Finestre pubblicitarie he si aprono da sole

[jandri]

Non so più cosa fare. Continuano ad aprirsi finestre di pubblicità. Avast non trova virus. Ho comprato Spyware Doctor ha trovato ed eliminato 260 infezioni ma il problema continua... Il mio sistema operativo è Vista... Qualcuno ha un'idea?

[MIKI68]

Sarà colpa di un rootkit devi usare combofix scaricalo da qui : http://www.upyou.it/mydownloads+downloa ... bofix.html disattiva l'antivirus e fallo girare sul tuo pc po posta qui il report, fai girare anche malwarebyte scaricalo da qui: http://www.ilsoftware.it/querydl.asp?id=1078 aggiornalo e fai la scansione completa!!!!

[aspide71]

ciao Miki, visto che anche io ho lo stesso problema di jandri, ho seguito la stessa procedura ecco qui sotto il report.

Codice: Seleziona tutto

ComboFix 09-04-13.A0 - carmen 2009-04-13 10.46.29.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1040.18.3063.2059 [GMT 2:00]
Eseguito da: c:\users\carmen\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
 * Creato nuovo punto di ripristino
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\carmen\AppData\Local\wueqsya.dat
c:\users\carmen\AppData\Local\wueqsya.exe
c:\users\carmen\AppData\Local\wueqsya_nav.dat
c:\users\carmen\AppData\Local\wueqsya_navps.dat
c:\users\carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\carmen\FAVORI~1\Videos.url
c:\users\carmen\Favorites\Videos.url
c:\windows\system32\acovcnt.exe

.
(((((((((((((((((((((((((   Files Creati Da 2009-03-13 al 2009-04-13  )))))))))))))))))))))))))))))))))))
.

2009-04-13 08:39 . 2006-03-02 22:42   73728   ----a-w   C:\pv.exe
2009-04-13 07:57 . 2009-04-13 07:57   --------   d-----w   c:\users\carmen\AppData\Roaming\Malwarebytes
2009-04-13 07:57 . 2009-04-06 13:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-13 07:57 . 2009-04-06 13:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 07:57 . 2009-04-13 07:57   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-13 07:57 . 2009-04-13 07:57   --------   d-----w   c:\programdata\Malwarebytes
2009-04-12 18:49 . 2009-04-12 18:49   --------   d-----w   c:\program files\Lavasoft
2009-04-12 18:49 . 2009-04-12 18:52   --------   d-----w   c:\programdata\Lavasoft
2009-04-12 18:48 . 2009-04-12 18:48   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-04-12 18:18 . 2009-04-12 18:18   --------   d-----w   c:\program files\Trend Micro
2009-04-10 08:06 . 2009-04-10 08:08   --------   d-----w   c:\programdata\MGS
2009-04-10 08:06 . 2009-04-10 08:06   --------   d-----w   c:\programdata\Microgaming
2009-04-10 08:06 . 2009-04-10 08:06   --------   d-----w   C:\MicroGaming
2009-04-09 21:02 . 2009-04-09 21:02   --------   d-----w   c:\program files\Common Files\DivX Shared
2009-03-15 17:57 . 2009-03-15 17:57   --------   d-----w   c:\program files\ffdshow
2009-03-15 17:57 . 2009-03-15 17:57   --------   d-----w   c:\users\carmen\AppData\Roaming\Media Player Classic

