sad sam pokusao da skeniram i sa Combofix-om ali nece,samo plavi prozorcic i nista se ne desava
vidim da je na C particiji napravio ovo
a u ovom bug.txt je ovo
PUSHD "C:\32788R22FWJFW"
SET "Comspec=C:\WINDOWS\system32\cmd.execf"
IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT
VER 1>OsVer
GREP.cfxxe -F "5.1.2" OsVer 1>XP.mac
IF 0 == 0 GOTO NT
SET "Ver_CF=09-09-07.05"
IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
1 file(s) copied.
PEV UZIP License\pv_5_2_2.zip .\
MOVE /Y PV.exe PV.cfxxe
IF NOT EXIST PEV.cfxxe COPY /Y PEV.exe PEV.cfxxe
1 file(s) copied.
GREP.cfxxe -isq "ProductType.*WinNT" WinNT00 || GOTO Not_NT
SED "/^PATH=/I!d; s///; s/\x22//g" Oripath 1>OriPath00
PEV -rtf -s+901 .\OriPath00 && (
SED -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00 1>OriPath01
FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G"
)
IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G"
SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem"
Killing 'runonce.exe'
Killing 'grpconv.exe'
Killing 'procmon.exe'
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
pv: No matching processes found
PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe } 1>temp00 && (
PV -o%f * 1>temp01
PEV -tf -t!o --files:temp01 --c:##5#b#f# 1>temp02
GREP -Fif temp00 temp02 1>temp03
SED "/.* /!d; s///" temp03 1>temp04
SED ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04 1>temp05
FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G
)
Active code page: 1252
Could Not Find C:\32788R22FWJFW\AbortB
CALL :MDCheck
Could Not Find C:\32788R22FWJFW\md5sum00.pif
PEV -rtf -md54C31434B834B14D226AEA1A0A5C172C4 .\md5sum.pif || CALL :MDFaiL ChkSum_Fail
.\md5sum.pif
PEV -tf --files:files.pif --c:##5#b#f# 1>mdCheck00.dat
GREP -vs "^!MD5:" mdCheck00.dat 1>mdCheck0a.dat
GREP -Fvf md5sum.pif mdCheck0a.dat 1>mdCheck01.dat && CALL :MDFaiL
GOTO :EOF
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
cfExt=cfxxe
CFLDR=32788R22FWJFW
Chksum=4C31434B834B14D226AEA1A0A5C172C4
CLIENTNAME=Console
Command switches used=Command switches used
CommonProgramFiles=C:\Program Files\Common Files
Completion time=Completion time
COMPUTERNAME=ACA-6506012B686
ComSpec=C:\WINDOWS\system32\cmd.execf
Connecting to=Connecting to
Connecting to ComboFix servers=Connecting to ComboFix servers
Cryptography Services Error=Cryptography Services Error
Disclaimer=The following websites are not in any way affiliated to ComboFix:~n~n
http://www.combofix.org/~n http://www.combofixdownload.com/~n~nIf you have purchased anything from them, I suggest you instruct your~nfinanciers to cancel the transaction.~n~n ----------------------- -----------------------~n~nA guide on proper ComboFix usage may be found at:~n
http://www.bleepingcomputer.co...ow-to-use-combofix~n~nComboFix is meant for private use. It should never be used in an~nunsupervised environment. If infections are found, it will automatically~nreboot the machine to complete the removal process. Please ensure all~nopened windows are closed before proceeding.~n~nThis software is provided 'as is', without warranty of any kind. All~nimplied warranties are expressly disclaimed. If you do not agree to the~nabove terms, please click No to exit" "DISCLAIMER OF WARRANTY ON SOFTWARE.
DLLs Loaded Under Running Processes=DLLs Loaded Under Running Processes
Drivers/Services=Drivers/Services
Fail2Delete=failed to delete
File Associations=File Associations
File Replicators=File Replicators
Files Infected - Patched=Files Infected - Patched
FIREFOX POLICIES=FIREFOX POLICIES
FP_NO_HOST_CHECK=NO
hidden files=hidden files
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
is infected=is infected
is missing=is missing
KMD=CF20818.exe
LANG_CF=EN
Line1=Please wait.
