC "%Esc3%\Appdata_exe_sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All5 )
for /f "usebackq delims=" %%i in ("%Esc3%\Appdata_exe_sospechosos_H") do (
DEL /F/Q "%APPDATA%\%%i" >NUL 2>&1
IF EXIST "%APPDATA%\%%i" ( ECHO(Error Al Eliminar: "%APPDATA%\%%i"
^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: "%APPDATA%\%%i"
^(Archivo^)>>"%Esc%\Malware.txt" )
)
:All5
DIR /B/A:-D "%STARTUP%\?.lnk" 2>NUL>"%Esc3%\Startup_lnk_Sospechosos"
"%GREP%" -P "^[a-z]{1}\.lnk$"
"%Esc3%\Startup_lnk_Sospechosos">"%Esc3%\Startup_lnk_Sospechosos_H"
FC "%Esc3%\Startup_lnk_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All6 )
for /f "usebackq delims=" %%i in ("%Esc3%\Startup_lnk_Sospechosos_H") do (
DEL /F/Q "%STARTUP%\%%i" >NUL 2>&1
IF EXIST "%STARTUP%\%%i" ( ECHO(Error Al Eliminar: "%STARTUP%\%%i"
^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: "%STARTUP%\%%i"
^(Archivo^)>>"%Esc%\Malware.txt" )
)
:All6
DIR /B/S "%ALLUSERSPROFILE%\plugin.exe" 2>NUL>"%Esc3%\Plugin_exe_Sospechosos"
DIR /B/S "%ALLUSERSPROFILE%\plugincontainer.exe"
2>NUL>>"%Esc3%\Plugin_exe_Sospechosos"
"%GREP%" -P "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]
{12}\\plugins\\\d{1,2}\\plugin\.exe$|[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]
{4}-[0-9a-f]{12}\\plugincontainer\.exe$"
"%Esc3%\Plugin_exe_Sospechosos">"%Esc3%\Plugin_exe_Sospechosos_H"
FC "%Esc3%\Plugin_exe_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All7 )
for /f "usebackq delims=" %%i in ("%Esc3%\Plugin_exe_Sospechosos_H") do (
DEL /F/Q "%%i" >NUL 2>&1
IF EXIST "%%i" ( ECHO(Error Al Eliminar: "%%i" ^(Archivo^)>>"%Esc%\Malware.txt" )
ELSE ( ECHO(Eliminado Con Exito: "%%i" ^(Archivo^)>>"%Esc%\Malware.txt" )
)
:All7
cd /d "%allusersprofile%" >NUL 2>&1
for /d %%a in (
*c*o*u*p*o*n*
a*c*t*i*v*e*d*e*a*l*s
a*d*b*l*o*c*k*e*r
a*d*b*l*o*c*k*n*w*a*t*c*h
a*d*d*i*c*t*-*t*h*i*n*g
a*d*d*t*o*t*h*i*s
a*l*a*w*a*r
a*l*l*c*h*e*a*p*p*r*i*c*e
a*l*l*d*a*y*p*r*i*c*e
a*l*l*d*a*y*s*a*v*i*n*g*s
a*l*l*d*e*a*l*s*a*p*p
a*l*l*s*a*v*e*r
a*p*p*e*n*d*r*u*n*n*e*r
a*p*p*s*a*v*e*
a*p*p*t*o*u
a*u*t*o*d*e*a*l*s*a*p*p
b*a*l*l*o*o*n*s*d*e*s*i*g*n
b*c*o*o*l
b*e*e*m*p*3
b*e*s*t*a*d*b*l*o*c*k*e*r
b*e*s*t*p*r*i*c*e*s*a*p*p
b*e*s*t*s*a*v*e*f*o*r*y*o*u
b*e*t*e*r*e*m
b*e*t*t*e*r*p*r*i*c*e*
b*e*t*t*e*r*s*h*o*p*p*e*r
b*i*g*d*e*a*l
b*i*o*c*u*r*e
b*i*t*s*a*v*e*r
b*l*o*c*k*t*h*e*a*d*a*p*p
b*l*o*c*k*u*t*u*b*e*a*d
b*r*o*w*s*e*2*s*a*v*e
b*r*o*w*s*e*a*n*d*s*h*o*p
b*r*o*w*s*e*r*e*n*h*a*n*c*e
b*r*o*w*s*e*r*s*h*o*p
b*r*o*w*s*e*t*o*b*u*y
b*r*o*w*s*e*t*o*s*a*v*e
b*r*o*w*s*i*n*g*c*l*e*a*r
b*r*o*w*s*i*n*g*c*l*e*a*r*l*y
b*s*a*v*i*n*g
b*u*y*a*n*d*b*r*o*w*s*e
b*u*y*f*a*s*t
b*u*y*n*s*a*v*e
c*h*e*a*p*4*a*l*l
c*h*e*a*p*c*o*u*p
c*h*e*a*p*m*e
c*h*o*o*s*e*2*s*a*v*e
c*l*e*a*r*b*r*o*w*s*e
c*l*i*c*k*2*s*a*v*e
c*l*i*c*k*f*o*r*s*a*l*e
c*l*i*c*k*s*a*v*i*n*g*s
c*o*d*e*c*-*c
c*o*d*e*c*-*v
c*o*d*e*c*c
c*o*d*e*c*v
c*o*i*n*s*a*v*e
c*o*m*f*y
c*o*m*p*a*r*e*b*u*y
c*o*m*p*a*r*e*i*t*a*p*p
c*o*m*p*a*r*e*i*t*a*p*p*l*i*c
c*o*m*p*a*r*e*t*o*o*p*t*i*m*i*z*e
c*o*n*t*i*n*u*e*t*o*s*a*v*e
c*o*n*v*e*r*t*m*e
c*o*o*l*n*c*h*e*a*p
c*o*o*l*y*o*u
c*o*s*t*m*i*n
c*o*u*p*a*p*p
c*o*u*p*c*o*u*p
c*o*u*p*e*x*t*e*n*s*i*o*n
c*o*u*p*m*a*n*i*a
c*o*u*p*s*c*a*n*n*e*r
c*o*u*p*s*e*e*k
c*o*u*p*y*o*u
c*r*a*z*y*l*o*w*p*r*i*c*e*s
c*u*r*r*e*n*c*y* c*o*n*v*e*r*t*e*r
c*u*t*t*h*e*p*r*i*c*e
d*a*i*l*e*y*p*r*i*z*e
d*a*i*l*y*p*r*i*z*e
d*e*a*l*2*d*e*a*l
d*e*a*l*2*d*e*a*l*i*t
d*e*a*l*4*m*e
d*e*a*l*4*r*e*a*l
d*e*a*l*e*x*p*r*e*s*s
d*e*a*l*n*o*d*e*a*l
d*e*a*l*p*e*a*k
d*e*a*l*p*l*u*g
d*e*a*l*s*f*i*n*d*e*r*p*r*o
d*e*a*l*s*p*a*c*e
d*e*a*l*s*t*a*r*a*p*p
d*e*a*l*s*t*e*r
d*i*g*i*s*a*v*e*r*
d*i*s*c*o*u*n*t*b*o*m*b
d*i*s*c*o*u*n*t*e*x*t*e*n*s*i*o*n
d*i*s*c*o*u*n*t*l*o*c*a*t*o*r
d*i*s*c*o*u*n*t*m*a*n
d*i*s*c*o*u*n*t*s*m*a*s*h*e*r
d*o*c*s*c*o*n*v*e*r*t*e*r
d*o*c*s*v*i*e*w*e*r
d*o*c*t*o*c*o*n*v*e*r*t*e*r
d*o*c*t*o*t*x*t*c*o*n*v*e*r*t
d*o*l*l*a*r*k*e*e*p*e*r
d*o*l*l*a*r*s*a*v*e*r
d*o*w*n*l*o*a*d*a*n*d*s*a
d*o*w*n*l*o*a*d*a*n*d*s*a*v*e
d*o*w*n*l*o*a*d*i*t*k*e*e*p
d*o*w*n*l*o*a*d*k*e*e*p*e*r
d*o*w*n*l*o*a*d*n*s*a*v*e
d*o*w*n*l*o*w*a*p*p
d*o*w*n*s*a*v*e
e*a*r*n*s*a*l*e
e*a*s*y*t*o*s*h*o*p
e*b*o*o*k*b*r*o*w*s*e
e*n*o*r*m*o*u*s*a*l*e*s
e*n*o*r*m*o*u*s*s*a*l*e*s
e*x*e*c*h*e*c*k*e*r
e*x*e*r*u*n*n*e*r
e*x*t*r*a*s*a*v*i*n*g
e*x*t*r*a*s*a*v*i*n*g*s
e*x*t*r*a*s*h*o*p*p*e*r
f*a*s*t*n*c*h*e*a*p
f*a*s*t*s*a*l*e
f*a*s*t*s*a*l*e*r
f*a*s*t*s*a*v*e
f*i*n*d*a*d*e*a*l
f*i*n*d*b*e*s*t*d*e*a*l
f*i*n*d*d*e*a*l*s*o*f*t
f*i*n*e*d*e*a*l*s*o*f*t
f*l*e*x*i*b*l*e*s*h*o*p*p*e*r
f*r*e*e*2*y*o*u
f*r*e*e*d*e*l*i*v*e*r*y
f*u*n*2*s*a*v*e
f*u*n*d*e*a*l*s
f*u*n*s*h*o*p*p*e*r
f*u*n*t*o*s*a*v*e
g*e*t*d*i*s*c*o*u*n*t*a*p*p
g*e*t*s*a*v*i*n
g*e*t*t*h*e*d*i*s*c*o*u*n*t
g*o*s*a*v*e
g*o*s*a*v*e*o
g*r*e*a*t*s*a*v*e*4*u
g*r*e*a*t*s*a*v*e*r
g*r*e*a*t*s*a*v*i*n*g
h*a*p*p*y*2*s*a*v*e
h*a*p*p*y*s*a*l*e*s
h*t*m*l*v*a*l*i*d*a*t*o*r
i*c*o*c*o*n*v*e*r*t*e*r
i*c*o*v*a*l*i*d
i*m*a*g*e*t*o*p*n*g
i*n*s*t*a*p*a*p*e*r
i*s*a*v*e*r
i*t*u*m*e*n
j*o*i*n*t*h*e*s*h*o*p
j*u*m*b*o*d*e*a*l*s
k*e*e*p*e*r*s*e*x*t
k*e*e*p*i*t*b*r*o*w*s*e
k*e*e*p*n*o*w
k*o*b*i
l*e*s*s*2*p*a*y
l*e*t*l*i*v*e
l*o*w*e*r*p*r*i*c*e*s
l*o*w*e*r*p*r*i*c*i*n*g
l*o*w*p*r*i*c*e*s
l*o*w*r*a*t*e
l*u*c*k*y*s*h*o*p*p*e*r
m*a*g*n*i*p*i*c
m*a*r*k*e*t*c*o*m*p*a*r*e
m*i*n*i*m*u*m*p*r*i*c*e
m*o*n*s*o*o*n*r*e*v*e*n*u*e
m*p*3*m*a*k*e*r
m*y*p*r*i*c*e*c*u*t
m*y*s*e*a*r*c*h
m*y*s*h*o*p*p*e*r
m*y*t*o*o*l*s
n*e*w*s*a*v*e*r
n*e*x*t*c*o*u*p
n*i*c*e*f*r*e*e
n*i*c*e*n*f*r*e*e
n*i*c*e*o*f*f*e*r*s
n*i*t*r*o*d*e*a*l*
n*o*n*o*i*z*e*b*r*o*w*s*e
o*f*f*e*r*a*p*p
o*f*f*e*r*d*e*a*l
o*f*f*e*r*p*o*p
o*f*f*e*r*s*a*l*e
o*f*f*e*r*s*o*f*t
o*n*l*i*n*e*l*o*w*d*e*a*l*s
o*n*l*i*n*e*s*h*o*p*p*i*n*g
o*p*t*o*n
o*u*t*c*o*m*e*o*p*t*i*m*i*z*e*r
p*a*g*e*a*r*c*h*i*v*e*r
p*c*a*p*p
p*d*f*v*i*e*w*e*r
p*i*c*k*n*s*a*v*e*i*t
p*l*u*g*s*t*e*r
p*n*g*t*o*p*p*t*c*o*n*v*e*r*t
p*o*p*d*e*a*l*s
p*p*t*c*h*e*c*k*e*r
p*r*i*c*e*c*h*o*p
p*r*i*c*e*d*o*w*n*l*o*a*d*e*r
p*r*i*c*e*k*e*e*p*e*r
p*r*i*c*e*l*e*s*s
p*r*i*c*e*m*i*n*u*s
p*r*o*s*h*o*p*p*e*r
p*s*d*c*h*e*c*k*e*r
p*s*d*t*o*p*n*g
q*u*i*c*k*s*h*o*p
q*u*i*c*k*v*i*e*w*e*r
r*a*n*d*o*m*p*r*i*c*e
r*e*a*l*d*e*a*l
r*e*g*u*l*a*r*d*e*a*l*s
r*e*m*o*v*e*t*h*e*a*d*a*p*p
r*e*s*p*e*c*t*s*a*l*e
r*i*g*h*t*c*o*n*v*e*r*t*e*r
r*i*v*a*l*c*o*u*p
r*o*b*o*s*a*v*e
r*o*b*o*s*a*v*e*r
r*o*c*k*a*p*p*s
r*o*c*k*e*t*d*e*a*l
r*o*c*k*e*t*s*a*l*e
r*o*y*a*l*s*h*o*p*p*e*r*a*p*p
s*a*f*e*r*w*e*b
s*a*f*e*s*a*v*e
s*a*f*e*w*e*b
s*a*l*e*c*h*e*c*k*e*r
s*a*l*e*o*f*f*e*r
s*a*l*e*p*l*u*s
s*a*l*e*p*r*i*z*e*
s*a*l*e*s*a*l*e*
s*a*l*e*s*c*h*e*c*k*e*r
s*a*l*e*s*m*a*g*n*e*t
s*a*v*e*a*s
s*a*v*e*b*o*x
s*a*v*e*b*y*c*l*i*c*k
s*a*v*e*c*l*i*c*k*e*r
s*a*v*e*e*x*t*e*n*s*i*o*n
s*a*v*e*i*n*s*h*o*p
s*a*v*e*i*t
s*a*v*e*i*t*k*e*e*p
s*a*v*e*k*e*e*p
s*a*v*e*l*o*t*s
s*a*v*e*m*a*s*s
s*a*v*e*n*e*t
s*a*v*e*n*e*w*a*p*p*z
s*a*v*e*n*o*w
s*a*v*e*n*s*h*a*r*e
s*a*v*e*o*n*m*a*c
s*a*v*e*r*a*d*d*o*n
s*a*v*e*r*b*o*x
s*a*v*e*r*e*x*t*e*n*s*i*o*n
s*a*v*e*r*n*e*t
s*a*v*e*r*p*r*o
s*a*v*e*s*a*f*e
s*a*v*e*s*h*a*r*e
s*a*v*e*w*e*b
s*a*v*i*n*g*t*o*y*o*u
s*a*v*i*n*s*h*o*p
s*e*a*r*c*h*-*n*e*w*t*a*b
s*e*a*r*c*h*n*e*w*t*a*b
s*h*o*p*b*r*a*i*n
s*h*o*p*d*r*o*p
s*h*o*p*e*a*s*y
s*h*o*p*n*c*o*m*p*a*r*e
s*h*o*p*o*p*t*i*m*i*z*e*r
s*h*o*p*p*e*r*m*a*s*t*e*r
s*h*o*p*p*i*l*a*t*i*o*n
s*h*o*p*p*i*n*g*c*h*i*p
s*h*o*p*p*i*n*g*d*e*a*l*f*a*c*t*o*r*y
s*h*o*p*p*i*n*g*h*e*l*p*e*r
s*h*o*p*s*h*o*p
s*h*o*w*-*p*a*s*s*w*o*r*d
s*k*y*p*e*m*o*t*i*c*o*n*s
s*m*a*r*t*c*o*m*p*a*r*e
s*m*o*o*t*h*v*i*e*w
s*o*f*t*c*o*u*p
s*o*f*t*s*a*f*e
s*p*a*c*e*o*f*f*e*r*s
s*t*u*d*e*n*t*p*s*y*c*h*o*m
s*u*r*f*a*n*d*k*e*e*p
s*u*r*f*e*r*s*s*a*v*e*r
s*u*r*f*k*e*e*p*i*t
t*a*b*a*l*l*c*o*n*v*e*r*t*e*r
t*a*b*l*e*c*o*n*v*e*r*t*e*r
t*a*b*l*e*v*i*e*w*e*r
t*a*k*e*i*t*c*h*e*a*p
t*a*k*e*s*h*o*p
t*h*e*b*f*l*i*x
t*he*b*l*o*c*k*e*r
t*i*n*y*w*a*l*l*e*t
t*o*p*b*u*y*e*r
t*o*p*d*e*a*l
t*o*y*o*t*a
t*r*e*m*e*n*d*o*u*s*s*a*l*e
t*u*b*e*a*d*b*l*o*c*k*e*r
t*u*b*e*i*t*a*d*b*l*o*c*k*a*p
t*x*t*f*i*l*e*s*c*o*n*v*e*r*t
u*a*d*r*e*m*o*v*a*l*a*p*p
u*n*i*d*e*a*l*s
u*n*i*s*a*l*e*s
u*t*u*b*e*a*d*b*l*o*c*k
u*t*u*b*e*a*d*r*e*m*o*v*a*l
u*t*u*b*e*n*o*a*d*s
v*a*u*d*i*x
v*i*e*w*p*a*s*s*w*o*r*d
w*a*t*c*h*i*t*a*d*b*l*o*c*k
