Kontrola dvou logů
Napsal: 15 srp 2010 11:00
Dobrý den. Máme problém se dvěma notebookama. Využití stránkovacího souboru je u obou příliš veliké (kolem 800 MB). Nevím čím by to mohlo být, mám podezření na nějaký vir. Zasílám tudíž oba logy těchto notebooků a prosím o kontrolu.
Děkuji za odpověď.
ComboFix 10-08-11.05 - Martina 12.08.2010 11:20:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.503.287 [GMT 2:00]
Spuštěný z: c:documents and settingsMartinaPlochaStažené souboryComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 08:49 . 2010-08-12 08:49 114688 ----a-w- c:windowssystem32chg.exe
2010-07-14 10:12 . 2010-06-14 14:31 744448 ------w- c:windowssystem32dllcachehelpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 18:50 . 2004-09-08 10:22 62336 ----a-w- c:windowssystem32perfc005.dat
2010-07-14 18:50 . 2004-09-08 10:22 379806 ----a-w- c:windowssystem32perfh005.dat
2010-06-30 12:33 . 2004-08-18 08:00 149504 ----a-w- c:windowssystem32schannel.dll
2010-06-28 20:57 . 2010-07-06 08:13 38848 ----a-w- c:windowsavastSS.scr
2010-06-28 20:57 . 2010-04-23 19:07 165032 ----a-w- c:windowssystem32aswBoot.exe
2010-06-28 20:37 . 2010-04-23 19:08 46672 ----a-w- c:windowssystem32driversaswTdi.sys
2010-06-28 20:37 . 2010-04-23 19:08 165456 ----a-w- c:windowssystem32driversaswSP.sys
2010-06-28 20:33 . 2010-04-23 19:08 23376 ----a-w- c:windowssystem32driversaswRdr.sys
2010-06-28 20:32 . 2010-04-23 19:08 100176 ----a-w- c:windowssystem32driversaswmon2.sys
2010-06-28 20:32 . 2010-04-23 19:08 94544 ----a-w- c:windowssystem32driversaswmon.sys
2010-06-28 20:32 . 2010-04-23 19:08 17744 ----a-w- c:windowssystem32driversaswFsBlk.sys
2010-06-28 20:32 . 2010-04-23 19:08 28880 ----a-w- c:windowssystem32driversaavmker4.sys
2010-06-24 12:27 . 2004-08-18 08:00 916480 ----a-w- c:windowssystem32wininet.dll
2010-06-24 09:02 . 2004-08-18 08:00 1851904 ----a-w- c:windowssystem32win32k.sys
2010-06-21 15:27 . 2004-08-18 08:00 354304 ----a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03 . 2004-08-18 08:00 80384 ----a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31 . 2004-08-18 08:00 744448 ----a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-14 07:43 . 2004-08-18 08:00 1172480 ----a-w- c:windowssystem32msxml3.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-02-18 248040]
"HP Software Update"="c:program filesHpHP Software UpdateHPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:program fileshpqHP Wireless AssistantHP Wireless Assistant.exe" [2006-02-14 454656]
"Cpqset"="c:program filesHPQDefault Settingscpqset.exe" [2006-01-26 172094]
"Recguard"="c:windowsSminstRecguard.exe" [2005-12-20 1187840]
"Reminder"="c:windowsCreatorRemind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:windowsSMINSTScheduler.exe" [2006-02-15 892928]
"avast5"="c:progra~1ALWILS~1Avast5avastUI.exe" [2010-06-28 2837864]
"SynTPStart"="c:program filesSynapticsSynTPSynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 8.0ReaderReader_sl.exe" [2007-05-11 40048]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\SMINST\Scheduler.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\ICQ6.5\ICQ.exe"=
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [23.4.2010 21:08 165456]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [23.4.2010 21:08 17744]
S3 GTIPCI21;GTIPCI21;c:windowssystem32DRIVERSgtipci21.sys --> c:windowssystem32DRIVERSgtipci21.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-12 c:windowsTasksUser_Feed_Synchronization-{349FA7BF-11A8-4324-8872-09E94EB420AB}.job
- c:windowssystem32msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15854&l=dis
IE: E&xportovat do aplikace Microsoft Office Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF - ProfilePath - c:documents and settingsMartinaData aplikacíMozillaFirefoxProfilese9f2135r.default
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesMozilla Firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-WatchDog - c:program filesInterVideoDVD CheckDVDCheck.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 11:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Cpqset = c:program filesHPQDefault Settingscpqset.exe????P[??????n??|?????? ??4B??????????????hB? ???P[?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-08-12 11:26:06