Line10=ComboFix has detected the presence of rootkit activity and needs to reboot the machine~nKindly note down on paper, the name of each file. We may need it later~n~n%~G" "Rootkit !!
Line10A=ComboFix has detected the presence of rootkit activity and needs to reboot the machine" "Rootkit !!
Line11=Scanning for infected files . . .
Line12=This typically doesn't take more than 10 minutes
Line13=However, scan times for badly infected machines may easily double
Line14=%G ...... driver unloaded successfully.
Line15=Rootkit driver %G is still present. A rootkit scan is required
Line16=ComboFix has changed your clock settings.
Line17=Do not change it back. It shall be restored later
Line18=ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
Line19=to:
http://www.bleepingcomputer.com/submit-malware.php?channel=4
Line2=ComboFix is preparing to run.
Line20=Preparing Log Report.
Line21=Do not run any programs until ComboFix has finished
Line22=No new files created in this timespan
Line23=*Note* empty entries ^& legit default entries are not shown
Line24=Contents of the 'Scheduled Tasks' folder
Line25=Almost done . . This window will close in a short while
Line26=Please wait a few seconds for the report log to pop up
Line27=ComboFix's log shall be located at C:\COMBOFIX.TXT
Line28=Rebooting Windows . . . Please wait
Line29=Please allow ComboFix to reboot the machine.
Line3=You need Administrative privileges to run this tool" "Not Admin !!
Line30=Overlay aborted ... Please run ComboFix once more
Line31=Date Error: ~%CurrDate.yyyy-MM-dd%~n~nCheck your settings" "DATE ERROR
Line32=C:\WINDOWS\system32\HAL.DLL is missing !!~n~nIt's IMPORTANT that you DO NOT reboot/shutdown the machine~n~nPost to the forums for immediate help. Do not click OK until further instructed" "CRITICAL WARNING !!
Line33=ComboFix needs to submit malware files for further analysis.~n~nPlease ensure that you're connected to the internet before clicking OK" "Submit Files for further analysis
Line34=Submit malware to Bleeping Computer for analysis.
Line35=Copy/Paste the filepath below into the box above and click Send.
Line36=Infected copy of %~1 was found and disinfected
Line36A=Restored copy from - %~2
Line37=%~1 . . . is infected!!
Line38=((((((((((((((((((((((((( Files Created from %thirty% to %dateX% )))))))))))))))))))))))))))))))
Line39=(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
Line4=C:\WINDOWS\regedit.exe is missing~n~nCopy one from another machine" "Terminal Error - Missing file
Line40=Webserver appears to be temporarily inaccessible.~nFor your convenience, ComboFix created a submissions form located at:~n~n* C:\CF-Submit.htm~n~nPlease use that to manually upload it later. " "Upload Failed!!
Line41=((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Line42=((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
Line43=Deleting Files:
Line43A=Deleting Folders:
Line44=- REDUCED FUNCTIONALITY MODE -
Line45=SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
Line46=scanning hidden processes ...
Line47=scanning hidden autostart entries ...
Line48=scanning hidden files ...
Line49=-- Snapshot reset to current date --
Line5=Current date is ~%CurrDate.yyyy-MM-dd%. ComboFix has expired~n~nClick 'Yes' to run in REDUCED FUNCTIONALITY mode~n~nClick 'No' to exit" "Version_%ver_CF%
Line50=ComboFix is uninstalled" "Info
Line51=Will only install the Recovery Console for Windows XP
Line52=Boot Partition cannot be enumerated correctly
Line53=%BootDir%Boot.ini is not correctly formated
Line54=This machine already has the Recovery Console installed.~n~nAborting operations
Line55=Please click 'YES' in the End User License Agreement (EULA) dialog that follows ..." "Installing the Recovery Console
Line56=Installation file - %~G - cannot be found
Line57=You didn't select YES~n~nInstallation is aborted
Line58=Contents of %BootDir%cmdcons are not in order.~n~nPlease disable your security programs before trying again
Line59=Congratulations!!! The Microsoft Recovery Console was successfully installed.~n~nOn each restart of the machine, a black screen will offer you the option to boot into recovery console mode.~nFor normal use, just ignore the black screen. Windows shall boot normally in 2 seconds~n~nClick 'Yes' to continue scanning for malware" "Info
Line6=Were you trying to run CFScript?~n~nThe name, CFScript appears to be incorrectly spelt" "CFScript Name Error
Line60=Click 'Yes' to continue scanning for malware~n~nClick 'No' to exit" "What's next ?