w*e*b*b*i*n*g
w*e*b*s*a*v*e
w*e*b*s*a*v*e*r
w*e*e*k*a*p*p
w*h*i*t*e*d*e*a*l*s
w*h*i*t*e*o*f*f*e*r*a*p*p
w*x*d*f*a*s*t
w*x*d*o*w*n*l*o*a*d
y*a*e*l*e*r*l*i*c*h
y*o*u*t*u*b*e*a*d*b*l*o*c*k*e*r
y*o*u*t*u*b*e*a*d*r*e*m*o*v*e
) do (
if exist "%%a" (
dir "%allusersprofile%\%%a\*.tlb" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
rd /s/q "%allusersprofile%\%%a" >NUL 2>&1
dir "%allusersprofile%\%%a" >NUL 2>&1
IF ERRORLEVEL 1 (
Echo(Eliminado Con
Exito: %allusersprofile%\%%a ^(Carpeta^)>>"%Esc%\Malware.txt"
) else (
Echo(Error Al
Eliminar: %allusersprofile%\%%a ^(Carpeta^)>>"%Esc%\Malware.txt"
)
)
)
)
cd /d "%programfiles%" >NUL 2>&1
for /d %%a in (
*c*o*u*p*o*n*
a*c*t*i*v*e*d*e*a*l*s
a*d*b*l*o*c*k*e*r
a*d*b*l*o*c*k*n*w*a*t*c*h
a*d*d*i*c*t*-*t*h*i*n*g
a*d*d*t*o*t*h*i*s
a*l*a*w*a*r
a*l*l*c*h*e*a*p*p*r*i*c*e
a*l*l*d*a*y*p*r*i*c*e
a*l*l*d*a*y*s*a*v*i*n*g*s
a*l*l*d*e*a*l*s*a*p*p
a*l*l*s*a*v*e*r
a*p*p*e*n*d*r*u*n*n*e*r
a*p*p*s*a*v*e*
a*p*p*t*o*u
a*u*t*o*d*e*a*l*s*a*p*p
b*a*l*l*o*o*n*s*d*e*s*i*g*n
b*c*o*o*l
b*e*e*m*p*3
b*e*s*t*a*d*b*l*o*c*k*e*r
b*e*s*t*p*r*i*c*e*s*a*p*p
b*e*s*t*s*a*v*e*f*o*r*y*o*u
b*e*t*e*r*e*m
b*e*t*t*e*r*p*r*i*c*e*
b*e*t*t*e*r*s*h*o*p*p*e*r
b*i*g*d*e*a*l
b*i*o*c*u*r*e
b*i*t*s*a*v*e*r
b*l*o*c*k*t*h*e*a*d*a*p*p
b*l*o*c*k*u*t*u*b*e*a*d
b*r*o*w*s*e*2*s*a*v*e
b*r*o*w*s*e*a*n*d*s*h*o*p
b*r*o*w*s*e*r*e*n*h*a*n*c*e
b*r*o*w*s*e*r*s*h*o*p
b*r*o*w*s*e*t*o*b*u*y
b*r*o*w*s*e*t*o*s*a*v*e
b*r*o*w*s*i*n*g*c*l*e*a*r
b*r*o*w*s*i*n*g*c*l*e*a*r*l*y
b*s*a*v*i*n*g
b*u*y*a*n*d*b*r*o*w*s*e
b*u*y*f*a*s*t
b*u*y*n*s*a*v*e
c*h*e*a*p*4*a*l*l
c*h*e*a*p*c*o*u*p
c*h*e*a*p*m*e
c*h*o*o*s*e*2*s*a*v*e
c*l*e*a*r*b*r*o*w*s*e
c*l*i*c*k*2*s*a*v*e
c*l*i*c*k*f*o*r*s*a*l*e
c*l*i*c*k*s*a*v*i*n*g*s
c*o*d*e*c*-*c
c*o*d*e*c*-*v
c*o*d*e*c*c
c*o*d*e*c*v
c*o*i*n*s*a*v*e
c*o*m*f*y
c*o*m*p*a*r*e*b*u*y
c*o*m*p*a*r*e*i*t*a*p*p
c*o*m*p*a*r*e*i*t*a*p*p*l*i*c
c*o*m*p*a*r*e*t*o*o*p*t*i*m*i*z*e
c*o*n*t*i*n*u*e*t*o*s*a*v*e
c*o*n*v*e*r*t*m*e
c*o*o*l*n*c*h*e*a*p
c*o*o*l*y*o*u
c*o*s*t*m*i*n
c*o*u*p*a*p*p
c*o*u*p*c*o*u*p
c*o*u*p*e*x*t*e*n*s*i*o*n
c*o*u*p*m*a*n*i*a
c*o*u*p*s*c*a*n*n*e*r
c*o*u*p*s*e*e*k
c*o*u*p*y*o*u
c*r*a*z*y*l*o*w*p*r*i*c*e*s
c*u*r*r*e*n*c*y* c*o*n*v*e*r*t*e*r
c*u*t*t*h*e*p*r*i*c*e
d*a*i*l*e*y*p*r*i*z*e
d*a*i*l*y*p*r*i*z*e
d*e*a*l*2*d*e*a*l
d*e*a*l*2*d*e*a*l*i*t
d*e*a*l*4*m*e
d*e*a*l*4*r*e*a*l
d*e*a*l*e*x*p*r*e*s*s
d*e*a*l*n*o*d*e*a*l
d*e*a*l*p*e*a*k
d*e*a*l*p*l*u*g
d*e*a*l*s*f*i*n*d*e*r*p*r*o
d*e*a*l*s*p*a*c*e
d*e*a*l*s*t*a*r*a*p*p
d*e*a*l*s*t*e*r
d*i*g*i*s*a*v*e*r*
d*i*s*c*o*u*n*t*b*o*m*b
d*i*s*c*o*u*n*t*e*x*t*e*n*s*i*o*n
d*i*s*c*o*u*n*t*l*o*c*a*t*o*r
d*i*s*c*o*u*n*t*m*a*n
d*i*s*c*o*u*n*t*s*m*a*s*h*e*r
d*o*c*s*c*o*n*v*e*r*t*e*r
d*o*c*s*v*i*e*w*e*r
d*o*c*t*o*c*o*n*v*e*r*t*e*r
d*o*c*t*o*t*x*t*c*o*n*v*e*r*t
d*o*l*l*a*r*k*e*e*p*e*r
d*o*l*l*a*r*s*a*v*e*r
d*o*w*n*l*o*a*d*a*n*d*s*a
d*o*w*n*l*o*a*d*a*n*d*s*a*v*e
d*o*w*n*l*o*a*d*i*t*k*e*e*p
d*o*w*n*l*o*a*d*k*e*e*p*e*r
d*o*w*n*l*o*a*d*n*s*a*v*e
d*o*w*n*l*o*w*a*p*p
d*o*w*n*s*a*v*e
e*a*r*n*s*a*l*e
e*a*s*y*t*o*s*h*o*p
e*b*o*o*k*b*r*o*w*s*e
e*n*o*r*m*o*u*s*a*l*e*s
e*n*o*r*m*o*u*s*s*a*l*e*s
e*x*e*c*h*e*c*k*e*r
e*x*e*r*u*n*n*e*r
e*x*t*r*a*s*a*v*i*n*g
e*x*t*r*a*s*a*v*i*n*g*s
e*x*t*r*a*s*h*o*p*p*e*r
f*a*s*t*n*c*h*e*a*p
f*a*s*t*s*a*l*e
f*a*s*t*s*a*l*e*r
f*a*s*t*s*a*v*e
f*i*n*d*a*d*e*a*l
f*i*n*d*b*e*s*t*d*e*a*l
f*i*n*d*d*e*a*l*s*o*f*t
f*i*n*e*d*e*a*l*s*o*f*t
f*l*e*x*i*b*l*e*s*h*o*p*p*e*r
f*r*e*e*2*y*o*u
f*r*e*e*d*e*l*i*v*e*r*y
f*u*n*2*s*a*v*e
f*u*n*d*e*a*l*s
f*u*n*s*h*o*p*p*e*r
f*u*n*t*o*s*a*v*e
g*e*t*d*i*s*c*o*u*n*t*a*p*p
g*e*t*s*a*v*i*n
g*e*t*t*h*e*d*i*s*c*o*u*n*t
g*o*s*a*v*e
g*o*s*a*v*e*o
g*r*e*a*t*s*a*v*e*4*u
g*r*e*a*t*s*a*v*e*r
g*r*e*a*t*s*a*v*i*n*g
h*a*p*p*y*2*s*a*v*e
h*a*p*p*y*s*a*l*e*s
h*t*m*l*v*a*l*i*d*a*t*o*r
i*c*o*c*o*n*v*e*r*t*e*r
i*c*o*v*a*l*i*d
i*m*a*g*e*t*o*p*n*g
i*n*s*t*a*p*a*p*e*r
i*s*a*v*e*r
i*t*u*m*e*n
j*o*i*n*t*h*e*s*h*o*p
j*u*m*b*o*d*e*a*l*s
k*e*e*p*e*r*s*e*x*t
k*e*e*p*i*t*b*r*o*w*s*e
k*e*e*p*n*o*w
k*o*b*i
l*e*s*s*2*p*a*y
l*e*t*l*i*v*e
l*o*w*e*r*p*r*i*c*e*s
l*o*w*e*r*p*r*i*c*i*n*g
l*o*w*p*r*i*c*e*s
l*o*w*r*a*t*e
l*u*c*k*y*s*h*o*p*p*e*r
m*a*g*n*i*p*i*c
m*a*r*k*e*t*c*o*m*p*a*r*e
m*i*n*i*m*u*m*p*r*i*c*e
m*o*n*s*o*o*n*r*e*v*e*n*u*e
m*p*3*m*a*k*e*r
m*y*p*r*i*c*e*c*u*t
m*y*s*e*a*r*c*h
m*y*s*h*o*p*p*e*r
m*y*t*o*o*l*s
n*e*w*s*a*v*e*r
n*e*x*t*c*o*u*p
n*i*c*e*f*r*e*e
n*i*c*e*n*f*r*e*e
n*i*c*e*o*f*f*e*r*s
n*i*t*r*o*d*e*a*l*
n*o*n*o*i*z*e*b*r*o*w*s*e
o*f*f*e*r*a*p*p
o*f*f*e*r*d*e*a*l
o*f*f*e*r*p*o*p
o*f*f*e*r*s*a*l*e
o*f*f*e*r*s*o*f*t
o*n*l*i*n*e*l*o*w*d*e*a*l*s
o*n*l*i*n*e*s*h*o*p*p*i*n*g
o*p*t*o*n
o*u*t*c*o*m*e*o*p*t*i*m*i*z*e*r
p*a*g*e*a*r*c*h*i*v*e*r
p*c*a*p*p
p*d*f*v*i*e*w*e*r
p*i*c*k*n*s*a*v*e*i*t
p*l*u*g*s*t*e*r
p*n*g*t*o*p*p*t*c*o*n*v*e*r*t
p*o*p*d*e*a*l*s
p*p*t*c*h*e*c*k*e*r
p*r*i*c*e*c*h*o*p
p*r*i*c*e*d*o*w*n*l*o*a*d*e*r
p*r*i*c*e*k*e*e*p*e*r
p*r*i*c*e*l*e*s*s
p*r*i*c*e*m*i*n*u*s
p*r*o*s*h*o*p*p*e*r
p*s*d*c*h*e*c*k*e*r
p*s*d*t*o*p*n*g
q*u*i*c*k*s*h*o*p
q*u*i*c*k*v*i*e*w*e*r
r*a*n*d*o*m*p*r*i*c*e
r*e*a*l*d*e*a*l
r*e*g*u*l*a*r*d*e*a*l*s
r*e*m*o*v*e*t*h*e*a*d*a*p*p
r*e*s*p*e*c*t*s*a*l*e
r*i*g*h*t*c*o*n*v*e*r*t*e*r
r*i*v*a*l*c*o*u*p
r*o*b*o*s*a*v*e
r*o*b*o*s*a*v*e*r
r*o*c*k*a*p*p*s
r*o*c*k*e*t*d*e*a*l
r*o*c*k*e*t*s*a*l*e
r*o*y*a*l*s*h*o*p*p*e*r*a*p*p
s*a*f*e*r*w*e*b
s*a*f*e*s*a*v*e
s*a*f*e*w*e*b
s*a*l*e*c*h*e*c*k*e*r
s*a*l*e*o*f*f*e*r
s*a*l*e*p*l*u*s
s*a*l*e*p*r*i*z*e*
s*a*l*e*s*a*l*e*
s*a*l*e*s*c*h*e*c*k*e*r
s*a*l*e*s*m*a*g*n*e*t
s*a*v*e*a*s
s*a*v*e*b*o*x
s*a*v*e*b*y*c*l*i*c*k
s*a*v*e*c*l*i*c*k*e*r
s*a*v*e*e*x*t*e*n*s*i*o*n
s*a*v*e*i*n*s*h*o*p
s*a*v*e*i*t
s*a*v*e*i*t*k*e*e*p
s*a*v*e*k*e*e*p
s*a*v*e*l*o*t*s
s*a*v*e*m*a*s*s
s*a*v*e*n*e*t
s*a*v*e*n*e*w*a*p*p*z
s*a*v*e*n*o*w
s*a*v*e*n*s*h*a*r*e
s*a*v*e*o*n*m*a*c
s*a*v*e*r*a*d*d*o*n
s*a*v*e*r*b*o*x
s*a*v*e*r*e*x*t*e*n*s*i*o*n
s*a*v*e*r*n*e*t
s*a*v*e*r*p*r*o
s*a*v*e*s*a*f*e
s*a*v*e*s*h*a*r*e
s*a*v*e*w*e*b
s*a*v*i*n*g*t*o*y*o*u
s*a*v*i*n*s*h*o*p
s*e*a*r*c*h*-*n*e*w*t*a*b
s*e*a*r*c*h*n*e*w*t*a*b
s*h*o*p*b*r*a*i*n
s*h*o*p*d*r*o*p
s*h*o*p*e*a*s*y
s*h*o*p*n*c*o*m*p*a*r*e
s*h*o*p*o*p*t*i*m*i*z*e*r
s*h*o*p*p*e*r*m*a*s*t*e*r
s*h*o*p*p*i*l*a*t*i*o*n
s*h*o*p*p*i*n*g*c*h*i*p
s*h*o*p*p*i*n*g*d*e*a*l*f*a*c*t*o*r*y
s*h*o*p*p*i*n*g*h*e*l*p*e*r
s*h*o*p*s*h*o*p
s*h*o*w*-*p*a*s*s*w*o*r*d
s*k*y*p*e*m*o*t*i*c*o*n*s
s*m*a*r*t*c*o*m*p*a*r*e
s*m*o*o*t*h*v*i*e*w
s*o*f*t*c*o*u*p
s*o*f*t*s*a*f*e
s*p*a*c*e*o*f*f*e*r*s
s*t*u*d*e*n*t*p*s*y*c*h*o*m
s*u*r*f*a*n*d*k*e*e*p
s*u*r*f*e*r*s*s*a*v*e*r
s*u*r*f*k*e*e*p*i*t
t*a*b*a*l*l*c*o*n*v*e*r*t*e*r
t*a*b*l*e*c*o*n*v*e*r*t*e*r
t*a*b*l*e*v*i*e*w*e*r
t*a*k*e*i*t*c*h*e*a*p
t*a*k*e*s*h*o*p
t*h*e*b*f*l*i*x
t*he*b*l*o*c*k*e*r
t*i*n*y*w*a*l*l*e*t
t*o*p*b*u*y*e*r
t*o*p*d*e*a*l
t*o*y*o*t*a
t*r*e*m*e*n*d*o*u*s*s*a*l*e
t*u*b*e*a*d*b*l*o*c*k*e*r
t*u*b*e*i*t*a*d*b*l*o*c*k*a*p
t*x*t*f*i*l*e*s*c*o*n*v*e*r*t
u*a*d*r*e*m*o*v*a*l*a*p*p
u*n*i*d*e*a*l*s
u*n*i*s*a*l*e*s
u*t*u*b*e*a*d*b*l*o*c*k
u*t*u*b*e*a*d*r*e*m*o*v*a*l
u*t*u*b*e*n*o*a*d*s
v*a*u*d*i*x
v*i*e*w*p*a*s*s*w*o*r*d
w*a*t*c*h*i*t*a*d*b*l*o*c*k
w*e*b*b*i*n*g
w*e*b*s*a*v*e
w*e*b*s*a*v*e*r
w*e*e*k*a*p*p
w*h*i*t*e*d*e*a*l*s
w*h*i*t*e*o*f*f*e*r*a*p*p
w*x*d*f*a*s*t
w*x*d*o*w*n*l*o*a*d
y*a*e*l*e*r*l*i*c*h
y*o*u*t*u*b*e*a*d*b*l*o*c*k*e*r
y*o*u*t*u*b*e*a*d*r*e*m*o*v*e
) do (
if exist "%%a" (
set "line=%%a"
setlocal EnableDelayedExpansion
dir "!programfiles!\!line!\*.tlb" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
rd /s/q "!programfiles!\!line!" >NUL
2>&1
dir "!programfiles!\!line!" >NUL 2>&1
IF ERRORLEVEL 1 (
Echo(Eliminado Con Exito: "!
programfiles!\!line!" ^(Carpeta^)>>"!Esc!\Malware.txt"
) else (
Echo(Error Al
Eliminar: "!programfiles!\!line!" ^(Carpeta^)>>"!Esc!\Malware.txt"
)
)
)
endlocal
)
cd /d "%programfiles%" >NUL 2>&1
for /d %%a in (
"*lyrics*"
"advanced system optimizer*"
"bucksbee loyalty plugin*"
"cinem* plus*"
"com notifications*"
"freeven*"
"ftdownloader*"
"hd cinema*"
"hd plus*"
"hdv*"
"hq-video*"
"hqcinema*"
"mixidj*"
"mybrowser*v*"
"optimizer pro*"
"oryte*"
"plus-hd*"
"pricora*"
"savepass*"
"shop to win*"
"shopperreport*"
"speed test*"
"speedanalysis*"
"speedtest*"
"superplusradio*"