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 08:47 . 2008-07-17 19:27   32768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-13 08:47 . 2008-07-17 19:27   16384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-13 08:47 . 2008-07-17 19:27   16384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-13 08:42 . 2007-04-18 07:30   682422   ----a-w   c:\windows\System32\perfh010.dat
2009-04-13 08:42 . 2007-04-18 07:30   114828   ----a-w   c:\windows\System32\perfc010.dat
2009-04-13 08:38 . 2009-02-15 19:37   91   ----a-w   c:\users\carmen\AppData\Local\vdsbixf.bat
2009-04-13 08:37 . 2009-04-13 08:21   2048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-13 08:37 . 2009-04-13 08:21   2048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-13 08:30 . 2009-02-09 21:21   --------   d-----w   c:\programdata\Google Updater
2009-04-13 07:58 . 2008-09-10 15:20   --------   d-----w   c:\program files\Common Files\Adobe
2009-04-09 21:02 . 2008-07-19 09:41   --------   d-----w   c:\program files\Google
2009-04-09 21:02 . 2008-08-16 11:01   --------   d-----w   c:\program files\DivX
2009-04-04 15:46 . 2008-04-10 22:26   --------   d-----w   c:\programdata\Microsoft Help
2009-03-24 23:47 . 2008-12-18 20:38   --------   d-----w   c:\program files\Java
2009-03-13 20:00 . 2009-03-13 20:00   --------   d-----w   c:\program files\101 Dino Pets
2009-03-11 02:06 . 2006-11-02 11:18   --------   d-----w   c:\program files\Windows Mail
2009-03-09 04:19 . 2008-12-18 20:38   410984   ----a-w   c:\windows\System32\deploytk.dll
2009-03-01 11:08 . 2009-03-01 11:08   --------   d-----w   c:\program files\Alcohol Soft
2009-03-01 11:05 . 2009-03-01 11:05   716272   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-02-24 20:13 . 2009-02-24 20:13   --------   d-----w   c:\program files\AC3Filter
2009-02-22 21:33 . 2009-02-22 21:33   --------   d-----w   c:\users\carmen\AppData\Roaming\Ahead
2009-02-22 21:33 . 2009-02-22 21:33   --------   d-----w   c:\programdata\LightScribe
2009-02-21 23:51 . 2009-02-21 23:51   --------   d-----w   c:\programdata\Avira
2009-02-21 23:51 . 2009-02-21 23:51   --------   d-----w   c:\program files\Avira
2009-02-09 01:54 . 2009-03-10 19:33   2030080   ----a-w   c:\windows\System32\win32k.sys
2009-02-05 23:10 . 2009-02-05 23:10   16384   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-02-05 23:10 . 2009-02-05 23:10   16384   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-02-05 23:10 . 2009-02-05 23:10   32768   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-01-15 04:16 . 2009-02-12 16:59   826368   ----a-w   c:\windows\System32\wininet.dll
2009-01-15 04:16 . 2009-02-12 16:59   56320   ----a-w   c:\windows\System32\iesetup.dll
2009-01-15 04:16 . 2009-02-12 16:59   52736   ----a-w   c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 . 2009-02-12 16:59   26624   ----a-w   c:\windows\System32\ieUnatt.exe
2008-12-10 02:19 . 2006-11-02 12:48   174   --sha-w   c:\program files\desktop.ini
2008-11-21 20:17 . 2008-07-17 19:31   99864   ----a-w   c:\users\carmen\AppData\Local\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-24 00:03   1784856   --a------   c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 02:08   143360   --a------   c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-19 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-12 133656]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-10-11 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A9A785BE-36A8-4372-B30B-8DB584F0B04C}"= c:\program files\ASUSTek\ASUSDVD\PowerDVD.EXE:CyberLink PowerDVD
"{C60E1CFE-1BF2-4A48-87EF-B230E1BC0B06}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DFB9199E-6043-4937-B2EA-3E185C1149D3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{94889DEE-64C3-4529-A592-458C38885289}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 gupdate1c98afc7f9ef371;Google Update Service (gupdate1c98afc7f9ef371);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3a20a6-5437-11dd-973d-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3a20b8-5437-11dd-973d-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ed5cba6-5631-11dd-81ab-001fc6656b6d}]
\shell\AutoRun\command - G:\ceb6eu98.bat
\shell\explore\Command - G:\ceb6eu98.bat
\shell\open\Command - G:\ceb6eu98.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b98f741-aca5-11dd-a288-001fc6656b6d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b98f765-aca5-11dd-a288-001fc6656b6d}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a88d4a-b0c6-11dd-a142-001fc6656b6d}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a88d4c-b0c6-11dd-a142-001fc6656b6d}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a56e5f39-54a1-11dd-9e1e-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a56e5f3a-54a1-11dd-9e1e-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 16:07]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 23:22]