Line62=There's a newer version of ComboFix available.~n~nWould you like to update ComboFix?" "Update
Line63=--- WARNING !! ---~n~nA critical update is required.~n~nComboFix shall now update itself.~n~n--- WARNING !! ---" "Mandatory Update
Line64=Failed to download updated copy.~n~nWill continue with existing copy" "Failed Download
Line65=ComboFix shall now restart" "Updated
Line66=Interference detected~n~nPlease perform a Rootkit Scan" "Abort!
Line67=You cannot rename ComboFix as %FileName%~n~nPlease use another name, preferbaly made up of alphanumeric characters
Line68=%cd% not in expected location~n~n Inform sUBs now!!
Line69=ComboFix effected repairs on missing C:\WINDOWS\system32\hal.dll
Line7=Attempting to create a new System Restore point
Line70=This machine does not have the 'Microsoft Windows recovery console' installed~n~nWithout it, ComboFix shall not attempt the fixing of some serious infections.~n~nClick 'Yes' to have ComboFix download/install it.~n~nNOTE: this requires an active internet connection." "Microsoft Windows Recovery Console
Line71=Click 'Yes' if this is a WINDOWS XP *HOME EDITION* machine" "XP Home Edition
Line72=Failed to download required files. Aborting ... ~n~nShall continue scanning for malware
Line73=Internal error! Failed to enumerate download path. ~n~nAborting ... Shall continue scanning for malware
Line74=You do not appear to be connected to the internet. Kindly connect before clicking 'OK'
Line75=The following files were trying to attach to ComboFix. They shall be disabled~nKindly note down on paper, the name of each file. We may need it later~n~n%~G" "Parasites found !!
Line76=ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix's running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking 'OK'." "Warning !!
Line77=%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk" "Warning !!
Line78=%~1 was missing
Line79=%~1 . . . is missing!!
Line8=Rich text formats (RTF) are unacceptable !!~n~nPlease save CFScript commands as a textfile, using Notepad.exe" "ERROR - Script format is incorrect
Line80=!! ALERT !! It is NOT SAFE to continue!~n~nThe contents of the ComboFix package has been compromised.~nPlease download a fresh copy from:~n~n
http://www.bleepingcomputer.co...x/how-to-use-combofix~n~nNote: You may be infected with a file patching virus 'Virut'" "Error
Line81=ComboFix's script appears tampered. It is not safe to continue.~nComboFix shall now exit. Please inform the forum helper that's aiding~nyou. Unless further instructed to do so, do not run ComboFix again." "Failed Verification
Line82=Webserver appears to be temporarily inaccessible.~nFor your convenience, a zipped file has been created at:~n~nC:\CFCollect.zip~n~nPlease upload the file to BleepingComputer~n~nDo not forget to fill in the 'Comments' section" "Upload Failed!!
Line83=[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
Line84=http://download.bleepingcomputer.com/sUBs/ComboFix.exe~n
http://www.forospyware.com/sUBs/ComboFix.exe~n~nComboFix.exe may be downloaded from any of the above sites. If you~nhave downloaded from some other site, there's a likely chance that it~nmay be tainted. For peace of mind, I suggest that you delete the current~ncopy and get a fresh one." "Caution
Line85=[color=red]Manual Fix is required for restoring CommonStartup[/color]
Line9=Rootkit driver %G is present. ... attempting disinfection
Line90=ComboFix needs to perform a deeper scan
Line91=This should not take more than 10-15 minutes
Line92=Infected HTML files detected.