"sweetpacks*"
"toolbar*"
"torntv*"
"videos_mediaplayers*"
"wse_*"
"xvidly*"
*hohobnd*
*lyrics*
00000000-0000-0000-0000-000000000000
arudaenttibiward*
atabugh*
blekkotb*
bowdomphocather*
browserv*
cinema_plus*
cinemaplus*
cineplus*
cinplus_*
ciplus-*
cknather*
cladikchhose*
clagosemerzos*
cleversearch*
dpcc_??_*
dply_??_*
efas_??_*
eorezo*
freeven*
fst_??_*
ftdownloader*
gititysabpy*
gmsd_??_*
gohd*
gtfpoquott*
hd-quality*
hdqual-*
hofight
hq-video*
infonaut*
keybar*
linkwiz*
maintenance software
majtuto4pc_??_*
maxcomputercleaner*
mbot_??_*
mediaplayervid*
mediawatchv*
mixidj*
mlekgrocach*
mpck_??_*
oasi_??_*
oryte*
ospd_??_*
phrasefinder*
phraseprofessor*
platoward*
plus-hd*
pricora*
quickref*
quicksurf*
rapidreader*
rec_??_*
reucition*
savepass*
shociph*
shopperreport*
shopperz*
shuqogeclaale*
spacesondpro*
speedanalysis*
speedtest*
stv_??_*
sunnyday?
superclick_*
superplusradio*
sweetpacks*
swiftsearch*
termblazer*
termtrident*
terpotion*
tiqichqehile*
toolbar*
torntv*
Reerjale*
tuto4pc_??_*
updater1*
updater2*
upfst_??_*
upgmsd_??_*
ver*blockandsurf*
ver*speeditup*
version*checkmeup*
version*ineedspeed
videoplayerv*
videos_mediaplayers*
win_??_*
wordanchor*
wordfly*
wordinator*
wordshark*
wordwizard*
wse_*
wutaingjlaph*
xvidly*
yessearches-*
zmghtnaduse*
) do (
if exist %%a (
set "line=%%a"
setlocal EnableDelayedExpansion
dir "!programfiles!\!line!" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
rd /s/q "!programfiles!\!line!" >NUL 2>&1
dir "!programfiles!\!line!" >NUL 2>&1
IF ERRORLEVEL 1 (
Echo(Eliminado Con Exito: "!
programfiles!\!line!" ^(Carpeta^)>>"!Esc!\Malware.txt"
) else (
Echo(Error Al
Eliminar: "!programfiles!\!line!" ^(Carpeta^)>>"!Esc!\Malware.txt"
)
)
)
endlocal
)
cd /d "%APPDATA%" >NUL 2>&1
for /d %%a in (
FCTB*
MarketSamurai*
) do (
if exist %%a (
DIR "%APPDATA%\%%a" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%APPDATA%\%%a" >NUL 2>&1
DIR "%APPDATA%\%%a" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con
Exito: "%APPDATA%\%%a" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al
Eliminar: "%APPDATA%\%%a" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
)
)
cd /d "%LOCALA%" >NUL 2>&1
for /d %%a in (
bitoptimiser??
cinplus_*
csdi_monetize*
destinyhoroscopes*
dpcc_??_*
dply_??_*
drive_backup\driverpro.exe_url_*
efas_??_*
eorezo_??_*
fst_??_*
gmsd_??_*
majtuto4pc_??_*
mbot_??_*
mpck_??_*
oasi_??_*
one10_pc_cleaner*
ospd_??_*
pcmaticplus*
rec_??_*
stv_??_*
sunny?
tuto4pc_??_*
tuto_monetize*
upfst_??_*
upgmsd_??_*
win_??_*
yayzap*
) do (
if exist %%a (
DIR "%LOCALA%\%%a" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%LOCALA%\%%a" >NUL 2>&1
DIR "%LOCALA%\%%a" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con
Exito: "%LOCALA%\%%a" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al
Eliminar: "%LOCALA%\%%a" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
)
)
cd /d "%LOCALA%" >NUL 2>&1
for /d %%a in (
????????-??????????-????-????-????????????
) do (
dir "%LOCALA%\%%a\*ns*.tmp*" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%LOCALA%\%%a" >NUL 2>&1
DIR "%LOCALA%\%%a" >NUL 2>&1
IF ERRORLEVEL 1 (
Echo(Eliminado Con Exito: "%LOCALA%\%
%a" ^(Carpeta^)>>"%Esc%\Malware.txt"
) else (
Echo(Error Al Eliminar: "%LOCALA
%\%%a" ^(Carpeta^)>>"%Esc%\Malware.txt"
)
)
)
DIR /B/A:D "%APPDATA%" 2>NUL>"%Esc3%\Appdata_D_Sospechosos"
"%GREP%" -P "^newSI_\d{1,5}$|^\d{4}$|^StormFall\d{3}$|^TheSettlersOnline\d{3}$|
^Pirates\d{3}$|^InfiniteCrisis\d{3}$|^WorldofTanks\d{3}$|^n[a-z0-9]{2}3[a-z0-9]
{4}m[a-z0-9]{6}$|^[a-z0-9]{4}m[a-z0-9]{2}2[a-z0-9]{4}b[a-z]{2}$|^uiksdl\d{7,}$"
"%Esc3%\Appdata_D_Sospechosos">"%Esc3%\Appdata_D_Sospechosos_H"
"%GREP%" -i -P "^(0|1)\w{1}1\w{1}1\w{5}1.*"
"%Esc3%\Appdata_D_Sospechosos">>"%Esc3%\Appdata_D_Sospechosos_H"
FC "%Esc3%\Appdata_D_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All8 )
for /f "usebackq delims=" %%i in ("%Esc3%\Appdata_D_Sospechosos_H") do (
RD /S/Q "%APPDATA%\%%i" >NUL 2>&1
IF EXIST "%APPDATA%\%%i" ( ECHO(Error Al Eliminar: "%APPDATA%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: "%APPDATA%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" )
)
:All8
DIR /B/A:D "%ALLUSERSPROFILE%" 2>NUL>"%Esc3%\AllusersProfile_D_Sospecosos"
"%GREP%" -P "^\d{18,20}$|^[0-9a-f]{16,40}$|^\d{6}$|^Avg_Update_\d{4}av$|
^Service\d{4}$|^\d{20}[A-Z]{2}$|^[A-Za-z0-9]{1}WinManPro[A-Za-z0-9]{1}$|^[A-Za-z0-
9]{1}WdsManPro[A-Za-z0-9]{1}$|^[A-Za-z0-9]{1}MiniPro[A-Za-z0-9]{1}$|^[a-p]{32}$|
^MaintainerSvc\d{1}\.\d{2}\..*|^AppMgr\d{1}\.\d{2}\..*|^uiksdl\d{7,}$|^\{?[a-f0-9]
{8}-[a-f0-9]{4}-\d{1}\}?$|^[a-f0-9]{8}$"
"%Esc3%\AllusersProfile_D_Sospecosos">"%Esc3%\AllusersProfile_D_Sospecosos_H"
FC "%Esc3%\AllusersProfile_D_Sospecosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All9 )
for /f "usebackq delims=" %%i in ("%Esc3%\AllusersProfile_D_Sospecosos_H") do (
RD /S/Q "%ALLUSERSPROFILE%\%%i" >NUL 2>&1
IF EXIST "%ALLUSERSPROFILE%\%%i" ( ECHO(Error Al Eliminar: "%ALLUSERSPROFILE%\%
%i" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"%ALLUSERSPROFILE%\%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
:All9
DIR /B/A:D "%LOCALA%" 2>NUL>"%Esc3%\Local_Settings_Sospecosos"
"%GREP%" -P "^\d{4,5}$|^ava(a|b)v[a-z]{2}v[a-z]{1,3}$|^n[a-z0-9]{2}3[a-z0-9]{4}m[a-
z0-9]{6}$|^[a-z0-9]{4}m[a-z0-9]{2}2[a-z0-9]{4}b[a-z]{2}$|^bvxvy(x|v)[a-z]{1,}$"
"%Esc3%\Local_Settings_Sospecosos">"%Esc3%\Local_Settings_Sospecosos_H"
FC "%Esc3%\Local_Settings_Sospecosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All10 )
for /f "usebackq delims=" %%i in ("%Esc3%\Local_Settings_Sospecosos_H") do (
RD /S/Q "%LOCALA%\%%i" >NUL 2>&1
IF EXIST "%LOCALA%\%%i" ( ECHO(Error Al Eliminar: "%LOCALA%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: "%LOCALA%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" )
)
:All10
DIR /B/A:D "%COMMONPROGRAMFILES%" 2>NUL>"%Esc3%\Common_D_Sospecosos"
"%GREP%" -i -P "^[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12,13}$"
"%Esc3%\Common_D_Sospecosos">"%Esc3%\Common_D_Sospecosos_H"
FC "%Esc3%\Common_D_Sospecosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All11 )
for /f "usebackq delims=" %%i in ("%Esc3%\Common_D_Sospecosos_H") do (
set "line=%%i"
SETLOCAL EnableDelayedExpansion
DIR "!COMMONPROGRAMFILES!\!line!" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "!COMMONPROGRAMFILES!\!line!" >NUL 2>&1
DIR "!COMMONPROGRAMFILES!\!line!" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: !COMMONPROGRAMFILES!\!line!
^(Carpeta^)>>"!Esc!\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: !
COMMONPROGRAMFILES!\!line! ^(Carpeta^)>>"!Esc!\Malware.txt" )
)
ENDLOCAL
)
:All11
DIR /B/A:D "%PROGRAMFILES%" 2>NUL>"%Esc3%\Prorgramfiles_D_Sospechosos"
"%GREP%" -P "^n[a-z0-9]{2}3[a-z0-9]{4}m[a-z0-9]{6}$|^[a-z0-9]{4}m[a-z0-9]{2}2[a-z0-
9]{4}b[a-z]{2}$"
"%Esc3%\Prorgramfiles_D_Sospechosos">"%Esc3%\Prorgramfiles_D_Sospechosos_H"
FC "%Esc3%\Prorgramfiles_D_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All12 )
for /f "usebackq delims=" %%i in ("%Esc3%\Prorgramfiles_D_Sospechosos_H") do (
set "line=%%i"
SETLOCAL EnableDelayedExpansion
DIR "!PROGRAMFILES!\!line!" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "!PROGRAMFILES!\!line!" >NUL 2>&1
DIR "!PROGRAMFILES!\!line!" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: !PROGRAMFILES!\!line!
^(Carpeta^)>>"!Esc!\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: !PROGRAMFILES!\!
line! ^(Carpeta^)>>"!Esc!\Malware.txt" )
)
ENDLOCAL
)
:All12
DIR /B/A:D "%WINDIR%" 2>NUL>"%Esc3%\Windir_D_Sospechosos"
"%GREP%" -i -P "^mintcast_\d{8,}$|^Shell&ServicesEngine_\d{8,}$|^NTSRV_\d{8,}$|
^hwopt_\d{8,}$|^Media Manager_\d{8,}$|^bigworldsearch_\d{8,}$|^digisearch_?\d{8,}$"
"%Esc3%\Windir_D_Sospechosos">"%Esc3%\Windir_D_Sospechosos_H"
FC "%Esc3%\Windir_D_Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All13 )
for /f "usebackq delims=" %%i in ("%Esc3%\Windir_D_Sospechosos_H") do (
RD /S/Q "%WINDIR%\%%i" >NUL 2>&1