ComboFix-quarantined-files.txt 2010-08-12 09:26
Před spuštěním: Volných bajtů: 30 245 916 672
Po spuštění: Volných bajtů: 30 266 703 872
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 14581327D8E8B76811FFFCBB0C0FC092
2. log
ComboFix 10-08-11.05 - Pavla 12.08.2010 17:57:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.503.301 [GMT 2:00]
Spuštěný z: c:documents and settingsPavlaPlochaComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 15:22 . 2010-08-12 15:22 -------- d-----w- c:windowsLastGood
2010-08-12 15:00 . 2010-08-12 15:00 94208 ----a-w- c:windowssystem32pwd.dll
2010-07-17 18:37 . 2010-06-14 14:31 744448 ------w- c:windowssystem32dllcachehelpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 20:57 . 2010-07-01 18:09 38848 ----a-w- c:windowsavastSS.scr
2010-06-28 20:57 . 2010-04-04 15:43 165032 ----a-w- c:windowssystem32aswBoot.exe
2010-06-28 20:37 . 2010-04-04 15:43 46672 ----a-w- c:windowssystem32driversaswTdi.sys
2010-06-28 20:37 . 2010-04-04 15:43 165456 ----a-w- c:windowssystem32driversaswSP.sys
2010-06-28 20:33 . 2010-04-04 15:43 23376 ----a-w- c:windowssystem32driversaswRdr.sys
2010-06-28 20:32 . 2010-04-04 15:43 100176 ----a-w- c:windowssystem32driversaswmon2.sys
2010-06-28 20:32 . 2010-04-04 15:43 94544 ----a-w- c:windowssystem32driversaswmon.sys
2010-06-28 20:32 . 2010-04-04 15:43 17744 ----a-w- c:windowssystem32driversaswFsBlk.sys
2010-06-28 20:32 . 2010-04-04 15:43 28880 ----a-w- c:windowssystem32driversaavmker4.sys
2010-06-23 16:55 . 2004-09-08 10:22 82750 ----a-w- c:windowssystem32perfc005.dat
2010-06-23 16:55 . 2004-09-08 10:22 438070 ----a-w- c:windowssystem32perfh005.dat
2010-06-14 14:31 . 2004-08-18 08:00 744448 ----a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"WMPNSCFG"="c:program filesWindows Media PlayerWMPNSCFG.exe" [2007-01-05 204288]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-02-18 248040]
"PTHOSTTR"="c:program filesHPQHP ProtectTools Security ManagerPTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="c:program filesHPQDefault Settingscpqset.exe" [2006-01-26 172094]
"Recguard"="c:windowsSminstRecguard.exe" [2005-12-20 1187840]
"Reminder"="c:windowsCreatorRemind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:windowsSMINSTScheduler.exe" [2006-02-15 892928]
"WatchDog"="c:program filesInterVideoDVD CheckDVDCheck.exe" [2005-11-08 184320]
"SynTPStart"="c:program filesSynapticsSynTPSynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 8.0ReaderReader_sl.exe" [2007-05-11 40048]
"avast5"="c:progra~1ALWILS~1Avast5avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\SMINST\Scheduler.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [4.4.2010 17:43 165456]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [4.4.2010 17:43 17744]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:windowssystem32driversAVerBDA3x.sys [20.12.2009 15:33 1180544]
S3 GTIPCI21;GTIPCI21;c:windowssystem32DRIVERSgtipci21.sys --> c:windowssystem32DRIVERSgtipci21.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-11 c:windowsTasksUser_Feed_Synchronization-{47D071D6-7BCB-4FD6-9188-B95B3EA5A58B}.job
- c:windowssystem32msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://info-bn.sxg.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF - ProfilePath - c:documents and settingsPavlaData aplikacíMozillaFirefoxProfilesxigmokmx.default
FF - prefs.js: browser.startup.homepage - hxxp://info-bn.sxg.cz/
FF - plugin: c:program filesMozilla FirefoxpluginsnpdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
---- NASTAVENÍ FIREFOXU ----
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesMozilla Firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 18:02
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Cpqset = c:program filesHPQDefault Settingscpqset.exe????P[??????n??|?????? ??4B??????????????hB? ???P[?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-08-12 18:04:30
ComboFix-quarantined-files.txt 2010-08-12 16:04
Před spuštěním: Volných bajtů: 11 200 221 184
Po spuštění: Volných bajtů: 11 712 774 144
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - A035277762D4B1CEB0A3FE39D9373EED
Děkuji za odpověď.