Line93=ComboFix will now attempt to disinfect
Line94=This is going to take some time
Line95=Disinfection complete !!! ... continuing Log Report preparation
Line96=Recovery in Progress . . .
Line97=WARNING !! Do not manually reboot the machine yourself
LOCKED REGISTRY KEYS=LOCKED REGISTRY KEYS
LOGONSERVER=\\ACA-6506012B686
machine was rebooted=machine was rebooted
not completed=not completed
NUMBER_OF_PROCESSORS=2
ORPHANS REMOVED=ORPHANS REMOVED
OS=Windows_NT
Other Running Processes=Other Running Processes
Other Services/Drivers In Memory=Other Services/Drivers In Memory
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.cfxxe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Possible infected sites=Possible infected sites
Post-Run=Post-Run
Pre-Run=Pre-Run
Previous Run=Previous Run
PROCESS=PROCESS
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$
Qrntn=C:\Qoobox\Quarantine
RecoveryConsole=WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Resident AV is active=Resident AV is active
RestorePoint= * Created a new restore point
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
Running from=Running from
scan completed successfully=scan completed successfully
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Administrator\Desktop\ComboFix.exe"
sfxname=C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Stage=Completed Stage_
Supplementary Scan=Supplementary Scan
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
The following files were disabled during the run=The following files were disabled during the run
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Upload was successful=Upload was successful
Uploading files to server=Uploading files to server
USERDOMAIN=ACA-6506012B686
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
Ver_CF=09-09-07.05
windir=C:\WINDOWS
=============================================
IF NOT DEFINED sfxname GOTO END
GREP -F \ temp01 && CALL :Aux
GREP -Fi "C:\WINDOWS\system32\userinit.exe" Userinit00 || (SWREG ADD "hklm\software\microsoft\windows nt\currentversion\winlogon" /v Userinit /d "C:\WINDOWS\system32\userinit.exe," )
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
SET SfxCmd 1>SET00
SED -r "/SfxCmd=/I!d; s///; s/\s*$//; s/^(\x22[^\x22]*\x22|[^\x22]\S*) +//; s/^\x22*C:\\Documents and Settings\\Administrator\\Desktop\\ComboFix.exe\x22*//I; s/^([^\x22]\S*)/@SET SfxCmd=\x22\1\x22/; s/^(\x22.*)/@SET SfxCmd=\1/" SET00 1>sfx.cmd
DEL /A/F SET00
ATTRIB +R "C:\Documents and Settings\Administrator\Desktop\ComboFix.exe"
CALL sfx.cmd
CALL AV.cmd
SET /a AVCount+=1
NIRCMD EXEC HIDE PV -d9000 -kf CSCRIPT.EXE
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
PV -kf CSCRIPT.exe PV.*
Killing 'CSCRIPT.exe'
Killing 'PV.*'
IF NOT EXIST AvBlack00 GREP -Fisf AVBlack resident.txt 1>AvBlack00 && (
SED -r "s/\x22//g; s/.*\) //; s/.*(\{.{8}-.{4}-.{4}-.{4}-.{12}\}).*/\1/" AvBlack00 1>AvBlack01
FOR /F "TOKENS=*" %G IN (AvBlack01) DO @CSCRIPT.EXE //NOLOGO //E:VBSCRIPT //T:5 wmi_rem.vbs "%~G"
NIRCMD EXEC HIDE PV -d6000 -kf CSCRIPT.EXE
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
PV -kf CSCRIPT.exe PV.*
)
GREP -Fivf AVWhite resident.txt | GREP -E "^(AV|SP): .*enabled\* \(" 1>AVChk && (
SED -r "s/^AV:/antivirus: /; s/^SP:/antispyware: /; s/ \*(On-access scanning |)enabled\*.*//" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB
NIRCMD LOOP 2 80 BEEP 3000 200
IF 1 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix's running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking 'OK'." "Warning !!" "" && GOTO Av-check
IF 1 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk" "Warning !!" ""
)
DEL /A/F/Q AVChk? AvWhite AvBlack AvBlack0?