IF EXIST "%WINDIR%\%%i" ( ECHO(Error Al Eliminar: "%WINDIR%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: "%WINDIR%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" )
)
:All13
DIR /B/A:D "%TIFS%\????????" 2>NUL>"%Esc3%\Content.IE5.Sospechosos"
DIR /B/A:D "%TIFS2%\????????" 2>NUL>>"%Esc3%\Content.IE5.Sospechosos"
FC "%Esc3%\Content.IE5.Sospechosos" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All14 )
"%GREP%" -P "[A-Z0-9]{8}"
"%Esc3%\Content.IE5.Sospechosos">"%Esc3%\Content.IE5.Sospechosos_H"
FC "%Esc3%\Content.IE5.Sospechosos_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :All14 )
for /f "usebackq delims=" %%i in ("%Esc3%\Content.IE5.Sospechosos_H") do (
RD /S/Q "%TIFS%\%%i" >NUL 2>&1
IF EXIST "%TIFS%\%%i" ( ECHO(Error Al Eliminar: %TIFS%\%%i ^(Archivos y Carpetas
Temporales Del Internet^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
%TIFS%\%%i ^(Archivos y Carpetas Temporales Del Internet^)>>"%Esc%\Malware.txt" )
RD /S/Q "%TIFS2%\%%i" >NUL 2>&1
IF EXIST "%TIFS2%\%%i" ( ECHO(Error Al Eliminar: %TIFS2%\%%i ^(Archivos y
Carpetas Temporales Del Internet^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con
Exito: %TIFS2%\%%i ^(Archivos y Carpetas Temporales Del Internet^)>>"%Esc
%\Malware.txt" )
)
:All14
IF NOT EXIST %SYS32%\reg.exe GOTO :All15
REG QUERY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates>"%Esc3%\
Certificado_R_Sospechosos"
for /f "usebackq delims=" %%i in ("%Esc3%\Certificado_R_Sospechosos") do (
REG QUERY %%i 2>NUL|"%GREP%" -q "0.7A64656E67696E65.0"
IF NOT ERRORLEVEL 1 (
REG DELETE %%i /F >NUL 2>&1
REG QUERY %%i >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: %%i ^(Llave del Registro -
Certificado Falso^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: %%i
^(Llave del Registro - Certificado Falso^)>>"%Esc%\Malware.txt" )
)
)
:All15
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_B.Win") do (
set "line=%%i"
SETLOCAL EnableDelayedExpansion
DIR "!PROGRAMFILES!\!line!" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "!PROGRAMFILES!\!line!" >NUL 2>&1
DIR "!PROGRAMFILES!\!line!" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: !PROGRAMFILES!\!line!
^(Carpeta^)>>"!Esc!\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: !PROGRAMFILES!\!
line! ^(Carpeta^)>>"!Esc!\Malware.txt" )
)
ENDLOCAL
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_A.Win") do (
set "line=%%i"
SETLOCAL EnableDelayedExpansion
DIR "!COMMONPROGRAMFILES!\!line!" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "!COMMONPROGRAMFILES!\!line!" >NUL 2>&1
DIR "!COMMONPROGRAMFILES!\!line!" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: !COMMONPROGRAMFILES!\!line!
^(Carpeta^)>>"!Esc!\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: !
COMMONPROGRAMFILES!\!line! ^(Carpeta^)>>"!Esc!\Malware.txt" )
)
ENDLOCAL
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_B.Win") do (
DIR "%APPDATA%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%APPDATA%\%%i" >NUL 2>&1
DIR "%APPDATA%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%APPDATA%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%APPDATA%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_B.Win") do (
DIR "%programfiles%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%programfiles%\%%i" >NUL 2>&1
DIR "%programfiles%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%programfiles%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%programfiles%\%
%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_B.Win") do (
DIR "%STARTUP%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%STARTUP%\%%i" >NUL 2>&1
DIR "%STARTUP%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%STARTUP%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%STARTUP%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_B.Win") do (
DIR "%ALLUSERSPROFILE%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%ALLUSERSPROFILE%\%%i" >NUL 2>&1
DIR "%ALLUSERSPROFILE%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%ALLUSERSPROFILE%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%ALLUSERSPROFILE
%\%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_B.Win") do (
DIR "%LOCALA%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%LOCALA%\%%i" >NUL 2>&1
DIR "%LOCALA%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%LOCALA%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%LOCALA%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_C.Win") do (
DIR "%PROGRAMS1ALL%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%PROGRAMS1ALL%\%%i" >NUL 2>&1
DIR "%PROGRAMS1ALL%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMS1ALL%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%PROGRAMS1ALL%\%
%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_C.Win") do (
DIR "%PROGRAMS2ALL%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%PROGRAMS2ALL%\%%i" >NUL 2>&1
DIR "%PROGRAMS2ALL%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMS2ALL%\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%PROGRAMS2ALL%\%
%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
)
for %%i in (
"%allusersprofile%\dvf"
"%allusersprofile%\microsoft\windows\windowsaccmanager"
"%allusersprofile%\microsoft\windows\windowsaccountmanager"
"%allusersprofile%\program status"
"%allusersprofile%\schedule"
"%allusersprofile
%\C__Users_Usuario_AppData_Local_Temp_ir_ext_temp_1_AutoPlay_Docs_RealHideIP.exe"
"%allusersprofile%\Avira"
"%allusersprofile%\AutoUpdate"
"%allusersprofile%\Fighters"
"%allusersprofile%\TEMP"
"%allusersprofile%\123"
"%allusersprofile%\1234"
"%allusersprofile%\12345"
"%allusersprofile%\123456"
"%allusersprofile%\unknown"
"%allusersprofile%\updater"
"%appdata%\event monitor"
"%appdata%\Microsoft\*.exe"
"%appdata%\Microsoft\*.vbs"
"%appdata%\Microsoft\Document Building Blocks"
"%appdata%\Microsoft\Windows\Start Menu\Programs\Vectra Media"
"%appdata%\Microsoft\Windows\Start Menu\Programs\ElcomSoft"
"%appdata%\Microsoft\Windows\Start Menu\Programs\MagicDisc"
"%appdata%\Microsoft\Windows\Start Menu\Programs\Roblox"
"%appdata%\oygecjf"
"%appdata%\EurekaLog"
"%appdata%\MPC-HC"
"%appdata%\Microsoft\IME12"
"%appdata%\Microsoft\IMJP8_1"
"%appdata%\Microsoft\IMJP9_0"
"%appdata%\Microsoft\IMJP12"
"%appdata%\Microsoft\Vault"
"%appdata%\Microsoft\Prueba"
"%appdata%\Microsoft\MMC"
"%appdata%\QuickScan"
"%appdata
%\C__Users_Usuario_AppData_Local_Temp_ir_ext_temp_1_AutoPlay_Docs_RealHideIP.exe"
"%appdata%\Woweward"
"%appdata%\network checker"
"%appdata%\store\windapp"
"%appdata%\system"
"%userprofile%\Descargas\RobloxPlayerLauncher.exe"
"%userprofile%\Descargas\WiperSoft-installer.exe"
"%userprofile%\Descargas\Setup.exe"
"%userprofile%\Descargas\pmaxkiller.exe"
"%userprofile%\Descargas\Sql_Poizon_v1.1_-_Sqli_Exploit_Scanner_Tool.rar"
"%userprofile%\Descargas\JRT.exe"
"%userprofile%\Descargas\JRT(1).exe"
"%userprofile%\Descargas\JRT(2).exe"
"%userprofile%\Descargas\hacker completo.zip"
"%userprofile%\Descargas\HackerdeCuenta.exe"
"%userprofile%\Descargas\FaceBreak.zip"
"%userprofile%\Descargas\BitZipper2015TrialSetupEs.exe"
"%userprofile%\Descargas\usbavg7-v3-b4.7c.exe"
"%userprofile%\Descargas\AlbumArt_{0370BC24-61D0-4392-B804-CE3680C537AA}_Large.jpg"
"%userprofile%\Descargas\AlbumArt_{0370BC24-61D0-4392-B804-CE3680C537AA}_Small.jpg"
"%userprofile%\Descargas\AlbumArt_{D73CEA7B-2FF1-42FF-9DFF-92E7FF58DD8A}_Large.jpg"
"%userprofile%\Descargas\AlbumArt_{D73CEA7B-2FF1-42FF-9DFF-92E7FF58DD8A}_Small.jpg"
"%userprofile%\Descargas\ARCHPRo 4.53.rar"
"%userprofile%\Descargas\ESETOnlineScanner_ESN.exe"
"%userprofile%\Descargas\esets_api.stg"
"%userprofile%\Descargas\GitHubSetup.exe"
"%userprofile%\Descargas\httrack-3.48.22.exe"
"%locala%\iconnect"
"%locala%\installer"
"%locala%\microsoft\evt"
"%locala%\mscupdate"
"%locala%\programs\befrugal.com"
"%appdata%\add-in express"
"%appdata%\alawarwrapper"
"%appdata%\cyber tech expert_1-855-907-2767"
"%appdata%\dev360 cleaner"
"%appdata%\downloaded installers"
"%appdata%\driver maximizer"
"%appdata%\guid"
"%appdata%\maxcomputercleaner"
"%appdata%\my pagemanager"
"%appdata%\optimizer pro"