2009-04-12 c:\windows\Tasks\User_Feed_Synchronization-{E7DE0CA0-B957-4AE9-A290-EE4053D34FDD}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-wueqsya - c:\users\carmen\appdata\local\wueqsya.exe
HKLM-Run-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B9EACECE-8247-43C4-A380-73D0B8A92CC6} = 208.67.222.222,208.67.220.220
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 11:04
Windows 6.0.6000  NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\ADSM_PData_0150

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
Ora fine scansione: 2009-04-13 11.06.37
ComboFix-quarantined-files.txt  2009-04-13 09:06

Pre-Run: 55.028.035.584 byte disponibili
Post-Run: 55,794,593,792 byte disponibili

194   --- E O F ---   2009-04-06 23:09

[hydra]

Anche se il log non è di Hijackthis, è comunque lungo. Imparate a usare il tag code.
PS: sposto in sezione adatta.

[MIKI68]

Si aprono ancora da sole le finestre di pubblicità???

[aspide71]

ciao Miki,almeno per me tutto risolto grazie .
per quanto riguarda invece:

hydra » 14/04/09 08:11

Anche se il log non è di Hijackthis, è comunque lungo. Imparate a usare il tag code.
PS: sposto in sezione adatta.


Poi in riferimento a quello che ha scritto il "moralizzatore"qui sopra, Invece di evidenziare se il log e' di questo o di quell'altro software , se lungo o corto , e se impariamo o meno, avresti fatto una bella figura se rispondevi come ha fatto Miki...-
ps: Ora bannami pure...

[alex96]

salve,ho avuto anch'io lo stesso problema,si trattava di un infezione che ho risolto scaricando il programma di prova A-squared Anti Malware.... fatto aggornamento e scansione trovata l'infezione (che Norton non aveva trovato e nemmeno spyware doctor)...caso risolto

[valeriot90]

pagine di pubblicita quando si avvia il browser internet???? trojan downloader.... rimuovete con un software antivirus decente: norton,panda,kaspersky,bitdefender,g-data...

[Frate Aurelio]

pagine di pubblicita quando si avvia il browser internet???? trojan downloader.... rimuovete con un software antivirus decente: norton,panda,kaspersky,bitdefender,g-data...

@valerio,
Alle volte, oserei dire spesso, i trojan downloader non vengono individuati dagli antivirus decenti, ecco perchè io consiglio sempre, inizialmente, l'esecuzione di Hijackthis e di Malawarebytes in modo da avere un quadro della situazione.

Frate Aurelio

[Frate Aurelio]

@MIKI68
Ciao e scusami l'ingerenza.
Queste chiavi ?:

Codice: Seleziona tutto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3a20a6-5437-11dd-973d-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3a20b8-5437-11dd-973d-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ed5cba6-5631-11dd-81ab-001fc6656b6d}]
\shell\AutoRun\command - G:\ceb6eu98.bat
\shell\explore\Command - G:\ceb6eu98.bat
\shell\open\Command - G:\ceb6eu98.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b98f741-aca5-11dd-a288-001fc6656b6d}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b98f765-aca5-11dd-a288-001fc6656b6d}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a88d4a-b0c6-11dd-a142-001fc6656b6d}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a88d4c-b0c6-11dd-a142-001fc6656b6d}]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a56e5f39-54a1-11dd-9e1e-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a56e5f3a-54a1-11dd-9e1e-001fc6656b6d}]
\shell\AutoRun\command - F:\StartVMCLite.exe


Frate Aurelio