SET AVCount=
IF EXIST vista.mac CALL :Vista
GREP -Fx "REGEDIT4" Fin.dat || (
ECHO.1>"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsstdss"
PEV -rtf "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsstdss" || (
ECHO.1>wtf_tdssserv
CALL c.bat
GOTO END
)
GOTO AbortD
)
REGEDIT4
IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort
IF EXIST "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log" DEL /A/F "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log"
COPY /Y /B "C:\WINDOWS\system32\cmd.execf" "C:\WINDOWS\system32\CF20818.exe"
1 file(s) copied.
SET "COMSPEC=C:\WINDOWS\system32\CF20818.exe"
FOR /F "TOKENS=*" %G IN ("C:\Documents and Settings\Administrator\Desktop\ComboFix.exe") DO (
SET "FileName=%~NG"
SET "FilePath=%~DPG"
)
(
SET "FileName=ComboFix"
SET "FilePath=C:\Documents and Settings\Administrator\Desktop\"
)
SET FileName 1>FileName
GREP -ix "FileName=[-[:alnum:]@.]*" FileName || GOTO AbortB
FileName=ComboFix
DIR /AD/B C:\* 1>DirName00
GREP -ivx ComboFix DirName00 1>DirName01
GREP -Fisqx "ComboFix" DirName01 && CALL :NameChk
IF EXIST DirName0? DEL /A/F/Q DirName0?
IF EXIST Oldsfxname00 DEL /A/F Oldsfxname00
IF EXIST "\ComboFix\" (
SWXCACLS "\ComboFix" /RESET /Q
RD /S/Q "\ComboFix"
IF EXIST "\ComboFix\" (
PV -kf *.cfxxe
RD /S/Q "\ComboFix"
)
IF EXIST "\ComboFix\" (
HANDLE "C:\ComboFix" 1>temp00
SED -R "/.* pid: (\d*) +(\S*):.*/I!d;s//@ECHO.y|Handle -c \2 -p \1/" temp00 1>temp00.bat
CALL temp00.bat
DEL /A/F temp00.bat temp00
RD /S/Q "\ComboFix"
)
)
IF EXIST "\ComboFix\" RD /S/Q "\ComboFix"
IF EXIST "\ComboFix\" GOTO :EOF
PEV UZIP "License\streamtools.zip" License && MOVE /Y License\SF.exe 1>N_\27680 2>&1
GREP -Eisq "=.\/u.$" sfx.cmd && IF EXIST MsName.bat (ECHO.@SET SfxCmd= 1>sfx.cmd ) ELSE echo..1>ItsBeenPhun
DEL /A/F prep.done MsName.bat
CD ..
(
ECHO.MD "\ComboFix"
ECHO.ATTRIB -H -S "\32788R22FWJFW\*"
ECHO.MOVE /y "\32788R22FWJFW\*" "\ComboFix"
ECHO.RD /S/Q "\32788R22FWJFW"
IF EXIST "\32788R22FWJFW.0.tmp\" ECHO.RD /S/Q "\32788R22FWJFW.0.tmp"
IF EXIST "C:\32788R22FWJFW\ItsBeenPhun" ECHO.NIRCMD EXEC2 HIDE "C:\ComboFix" "C:\WINDOWS\system32\CF20818.exe" /c c.bat
IF NOT EXIST "C:\32788R22FWJFW\ItsBeenPhun" ECHO.START "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF20818.exe" /k c.bat
ECHO.PV -kf cmd.exe cmd.execf
ECHO.DEL /A/F C:\Start_.cmd
) 1>Start_.cmd
SET "PATH=C:\ComboFix;C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem"
HIDEC "C:\WINDOWS\system32\CF20818.exe" /F:OFF /D /C C:\Start_.cmd
NIRCMD WAIT 20
SkyNET.sys pomoc!