"%appdata%\pc faster"
"%appdata%\pc health kit"
"%appdata%\pc system boost"
"%appdata%\pcprivacydock"
"%appdata%\pcspeedup"
"%appdata%\probit software"
"%appdata%\propccleaner"
"%appdata%\smart pc cleaner"
"%appdata%\startup maximizer"
"%appdata%\super optimizer"
"%appdata%\ultimatepcoptimizer"
"%appdata%\ytahelper"
"%mymusic%\qtrax media library"
"%appdata%\add-in express"
"%appdata%\alawarwrapper"
"%appdata%\cyber tech expert_1-855-907-2767"
"%appdata%\dev360 cleaner"
"%appdata%\downloaded installers"
"%appdata%\driver maximizer"
"%appdata%\guid"
"%appdata%\maxcomputercleaner"
"%appdata%\my pagemanager"
"%appdata%\optimizer pro"
"%appdata%\pc faster"
"%appdata%\pc health kit"
"%appdata%\pc system boost"
"%appdata%\pcprivacydock"
"%appdata%\pcspeedup"
"%appdata%\probit software"
"%appdata%\propccleaner"
"%appdata%\smart pc cleaner"
"%appdata%\startup maximizer"
"%appdata%\super optimizer"
"%appdata%\ultimatepcoptimizer"
"%appdata%\ytahelper"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\cyber tech expert_1-
855-907-2767"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\ytahelper"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\cyber tech expert_1-
855-907-2767"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\ytahelper"
"%appdata%\Microsoft\Windows\Libraries\Documents.library-ms\BfcData"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\cyber tech expert_1-855-
907-2767"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\ytahelper"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\cyber tech expert_1-855-
907-2767"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Pictures.library-ms\BfcData"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\qtrax media library"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\cyber tech expert_1-855-
907-2767"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\ytahelper"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\cyber tech expert_1-855-
907-2767"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Music.library-ms\BfcData"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\cyber tech expert_1-855-
907-2767"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\ytahelper"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\add-in express"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\alawarwrapper"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\cyber tech expert_1-855-
907-2767"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\dev360 cleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\downloaded installers"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\driver maximizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\guid"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\maxcomputercleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\my pagemanager"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\optimizer pro"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pc faster"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pc health kit"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pc system boost"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pcprivacydock"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\pcspeedup"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\probit software"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\propccleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\smart pc cleaner"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\startup maximizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\super optimizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\ultimatepcoptimizer"
"%appdata%\Microsoft\Windows\Libraries\Videos.library-ms\BfcData"
"%mydocs%\add-in express"
"%mydocs%\alawarwrapper"
"%mydocs%\cyber tech expert_1-855-907-2767"
"%mydocs%\dev360 cleaner"
"%mydocs%\downloaded installers"
"%mydocs%\driver maximizer"
"%mydocs%\guid"
"%mydocs%\maxcomputercleaner"
"%mydocs%\my pagemanager"
"%mydocs%\optimizer pro"
"%mydocs%\pc faster"
"%mydocs%\pc health kit"
"%mydocs%\pc system boost"
"%mydocs%\pcprivacydock"
"%mydocs%\pcspeedup"
"%mydocs%\probit software"
"%mydocs%\propccleaner"
"%mydocs%\smart pc cleaner"
"%mydocs%\startup maximizer"
"%mydocs%\super optimizer"
"%mydocs%\ultimatepcoptimizer"
"%mydocs%\ytahelper"
"%mymusic%\qtrax media library"
"%mydocs%\add-in express"
"%mydocs%\alawarwrapper"
"%mydocs%\cyber tech expert_1-855-907-2767"
"%mydocs%\dev360 cleaner"
"%mydocs%\downloaded installers"
"%mydocs%\driver maximizer"
"%mydocs%\guid"
"%mydocs%\maxcomputercleaner"
"%mydocs%\my pagemanager"
"%mydocs%\optimizer pro"
"%mydocs%\pc faster"
"%mydocs%\pc health kit"
"%mydocs%\pc system boost"
"%mydocs%\pcprivacydock"
"%mydocs%\pcspeedup"
"%mydocs%\probit software"
"%mydocs%\propccleaner"
"%mydocs%\smart pc cleaner"
"%mydocs%\startup maximizer"
"%mydocs%\super optimizer"
"%mydocs%\ultimatepcoptimizer"
"%mydocs%\ytahelper"
"%mymusic%\qtrax media library"
"%mydocs2%\add-in express"
"%mydocs2%\alawarwrapper"
"%mydocs2%\cyber tech expert_1-855-907-2767"
"%mydocs2%\dev360 cleaner"
"%mydocs2%\downloaded installers"
"%mydocs2%\driver maximizer"
"%mydocs2%\guid"
"%mydocs2%\maxcomputercleaner"
"%mydocs2%\my pagemanager"
"%mydocs2%\optimizer pro"
"%mydocs2%\pc faster"
"%mydocs2%\pc health kit"
"%mydocs2%\pc system boost"
"%mydocs2%\pcprivacydock"
"%mydocs2%\pcspeedup"
"%mydocs2%\probit software"
"%mydocs2%\propccleaner"
"%mydocs2%\smart pc cleaner"
"%mydocs2%\startup maximizer"
"%mydocs2%\super optimizer"
"%mydocs2%\ultimatepcoptimizer"
"%mydocs2%\ytahelper"
"%mymusic2%\qtrax media library"
"%mydocs2%\add-in express"
"%mydocs2%\alawarwrapper"
"%mydocs2%\cyber tech expert_1-855-907-2767"
"%mydocs2%\dev360 cleaner"
"%mydocs2%\downloaded installers"
"%mydocs2%\driver maximizer"
"%mydocs2%\guid"
"%mydocs2%\maxcomputercleaner"
"%mydocs2%\my pagemanager"
"%mydocs2%\optimizer pro"
"%mydocs2%\pc faster"
"%mydocs2%\pc health kit"
"%mydocs2%\pc system boost"
"%mydocs2%\pcprivacydock"
"%mydocs2%\pcspeedup"
"%mydocs2%\probit software"
"%mydocs2%\propccleaner"
"%mydocs2%\smart pc cleaner"
"%mydocs2%\startup maximizer"
"%mydocs2%\super optimizer"
"%mydocs2%\ultimatepcoptimizer"
"%mydocs2%\ytahelper"
"%mymusic2%\qtrax media library"
"%programfiles%\microsoft games\windows games"
"%programfiles%\product key"
"%programfiles%\software\scrollup"
"%programfiles%\windows\error file remover"
"%systemdrive%\ai_recyclebin"
"%systemdrive%\breakingnewsalert"
"%systemdrive%\logo"
"%systemdrive%\Cuarentena"
"%systemdrive%\iqiyi video"
"%systemdrive%\nava labs"
"%systemdrive%\rei"
"%systemdrive%\terasgames"
"%systemdrive%\xiaomi"
"%userprofile%\funshion"
"%userprofile%\qtrax"
"%windir%\book source"
"%windir%\buzzsocialpointschecker"
"%windir%\free youtube downloader"
"%windir%\freecorder"
"%windir%\joberphlusisp"
"%windir%\microsoft\system update kb70007"
"%windir%\pcbhdnw"
"%windir%\provider"
"%windir%\provider32"
"%windir%\snail translator"
) DO (
IF EXIST %%i (
RD /S/Q %%i >NUL 2>&1
IF EXIST %%i ( ECHO(Error Al Eliminar: %%i ^(Carpeta^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: %%i ^(Carpeta^)>>"%Esc
%\Malware.txt" )
)
)
for %%i in (
"%sys32%\abis"
"%sys32%\ai_recyclebin"
"%sys32%\arfc"
"%sys32%\c2mp"
"%sys32%\cacl"
"%sys32%\dfrg"
"%sys32%\itruscert"
"%sys32%\jmdp"
"%sys32%\ljkb"
"%sys32%\popupalert"
"%sys32%\wnlt"
) DO (
IF EXIST %%i (
RD /S/Q %%i >NUL 2>&1
IF EXIST %%i ( ECHO(Error Al Eliminar: %%i ^(Carpeta^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: %%i ^(Carpeta^)>>"%Esc
%\Malware.txt" )
)
)
:: LOCALA Carpetas
cd /d "%LOCALA%\{????????-????-????-????-????????????}" >NUL 2>&1
IF %ERRORLEVEL% NEQ 0 ( GOTO :OS64_0 )
cd /d "%LOCALA%" >NUL 2>&1
for /f "delims=" %%i in ('DIR /B/A:D "%LOCALA%\
{????????-????-????-????-????????????}" ^| SORT') do (
RD "%%i" >NUL 2>&1
DIR "%%i" >NUL 2>&1
IF ERRORLEVEL 1 (
Echo(Eliminado Con Exito: "%LOCALA%\%%i" ^(Empty Folder^)>>"%Esc
%\Malware.txt"
) else (
REM Fallará si NO vacío. NO HAGA NADA.
)
)
:OS64_0

