Veliki problemi sa kompjuterom!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Već sam očistio "Your Uninstaller"-om junk fajlove!
A što se tiče defragmentacije,nemam vremena! kasnije Da!

A za ova dva fajla,prevelika su,ne mogu da se okače!
valja li to? Da obrišem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Primecujem da imas/koristis WinRar.

Zip-uj/Rar-uj mi ova dva file-a i posalji na upload preko sledeceg link-a:
-> http://www.mycity.rs/ambulanta-upload.php

c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\yiuukchi.sys




goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne dozvoljava mi..nema šanse..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, pokusacemo drugacije.


Preuzmi: http://www2.gmer.net/catchme.exe

Dvoklikom pokreni catchme.exe i predi na Script tab.
U (beli) prozor programa iskopiraj tekst koji se nalazi unutar kod polja:

Files:
c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\yiuukchi.sys

Klikni na taster Run

Kada se pojavi poruka sa obaveštenjem, kliknuti OK.


Po završetku procesa, na Desktopu ce se nalaziti file catchme.zip

Uploaduj ga preko sledece forme:
-> http://www.mycity.rs/ambulanta-upload.php



goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

mycity.rs/must-login.png

Evo ali zipovalo je samo yiuukchi.sys!
Mislim da su ovi systemski fajlovi baš taj virus...
Nakon čišćenja combo fix-om,kompjuter je malo osvežen!
Ali i dalje kada se podigne system nakon 3-4 minuta tek se javi zvuk "WELCOME"... net usporeno radi..kada mašina radi malo duže od pola sata,ni jedan browser neće da se pokrene tj. neće net da radi... Koliko li je to zaraženo? I da li se vredi truditi oko ovoga,da li će biti očekivanih rezultata? Hvala ti u svakom slučaju!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odgovore na tvoja pitanja ne mogu dati u ovom trenutku. Potrebno je jos malo analize. Naravno da se vredi truditi.



Postavi mi svez CF log.
Uputstvo imas u jednom od mojih prethodnih post-ova.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pri skeniranju Combo Fix-a... Pisalo je file "aec.sys" infected! Na dobrom si putu!


ComboFix 10-07-26.04 - Sone 27.07.2010 22:38:34.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.419 [GMT 2:00]
Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\aec.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.

2010-07-27 20:33 . 2010-07-27 20:45 -------- d-----w- c:\windows\LastGood
2010-07-23 17:45 . 2010-07-27 20:45 767488 ----a-w- c:\windows\system32\drivers\yiuukchi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 20:46 . 2009-03-20 09:32 565280 ----a-w- c:\windows\system32\drivers\aec.sys
2010-07-27 20:33 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat
2010-07-27 03:25 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-24 11:17 . 2009-06-18 23:43 -------- d-----w- c:\program files\Red-Devils S©®ipt
2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat
2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp
2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent
2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2
2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve
2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype
2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM
2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit
2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-25 08:24 . 2010-05-25 08:24 503808 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\msvcp71.dll
2010-05-25 08:24 . 2010-05-25 08:24 499712 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\jmc.dll
2010-05-25 08:24 . 2010-05-25 08:24 348160 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\msvcr71.dll
2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2010-07-27 20:46 . !HASH: COULD NOT OPEN FILE !!!!! . 565280 . . [------] . . c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]
2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.1.2010 11:38 38224]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]

--- Other Services/Drivers In Memory ---

*Deregistered* - yiuukchi
.
Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job
- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job
- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Microsoft.Net.Client.3.5 - c:\ahcache\All Users\Microsoft.Net.Client.3.5\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-27 22:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yiuukchi]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8,
cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1392)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-07-27 22:48:21
ComboFix-quarantined-files.txt 2010-07-27 20:48

Pre-Run: 1.865.564.160 bytes free
Post-Run: 1.862.623.232 bytes free

- - End Of File - - A572256C5716B2FC14E92F375EADA1CD

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Idemo jedan malo kritican korak.
Zamolio bih te da postupis striktno po uputstvu.


1.
Procitaj pp (privatnu poruku) koji si dobio.



2.
Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:


Files to delete:
c:\windows\system32\drivers\yiuukchi.sys
c:\windows\system32\drivers\qredn.sys

Files to move:
c:\aec.sys|c:\windows\system32\drivers\aec.sys


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.




goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Jul 2010 0:37

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\drivers\yiuukchi.sys" deleted successfully.

Error: file "c:\windows\system32\drivers\qredn.sys" not found!
Deletion of file "c:\windows\system32\drivers\qredn.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\aec.sys" not found!
File move operation "c:\aec.sys|c:\windows\system32\drivers\aec.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Dopuna: 28 Jul 2010 20:43

Uspešno!

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\aec.sys|c:\windows\system32\drivers\aec.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi svez ComboFix log.