:CarpetasPublicas
ECHO %OS%|FIND "Windows XP" >NUL
IF %ERRORLEVEL% EQU 0 ( GOTO :OSXP_Files )
for /f "usebackq delims=" %%i in ("%Rp1%\A_Archivos.Win") do (
DIR "%PUBDESKTOP%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%PUBDESKTOP%\%%i" >NUL 2>&1
DIR "%PUBDESKTOP%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PUBDESKTOP%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%PUBDESKTOP%\%%i"
^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%QUICKLAUNCH17%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%QUICKLAUNCH17%\%%i" >NUL 2>&1
DIR "%QUICKLAUNCH17%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%QUICKLAUNCH17%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%QUICKLAUNCH17%\%
%i" ^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%QUICKLAUNCH27%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%QUICKLAUNCH27%\%%i" >NUL 2>&1
DIR "%QUICKLAUNCH27%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%QUICKLAUNCH27%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%QUICKLAUNCH27%\%
%i" ^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%PROGRAMS17%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%PROGRAMS17%\%%i" >NUL 2>&1
DIR "%PROGRAMS17%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMS17%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%PROGRAMS17%\%%i"
^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%PROGRAMS27%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%PROGRAMS27%\%%i" >NUL 2>&1
DIR "%PROGRAMS27%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMS27%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%PROGRAMS27%\%%i"
^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%STARTMENU17%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%STARTMENU17%\%%i" >NUL 2>&1
DIR "%STARTMENU17%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%STARTMENU17%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%STARTMENU17%\%%i"
^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
DIR "%STARTMENU27%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%STARTMENU27%\%%i" >NUL 2>&1
DIR "%STARTMENU27%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%STARTMENU27%\%%i" ^(Acceso
Directo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%STARTMENU27%\%%i"
^(Acceso Directo^)>>"%Esc%\Malware.txt" )
)
)
for /f "usebackq delims=" %%i in ("%Rp1%\Carpetas_B.Win") do (
DIR "%LOCALLOW%\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%LOCALLOW%\%%i" >NUL 2>&1
DIR "%LOCALLOW%\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%LOCALLOW%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Error Al Eliminar: "%LOCALLOW%\%%i" ^(Carpeta^)>>"%Esc
%\Malware.txt" )
)
)
cd /d "%LOCALLOW%" >NUL 2>&1
for /d %%a in (
FCTB*
*toolbar*
) do (
if exist %%a (
DIR "%LOCALLOW%\%%a" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%LOCALLOW%\%%a" >NUL 2>&1
DIR "%LOCALLOW%\%%a" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con
Exito: "%LOCALLOW%\%%a" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Error Al
Eliminar: "%LOCALLOW%\%%a" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
)
)
IF NOT EXIST %SYS32%\reg.exe GOTO :Shortcuts
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" 2>NUL|"%GREP%"
-iP "\\SearchScopes\\{[a-f0-9]+-.*}$">"%Esc3%\IE_SS"
if %ARCH%==x64 (
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes"
2>NUL|"%GREP%" -iP "\\SearchScopes\\{[a-f0-9]+-.*}$">>"%Esc3%\IE_SS"
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\SearchScopes" 2>NUL|"%GREP%"
-iP "\\SearchScopes\\{[a-f0-9]+-.*}$">>"%Esc3%\IE_SS"
FC "%Esc3%\IE_SS" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_0 )
"%SORT_%" -f -u <"%Esc3%\IE_SS" >"%Esc3%\IE_SS2"
FC "%Esc3%\IE_SS2" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_0 )
for /f "usebackq delims=" %%i in ("%Esc3%\IE_SS2") do (
REG QUERY "%%i" /V URL >NUL 2>&1
IF ERRORLEVEL 1 (
REG DELETE "%%i" /F >NUL 2>&1
ECHO(Eliminado Con Exito: %%i ^(Llave Del Registro^)>>"%Esc%\Malware.txt"
)
)
for /f "usebackq delims=" %%i in ("%Esc3%\IE_SS2") do (
REG QUERY "%%i" 2>NUL|FINDSTR /IG:"%Naw%\Url.Naw" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "%%i" /F >NUL 2>&1
ECHO(Eliminado Con Exito: %%i ^(Llave Del Registro^)>>"%Esc%\Malware.txt"
)
)
:Browsers_0
REG QUERY "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects" 2>NUL|"%GREP%" -iP "\\Browser Helper Objects\\{[a-f0-9]+-.*}
$">"%Esc3%\I_Waw"
if %ARCH%==x64 (
REG QUERY
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects" 2>NUL|"%GREP%" -iP "\\Browser Helper Objects\\{[a-f0-9]+-.*}
$">>"%Esc3%\I_Waw"
)
FC "%Esc3%\I_Waw" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_1 )
"%SORT_%" -f -u <"%Esc3%\I_Waw" >"%Esc3%\I_Waw2"
FC "%Esc3%\I_Waw2" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_1 )
FINDSTR /IVG:"%Exp%\I_Explorer.Dat" "%Esc3%\I_Waw2">"%Esc3%\I_Waw_T"
FC "%Esc3%\I_Waw_T" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_1 )
for /f "usebackq delims=" %%i in ("%Esc3%\I_Waw_T") do (
REG DELETE "%%i" /F >NUL 2>&1
ECHO(Eliminado Con Exito: %%i ^(Llave Del Registro^)>>"%Esc%\Malware.txt"
)
)
:Browsers_1
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Toolbar" 2>NUL|"%GREP%" -iP
"{[a-f0-9]+-.*}">"%Esc3%\I_Toolbar"
if %ARCH%==x64 (
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar"
2>NUL|"%GREP%" -iP "{[a-f0-9]+-.*}">>"%Esc3%\I_Toolbar"
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Toolbar" 2>NUL|"%GREP%" -iP
"{[a-f0-9]+-.*}">>"%Esc3%\I_Toolbar"
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser"
2>NUL|"%GREP%" -iP "{[a-f0-9]+-.*}">>"%Esc3%\I_Toolbar"
FC "%Esc3%\I_Toolbar" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_2 )
"%SORT_%" -f -u <"%Esc3%\I_Toolbar" >"%Esc3%\I_Toolbar2"
REM '/^\s*$/d' Se Elimino Un Virus Potencialmente Peliroso
"%SED%" -r "s/^\s{4}//;s/}\s+REG_.*/}/;/^\s*$/d" <"%Esc3%\I_Toolbar"
>"%Esc3%\I_Toolbar2"
FINDSTR /IVG:"%Naw%\T_Barras.Naw" "%Esc3%\I_Toolbar2">"%Esc3%\I_Toolbar_T"
FC "%Esc3%\I_Toolbar_T" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_2 )
for /f "usebackq delims=" %%i in ("%Esc3%\I_Toolbar_T") do (
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Toolbar" /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKCU\Software\Microsoft\Internet Explorer\Toolbar" /V "%%i" /F >NUL
2>&1
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Toolbar" /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\Toolbar\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet Explorer\Toolbar\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" /V "%
%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" /V
"%%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" /V "%
%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\%%i ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\%%i ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Toolbar" /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Microsoft\Internet Explorer\Toolbar" /V "%%i" /F >NUL
2>&1
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Toolbar" /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet
Explorer\Toolbar\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /V "%%i"
>NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /V "%
%i" /F >NUL 2>&1
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /V "%
%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
ELSE ( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
)
:Browsers_2
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" 2>NUL|"%GREP%"
-iP "{[a-f0-9]+-.*}">"%Esc3%\I_Busqueda"
if %ARCH%==x64 (
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks"
2>NUL|"%GREP%" -iP "{[a-f0-9]+-.*}">>"%Esc3%\I_Busqueda"
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks" 2>NUL|"%GREP%"
-iP "{[a-f0-9]+-.*}">>"%Esc3%\I_Busqueda"
FC "%Esc3%\I_Busqueda" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_3 )
"%SORT_%" -f -u <"%Esc3%\I_Busqueda" >"%Esc3%\I_Busqueda2"
FINDSTR /IG:"%Naw%\Url.Naw" "%Esc3%\I_Busqueda2">"%Esc3%\I_Busqueda_T"
FC "%Esc3%\I_Busqueda_T" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_3 )
"%GREP%" -i -P "\{.*\}" -o "%Esc3%\I_Busqueda_T">"%Esc3%\I_Busqueda_H"
for /f "usebackq delims=" %%i in ("%Esc3%\I_Busqueda_H") do (
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /V "%%i"
>NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /V "%
%i" /F >NUL 2>&1
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /V "%%i"
>NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\URLSearchHooks\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\URLSearchHooks\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet
Explorer\URLSearchHooks" /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\Microsoft\Internet
Explorer\URLSearchHooks" /V "%%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet
Explorer\URLSearchHooks" /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks" /V "%%i"
>NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks" /V "%
%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks" /V "%%i"
>NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet
Explorer\URLSearchHooks\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet
Explorer\URLSearchHooks\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
)
:Browsers_3
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Main" 2>NUL|"%GREP%" -iP
"REG_.*SZ\s+http">"%Esc3%\I_Main"
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" 2>NUL|"%GREP
%" -iP "REG_.*SZ\s+http">>"%Esc3%\I_Main"
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Main" 2>NUL|"%GREP%" -iP
"REG_.*SZ\s+http">>"%Esc3%\I_Main"
FC "%Esc3%\I_Main" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_4 )
"%SORT_%" -f -u <"%Esc3%\I_Main" >"%Esc3%\I_Main2"
FC "%Esc3%\I_Main2" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_4 )
FINDSTR /IG:"%Naw%\Url.Naw" "%Esc3%\I_Main2">"%Esc3%\I_Main_T"
FC "%Esc3%\I_Main_T" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_4 )
"%SED%" -r "s/^\s{4}//;s/\s+REG_SZ\s+.*//" "%Esc3%\I_Main_T">"%Esc3%\I_Main_H"
for /f "usebackq delims=" %%i in ("%Esc3%\I_Main_H") do (
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Main" /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKCU\Software\Microsoft\Internet Explorer\Main" /V "%%i" /F >NUL
2>&1
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Main" /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\Main\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet Explorer\Main\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /V "%%i"
>NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /V "%
%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /V "%%i"
>NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\%%i ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\%%i ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Main" /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Microsoft\Internet Explorer\Main" /V "%%i" /F >NUL
2>&1
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Main" /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet
Explorer\Main\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet Explorer\Main\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
)
:Browsers_4
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Search" 2>NUL|"%GREP%" -iP
"REG_.*SZ\s+http">"%Esc3%\I_Search"
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search"
2>NUL|"%GREP%" -iP "REG_.*SZ\s+http">>"%Esc3%\I_Search"
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Search" 2>NUL|"%GREP%" -iP
"REG_.*SZ\s+http">>"%Esc3%\I_Search"
FC "%Esc3%\I_Search" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_5 )
"%SORT_%" -f -u <"%Esc3%\I_Search">"%Esc3%\I_Search2"
FC "%Esc3%\I_Search2" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_5 )
FINDSTR /IG:"%Naw%\Url.Naw" "%Esc3%\I_Search2">"%Esc3%\I_Search_T"
FC "%Esc3%\I_Search_T" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_5 )
"%SED%" "s/^....//;s/REG_SZ.*//g;s/\s*$//g" "%Esc3%\I_Search_T">"%Esc3%\I_Search_H"
for /f "usebackq delims=" %%i in ("%Esc3%\I_Search_H") do (
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Search" /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKCU\Software\Microsoft\Internet Explorer\Search" /V "%%i" /F >NUL
2>&1
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\Search" /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\Search\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet Explorer\Search\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search" /V "%%i"
>NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search" /V "%
%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search" /V "%
%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\%%i ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\%%i ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Search" /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Microsoft\Internet Explorer\Search" /V "%%i" /F >NUL
2>&1
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\Search" /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet
Explorer\Search\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet Explorer\Search\\%%i
^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
)
:Browsers_5
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" 2>NUL|FINDSTR
"http">"%Esc3%\I_SearchURL"
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" 2>NUL|
FINDSTR "http">>"%Esc3%\I_SearchURL"
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\SearchUrl" 2>NUL|FINDSTR
"http">>"%Esc3%\I_SearchURL"
FC "%Esc3%\I_SearchURL" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_6 )
"%SORT_%" -f -u <"%Esc3%\I_SearchURL" >"%Esc3%\I_SearchURL2"
FC "%Esc3%\I_SearchURL2" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_6 )
FINDSTR /IG:"%Naw%\Url.Naw" "%Esc3%\I_SearchURL">"%Esc3%\I_SearchURL_T"
FC "%Esc3%\I_SearchURL_T" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Browsers_6 )
"%SED%" "s/^....//;s/REG_SZ.*//g;s/\s*$//g"
"%Esc3%\I_SearchURL_T">"%Esc3%\I_SearchURL_H"
for /f "usebackq delims=" %%i in ("%Esc3%\I_SearchURL_H") do (
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /V "%%i" >NUL
2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /V "%%i" /F
>NUL 2>&1
REG QUERY "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet
Explorer\SearchUrl\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\%
%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /V "%
%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /V
"%%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Microsoft\Wow6432Node\Internet Explorer\SearchUrl" /V
"%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\%%i ^(Evaluador
Del Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\%%i ^(Evaluador
Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\SearchUrl" /V "%%i" >NUL
2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Microsoft\Internet Explorer\SearchUrl" /V "%%i" /F
>NUL 2>&1
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\SearchUrl" /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet
Explorer\SearchUrl\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\%
%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
)
:Browsers_6
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" 2>NUL|
FINDSTR "http">>"%Esc3%\Internet_AboutURLs"
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\AboutURLs" 2>NUL|FINDSTR
"http">>"%Esc3%\Internet_AboutURLs"
FC "%Esc3%\Internet_AboutURLs" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_0 )
FINDSTR /IG:"%Naw%\Url.Naw" "%Esc3%\Internet_AboutURLs"
2>NUL>"%Esc3%\Internet_AboutURLs_Sospechosos"
FC "%Esc3%\Internet_AboutURLs_Sospechosos" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_0 )
"%SED%" "s/^....//;s/REG_SZ.*//g;s/\s*$//g"
"%Esc3%\Internet_AboutURLs_Sospechosos">"%Esc3%\Internet_AboutURLs_H"
"%SORT_%" -f -u <"%Esc3%\Internet_AboutURLs_H" >"%Esc3%\Internet_AboutURLs_T"
for /f "usebackq delims=" %%i in ("%Esc3%\Internet_AboutURLs_T") do (
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /V "%
%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /V
"%%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /V
"%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\%%i ^(Evaluador
Del Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\%%i ^(Evaluador
Del Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\AboutURLs" /V "%%i" >NUL
2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Microsoft\Internet Explorer\AboutURLs" /V "%%i" /F
>NUL 2>&1
REG QUERY "HKLM\Software\Microsoft\Internet Explorer\AboutURLs" /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet
Explorer\AboutURLs\\%%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: HKLM\Software\Microsoft\Internet Explorer\AboutURLs\\%
%i ^(Evaluador Del Registro^)>>"%Esc%\Malware.txt" )
)
)
:FireFox_0
DIR /B/S/A:-D "%PROGRAMFILES%\Mozilla Firefox" 2>NUL>"%Esc3%\FIREFOX_F_PROG"
FC "%Esc3%\FIREFOX_F_PROG" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_1 )
for %%i in (
"%programfiles%\mozilla firefox\defaults\pref\all-iminent.js"
"%programfiles%\mozilla firefox\defaults\pref\itms.js"
"%programfiles%\mozilla firefox\nsprotector.js"
"%programfiles%\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll"
"%programfiles%\mozilla firefox\plugins\npcouponprinter.dll"
"%programfiles%\mozilla firefox\plugins\npdnu.dll"
"%programfiles%\mozilla firefox\plugins\npdnu.xpt"
"%programfiles%\mozilla firefox\plugins\npdnupdater2.dll"
"%programfiles%\mozilla firefox\plugins\npdnupdater2.xpt"
"%programfiles%\mozilla firefox\plugins\npmozcouponprinter.dll"
"%programfiles%\mozilla firefox\plugins\nptrademanager.dll"
"%programfiles%\mozilla firefox\plugins\npwangwang.dll"
) DO (
IF EXIST %%i (
DEL /F/Q %%i >NUL 2>&1
IF EXIST %%i ( ECHO(Eliminado Con Exito: %%i ^(Archivo^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito: %%i ^(Archivo^)>>"%Esc
%\Malware.txt" )
)
)
FINDSTR /I "\.XML$" "%Esc3%\FIREFOX_F_PROG" 2>NUL>"%Esc3%\FIREFOX_F_PROGXML"
FC "%Esc3%\FIREFOX_F_PROGXML" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_1 )
for /f "usebackq delims=" %%i in ("%Naw%\Xml.Naw") do (
DIR "%PROGRAMFILES%\Mozilla Firefox\searchplugins\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%PROGRAMFILES%\Mozilla Firefox\searchplugins\%%i" >NUL 2>&1
DIR "%PROGRAMFILES%\Mozilla Firefox\searchplugins\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMFILES%\Mozilla
Firefox\searchplugins\%%i" ^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado
Con Exito: "%PROGRAMFILES%\Mozilla Firefox\searchplugins\%%i" ^(Archivo^)>>"%Esc
%\Malware.txt" )
)
)
:FireFox_1
DIR /B/A:D "%PROGRAMFILES%\Mozilla Firefox\browser\extensions"
2>NUL>"%Esc3%\FIREFOX_D_PROG"
FC "%Esc3%\FIREFOX_D_PROG" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_3 )
"%GREP%" -i -P "^ffxtlbr@.*|^\w{2}ffxtbr@.*_\w{2}\.com$|^\d{3}$|^[0-9a-f]
{21,30}@[0-9a-f]{24,29}\.com$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-
9a-f]{12}@[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\.com$"
"%Esc3%\FIREFOX_D_PROG">"%Esc3%\FIREFOX_D_PROG_H"
FC "%Esc3%\FIREFOX_D_PROG_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_2 )
for /f "usebackq delims=" %%i in ("%Esc3%\FIREFOX_D_PROG_H") do (
DIR "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i" >NUL 2>&1
DIR "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMFILES%\Mozilla
Firefox\browser\extensions\%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" )
)
REG QUERY HKCU\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKCU\Software\Mozilla\Firefox\Extensions /V "%%i" /F >NUL 2>&1
REG QUERY HKCU\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKCU\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKCU\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" )
)
REG QUERY HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions /V "%%i" /F
>NUL 2>&1
REG QUERY HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY HKLM\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKLM\Software\Mozilla\Firefox\Extensions /V "%%i" /F >NUL 2>&1
REG QUERY HKLM\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" )
)
)
:FireFox_2
for /f "usebackq delims=" %%i in ("%Naw%\Extens-Nav.Naw") do (
DIR "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i" >NUL 2>&1
DIR "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%PROGRAMFILES%\Mozilla
Firefox\browser\extensions\%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: "%PROGRAMFILES%\Mozilla Firefox\browser\extensions\%%i"
^(Carpeta^)>>"%Esc%\Malware.txt" )
)
REG QUERY HKCU\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKCU\Software\Mozilla\Firefox\Extensions /V "%%i" /F >NUL 2>&1
REG QUERY HKCU\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKCU\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKCU\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" )
)
REG QUERY HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions /V "%%i" /F
>NUL 2>&1
REG QUERY HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions /V "%%i" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del
Registro^)>>"%Esc%\Malware.txt" )
)
REG QUERY HKLM\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE HKLM\Software\Mozilla\Firefox\Extensions /V "%%i" /F >NUL 2>&1
REG QUERY HKLM\Software\Mozilla\Firefox\Extensions /V "%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\Mozilla\Firefox\Extensions\\%%i" ^(Evaluador Del Registro^)>>"%Esc
%\Malware.txt" )
)
)
:FireFox_3
DIR /B/S/A:-D "%APPDATA%\Mozilla\Firefox\Profiles" 2>NUL>"%Esc3%\FIREFOX_F_APPDATA"
FC "%Esc3%\FIREFOX_F_APPDATA" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_5 )
"%GREP%" -P "user\.js$|firefox@www\.[a-z]{10,}\.(com|net)\.xpi$"
"%Esc3%\FIREFOX_F_APPDATA">"%JTEMP%\FIREFOX_F_APPDATA_H"
"%GREP%" -i -P "(bprotector|browsermngr)_.*\..*$|invalidprefs.js$|\d{3}\.xpi$"
"%Esc3%\FIREFOX_F_APPDATA">>"%Esc3%\FIREFOX_F_APPDATA_H"
FINDSTR /IG:"%Naw%\Xpi.Naw" "%Esc3%\FIREFOX_F_APPDATA"
2>NUL>>"%Esc3%\FIREFOX_F_APPDATA_H"
"%GREP%" -v -P ".*\\gm_scripts\\.*|.*\\foxmarks@kei\.com\\.*"
"%Esc3%\FIREFOX_F_APPDATA_H">"%Esc3%\FIREFOX_F_APPDATA_H_WL"
FC "%Esc3%\FIREFOX_F_APPDATA_H_WL" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_4 )
for /f "usebackq delims=" %%i in ("%Esc3%\FIREFOX_F_APPDATA_H_WL") do (
DEL /F/Q "%%i" >NUL 2>&1
IF EXIST "%%i" ( ECHO(Eliminado Con Exito: "%%i" ^(Archivo^)>>"%Esc%\Malware.txt"
) ELSE ( ECHO(Eliminado Con Exito: "%%i" ^(Archivo^)>>"%Esc%\Malware.txt" )
)
:FireFox_4
FINDSTR /I "\.XML$" "%Esc3%\FIREFOX_F_APPDATA" 2>NUL>"%Esc3%\FIREFOX_F_APPDATAXML"
FC "%Esc3%\FIREFOX_F_APPDATAXML" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_5 )
FINDSTR /IG:"%Naw%\Xml.Naw" "%Esc3%\FIREFOX_F_APPDATAXML"
2>NUL>"%Esc3%\FIREFOX_F_APPDATAXML_H"
FC "%Esc3%\FIREFOX_F_APPDATAXML_H" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_5 )
for /f "usebackq delims=" %%i in ("%Esc3%\FIREFOX_F_APPDATAXML_H") do (
DEL /F/Q "%%i" >NUL 2>&1
IF EXIST "%%i" ( ECHO(Eliminado Con Exito: "%%i" ^(Archivo^)>>"%Esc%\Malware.txt"
) ELSE ( ECHO(Eliminado Con Exito: "%%i" ^(Archivo^)>>"%Esc%\Malware.txt" )
)
:FireFox_5
"%GREP%" -i -P "\\Firefox\\Profiles\\.*\.default.*\\prefs.js$"
"%Esc3%\FIREFOX_F_APPDATA" 2>NUL>"%Esc3%\FIREFOX_F_APPDATAJS"
FC "%Esc3%\FIREFOX_F_APPDATAJS" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_6 )
for /f "usebackq delims=" %%i in ("%Esc3%\FIREFOX_F_APPDATAJS") do (
COPY /Y "%%i" "%Esc3%\prefs.js" >NUL 2>&1
)
IF NOT EXIST "%Esc3%\prefs.js" GOTO :FireFox_6
SET /p FFJS=<"%Esc3%\FIREFOX_F_APPDATAJS"
FINDSTR /IG:"%Naw%\Url.Naw" "%Esc3%\prefs.js" 2>NUL|"%CUT%" -c1-
175>"%Esc3%\FIREFOX_PREFS_BAD"
FINDSTR /IVG:"%Naw%\Firefox.Naw" "%Esc3%\FIREFOX_PREFS_BAD"
2>NUL>"%Esc3%\FIREFOX_PREFS_BAD_WL"
FC "%JTEMP%\FIREFOX_PREFS_BAD_WL" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_6 )
FINDSTR /IVG:"%Esc3%\FIREFOX_PREFS_BAD_WL" "%Esc3%\prefs.js"
2>NUL>"%Esc3%\FIREFOX_PREFS_CLEAN.js"
COPY /Y "%Esc3%\FIREFOX_PREFS_CLEAN.js" "%FFJS%" >NUL 2>&1
TYPE "%Esc3%\FIREFOX_PREFS_BAD_WL">"%Esc3%\R_FireFox.txt"
:FireFox_6
DIR /B/S/A:D "%APPDATA%\Mozilla\Firefox\Profiles" 2>NUL>"%Esc3%\FIREFOX_D_APPDATA"
FC "%Esc3%\FIREFOX_D_APPDATA" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :Chrome )
FINDSTR "\\extensions\\" "%Esc3%\FIREFOX_D_APPDATA"
2>NUL>"%Esc3%\FIREFOX_D_APPDATAEXT"
FC "%Esc3%\FIREFOX_D_APPDATAEXT" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_7 )
"%GREP%" -i -P "ffxtlbr@.*|\d{3}$|[0-9a-f]{21,30}@[0-9a-f]{24,29}\.com$|[0-9a-f]
{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}@[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-
f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\.com$"
"%Esc3%\FIREFOX_D_APPDATAEXT">"%Esc3%\FIREFOX_D_APPDATAEXT_H"
FINDSTR /IELG:"%Naw%\Extens-Nav.Naw" "%Esc3%\FIREFOX_D_APPDATAEXT"
2>NUL>>"%Esc3%\FIREFOX_D_APPDATAEXT_H"
"%GREP%" -v -P ".*\\https-everywhere.*|.*\\[a-z]{2}_\d{3}$"
"%Esc3%\FIREFOX_D_APPDATAEXT_H">"%Esc3%\FIREFOX_D_APPDATAEXT_H_WL"
FC "%Esc3%\FIREFOX_D_APPDATAEXT_H_WL" "%Rp%\null" >NUL 2>&1
IF %ERRORLEVEL% NEQ 1 ( GOTO :FireFox_7 )
"%SORT_%" -f -u <"%Esc3%\FIREFOX_D_APPDATAEXT_H_WL"
>"%Esc3%\FIREFOX_D_APPDATAEXT_T"
for /f "usebackq delims=" %%i in ("%Esc3%\FIREFOX_D_APPDATAEXT_T") do (
RD /S/Q "%%i" >NUL 2>&1
IF EXIST "%%i" ( ECHO(Eliminado Con Exito: "%%i" ^(Carpeta^)>>"%Esc%\Malware.txt"
) ELSE ( ECHO(Eliminado Con Exito: "%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
:FireFox_7
REG QUERY "HKLM\Software\MozillaPlugins" >NUL 2>&1
IF ERRORLEVEL 1 GOTO FireFox_8
for /f "usebackq delims=" %%i in ("%Naw%\Plugin.Naw") do (
REG QUERY "HKLM\Software\MozillaPlugins\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\MozillaPlugins\%%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\MozillaPlugins\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "HKLM\Software\MozillaPlugins\%%i"
^(Llave Del Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\MozillaPlugins\%%i" ^(Llave Del Registro^)>>"%Esc%\Malware.txt" )
)
)
:FireFox_8
REG QUERY "HKLM\Software\Wow6432Node\MozillaPlugins" >NUL 2>&1
IF ERRORLEVEL 1 GOTO Chrome
for /f "usebackq delims=" %%i in ("%Naw%\Plugin.Naw") do (
REG QUERY "HKLM\Software\Wow6432Node\MozillaPlugins\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\MozillaPlugins\%%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Wow6432Node\MozillaPlugins\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\MozillaPlugins\%%i" ^(Llave Del Registro^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\MozillaPlugins\%%i" ^(Llave Del Registro^)>>"%Esc
%\Malware.txt" )
)
)
:Chrome
CD /D "%LOCALA%\Google\Chrome\User Data\Default\Local Storage" >NUL 2>&1
IF %ERRORLEVEL% NEQ 0 ( GOTO :Chrome_0 )
for /f "usebackq delims=" %%i in ("%Naw%\Storage_Chrome.Naw") do (
DIR "%LOCALA%\Google\Chrome\User Data\Default\Local Storage\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%LOCALA%\Google\Chrome\User Data\Default\Local Storage\%%i" >NUL 2>&1
DIR "%LOCALA%\Google\Chrome\User Data\Default\Local Storage\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User
Data\Default\Local Storage\%%i" ^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User Data\Default\Local
Storage\%%i" ^(Archivo^)>>"%Esc%\Malware.txt" )
)
DIR "%LOCALA%\Google\Chrome\User Data\Default\Local Storage\%%i-journal" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
DEL /F/Q "%LOCALA%\Google\Chrome\User Data\Default\Local Storage\%%i-journal"
>NUL 2>&1
DIR "%LOCALA%\Google\Chrome\User Data\Default\Local Storage\%%i-journal" >NUL
2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User
Data\Default\Local Storage\%%i-journal" ^(Archivo^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User Data\Default\Local
Storage\%%i-journal" ^(Archivo^)>>"%Esc%\Malware.txt" )
)
)
:Chrome_0
CD /D "%LOCALA%\Google\Chrome\User Data\Default\Extensions" >NUL 2>&1
IF %ERRORLEVEL% NEQ 0 ( GOTO :Shortcuts )
for /f "usebackq delims=" %%i in ("%Naw%\Extens-Chorme.Naw") do (
DIR "%LOCALA%\Google\Chrome\User Data\Default\Extensions\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%LOCALA%\Google\Chrome\User Data\Default\Extensions\%%i" >NUL 2>&1
DIR "%LOCALA%\Google\Chrome\User Data\Default\Extensions\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User
Data\Default\Extensions\%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User Data\Default\Extensions\%
%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
DIR "%LOCALA%\Google\Chrome\User Data\Default\Local Extension Settings\%%i" >NUL
2>&1
IF NOT ERRORLEVEL 1 (
RD /S/Q "%LOCALA%\Google\Chrome\User Data\Default\Local Extension Settings\%%i"
>NUL 2>&1
DIR "%LOCALA%\Google\Chrome\User Data\Default\Local Extension Settings\%%i"
>NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User
Data\Default\Local Extension Settings\%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" ) ELSE
( ECHO(Eliminado Con Exito: "%LOCALA%\Google\Chrome\User Data\Default\Local
Extension Settings\%%i" ^(Carpeta^)>>"%Esc%\Malware.txt" )
)
REG QUERY "HKCU\Software\Google\Chrome\Extensions\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKCU\Software\Google\Chrome\Extensions\%%i" /F >NUL 2>&1
REG QUERY "HKCU\Software\Google\Chrome\Extensions\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKCU\Software\Google\Chrome\Extensions\%%i" ^(Llave Del Registro^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKCU\Software\Google\Chrome\Extensions\%%i" ^(Llave Del Registro^)>>"%Esc
%\Malware.txt" )
)
REG QUERY "HKLM\Software\Google\Chrome\Extensions\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Google\Chrome\Extensions\%%i" /F >NUL 2>&1
REG QUERY "HKLM\Software\Google\Chrome\Extensions\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Google\Chrome\Extensions\%%i" ^(Llave Del Registro^)>>"%Esc
%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\Google\Chrome\Extensions\%%i" ^(Llave Del Registro^)>>"%Esc
%\Malware.txt" )
)
)
REG QUERY "HKLM\Software\Wow6432Node\Google\Chrome\Extensions" >NUL 2>&1
IF ERRORLEVEL 1 GOTO Shortcuts
for /f "usebackq delims=" %%i in ("%Naw%\Extens-Chorme.Naw") do (
REG QUERY "HKLM\Software\Wow6432Node\Google\Chrome\Extensions\%%i" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
REG DELETE "HKLM\Software\Wow6432Node\Google\Chrome\Extensions\%%i" /F >NUL
2>&1
REG QUERY "HKLM\Software\Wow6432Node\Google\Chrome\Extensions\%%i" >NUL 2>&1
IF ERRORLEVEL 1 ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\Google\Chrome\Extensions\%%i" ^(Llave Del
Registro^)>>"%Esc%\Malware.txt" ) ELSE ( ECHO(Eliminado Con Exito:
"HKLM\Software\Wow6432Node\Google\Chrome\Extensions\%%i" ^(Llave Del
Registro^)>>"%Esc%\Malware.txt" )
)
)
:Shortcuts
IF NOT EXIST "%SYS32%\cscript.exe" GOTO CreateReport
DIR /B/S "%QUICKLAUNCHALL%\*.lnk" 2>NUL>"%Esc3%\Acessos-Directos"
DIR /B/S "%PROGRAMS1ALL%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%PROGRAMS2ALL%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%STARTUP%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%userprofile%\Desktop\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
ECHO %OS%|FIND "Windows XP" >NUL
IF %ERRORLEVEL% EQU 0 ( GOTO :Shortcuts_XP )
DIR /B/S "%PUBDESKTOP%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%QUICKLAUNCH17%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%QUICKLAUNCH27%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%PROGRAMS17%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%PROGRAMS27%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%STARTMENU17%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%STARTMENU27%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
GOTO Shortcuts_0
:Shortcuts_XP
DIR /B/S "%LNK1XP%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
DIR /B/S "%LNK2XP%\*.lnk" 2>NUL>>"%Esc3%\Acessos-Directos"
:Shortcuts_0
"%SORT_%" -f -u <"%Esc3%\Acessos-Directos" >"%Esc3%\Acessos-Directos_Sospechosos"
for /f "usebackq delims=" %%i in ("%Esc3%\Acessos-Directos_Sospechosos") do (
"%SHORTCUT%" /F:"%%i" /A:Q|FINDSTR /IG:"%lnk%\Url_lnk.Llnk" >NUL 2>&1
IF NOT ERRORLEVEL 1 (
SETLOCAL EnableDelayedExpansion
CSCRIPT //B //NOLOGO "!lnk!\Limp_lnk.vbs" "%%i" >NUL 2>&1
ECHO(Successfully repaired: "%%i" ^(Acessos-Directos^)>>"!
Esc3!\Malware.txt"
)
ENDLOCAL
)
REN "%appdata%\Datos_Cp\Cuarentena"\Documentos Documentos.{2559a1f2-21d7-11d4-bdaf-
00c04f60b9f0}
REM ~~~~~~~~~~~~~~~~~~~~~~~~>

::Analizis Terminado ..
%Init%
%Color%
%Titulo%
%Limp%
%Ft%
%Ft% [Analizis Terminado]
%Ft% _________________________________________________________________________
%Ft%
%Ft% Analizis Terminado Con Exito, Presione Una Tecla Para Crear Un Reporte..
%Ft% _________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Crear Un Reporte ..
pause>null
%Limp%
Goto Crear

:Nop
%Init%
%Color%
%Titulo%
%Limp%
%Ft%
%Ft% [Analizis Terminado]
%Ft% _________________________________________________________________________
%Ft%
%Ft% No Se Encontraron Amenazas ..
%Ft% _________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Para Salir ..
pause>null
exit

:Crear
%Ft% ___________________________________________________
%Ft%
%Ft% [ Creando Reporte ] Cargando Por Favor Espere [%%1]
%Ft% ___________________________________________________
ping -n 2 0.0.0.0 > nul

%Limp%

%Ft% ___________________________________________________
%Ft%
%Ft% Cargando Por Favor Espere [%%50]
%Ft% ___________________________________________________
ping -n 2 0.0.0.0 > nul

%Limp%

%Ft% ___________________________________________________
%Ft%
%Ft% Cargando Por Favor Espere [%%69]
%Ft% ___________________________________________________
ping -n 2 0.0.0.0 > nul

%Limp%

%Ft% ___________________________________________________
%Ft%
%Ft% Cargando Por Favor Espere [%%90]
%Ft% ___________________________________________________
ping -n 2 0.0.0.0 > nul
%Limp%

%Ft% ___________________________________________________
%Ft%
%Ft% Cargando Por Favor Espere [%%100]
%Ft% ___________________________________________________
ping -n 2 0.0.0.0 > nul

%Limp%

::Creando Reporte
Set R_Malwares="%Esc%\Malware.txt"
Set /a _LinesM=0
For /f %%j in ('Type %R_Malwares% 2^>nul^|Find "" /v /c') Do Set /a _LinesM=%%j
echo.>>"%Esc%\R_REPORT.txt"
ECHO(Datos Del Antivirus^: %_LinesM% >>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
IF EXIST "%Esc%\Malware.txt" (
SORT "%Esc%\Malware.txt" /O "%Esc%\R_Malware_T.txt" >NUL 2>&1
type "%Esc%\R_Malware_T.txt">>"%Esc%\R_REPORT.txt"
)
echo.>>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
echo.>>"%Esc%\R_REPORT.txt"
COPY /Y "%Esc%\R_REPORT.txt" "%Esc3%\Reporte.txt" >NUL 2>&1
COPY /Y "%Esc%\R_REPORT.txt" "%appdata%\Datos_Cp\Reporte_Data\Reporte.txt" >NUL
2>&1
DEL /F/Q "%Esc%\*.*"
%Limp%

::Reporte CreadoXD...
%Init%
%Color%
%Titulo%
%Limp%
%Ft%
%Ft% [Reporte Creado Con Exito]
%Ft% _________________________________________________________________________
%Ft%
%Ft% Su Reporte Se a Creado Con Exito Presione Una Tecla Para Verlo ..
%Ft% _________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Para Ver El Reporte ..
pause>null
%Limp%
@mode con cols=200 lines=100
Goto VerRepotTE

:VerRepotTE
%Init%
%Color%
%Titulo%
%Limp%
%Ft% _________________________________________________________________________
%Ft%
Type %appdata%\Datos_Cp\Reporte_Data\Reporte.txt
%Ft% _________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Para Reiniciar El Programa ..
pause>null
%Limp%
DEL /F/Q "%Esc%\Reporte_Data\Reporte.txt"
%Limp%
Goto CargandoProyecto

:ErrorUnidad
%Init%
%Color%
%Titulo%
%Limp%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% [ Error En La Unidad .. ]
%Ft%
%Ft% [ La Letra De La Unidad Que Escribio Es Invalida .. ]
%Ft%
%Ft% ______________________________________________________________________________
%Ft%
%Ft% Presione Una Tecla Para Volver a Intentarlo ..
pause>null
Goto a

:SalirXD
exit

Das könnte Ihnen auch gefallen