ComboFix 10-08-11.05 - Martina 12.08.2010 11:20:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.503.287 [GMT 2:00]
Spuštěný z: c:documents and settingsMartinaPlochaStažené souboryComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 08:49 . 2010-08-12 08:49 114688 ----a-w- c:windowssystem32chg.exe
2010-07-14 10:12 . 2010-06-14 14:31 744448 ------w- c:windowssystem32dllcachehelpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 18:50 . 2004-09-08 10:22 62336 ----a-w- c:windowssystem32perfc005.dat
2010-07-14 18:50 . 2004-09-08 10:22 379806 ----a-w- c:windowssystem32perfh005.dat
2010-06-30 12:33 . 2004-08-18 08:00 149504 ----a-w- c:windowssystem32schannel.dll
2010-06-28 20:57 . 2010-07-06 08:13 38848 ----a-w- c:windowsavastSS.scr
2010-06-28 20:57 . 2010-04-23 19:07 165032 ----a-w- c:windowssystem32aswBoot.exe
2010-06-28 20:37 . 2010-04-23 19:08 46672 ----a-w- c:windowssystem32driversaswTdi.sys
2010-06-28 20:37 . 2010-04-23 19:08 165456 ----a-w- c:windowssystem32driversaswSP.sys
2010-06-28 20:33 . 2010-04-23 19:08 23376 ----a-w- c:windowssystem32driversaswRdr.sys
2010-06-28 20:32 . 2010-04-23 19:08 100176 ----a-w- c:windowssystem32driversaswmon2.sys
2010-06-28 20:32 . 2010-04-23 19:08 94544 ----a-w- c:windowssystem32driversaswmon.sys
2010-06-28 20:32 . 2010-04-23 19:08 17744 ----a-w- c:windowssystem32driversaswFsBlk.sys
2010-06-28 20:32 . 2010-04-23 19:08 28880 ----a-w- c:windowssystem32driversaavmker4.sys
2010-06-24 12:27 . 2004-08-18 08:00 916480 ----a-w- c:windowssystem32wininet.dll
2010-06-24 09:02 . 2004-08-18 08:00 1851904 ----a-w- c:windowssystem32win32k.sys
2010-06-21 15:27 . 2004-08-18 08:00 354304 ----a-w- c:windowssystem32driverssrv.sys
2010-06-17 14:03 . 2004-08-18 08:00 80384 ----a-w- c:windowssystem32iccvid.dll
2010-06-14 14:31 . 2004-08-18 08:00 744448 ----a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
2010-06-14 07:43 . 2004-08-18 08:00 1172480 ----a-w- c:windowssystem32msxml3.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-02-18 248040]
"HP Software Update"="c:program filesHpHP Software UpdateHPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:program fileshpqHP Wireless AssistantHP Wireless Assistant.exe" [2006-02-14 454656]
"Cpqset"="c:program filesHPQDefault Settingscpqset.exe" [2006-01-26 172094]
"Recguard"="c:windowsSminstRecguard.exe" [2005-12-20 1187840]
"Reminder"="c:windowsCreatorRemind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:windowsSMINSTScheduler.exe" [2006-02-15 892928]
"avast5"="c:progra~1ALWILS~1Avast5avastUI.exe" [2010-06-28 2837864]
"SynTPStart"="c:program filesSynapticsSynTPSynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 8.0ReaderReader_sl.exe" [2007-05-11 40048]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\SMINST\Scheduler.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\ICQ6.5\ICQ.exe"=
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [23.4.2010 21:08 165456]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [23.4.2010 21:08 17744]
S3 GTIPCI21;GTIPCI21;c:windowssystem32DRIVERSgtipci21.sys --> c:windowssystem32DRIVERSgtipci21.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-12 c:windowsTasksUser_Feed_Synchronization-{349FA7BF-11A8-4324-8872-09E94EB420AB}.job
- c:windowssystem32msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15854&l=dis
IE: E&xportovat do aplikace Microsoft Office Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF - ProfilePath - c:documents and settingsMartinaData aplikacíMozillaFirefoxProfilese9f2135r.default
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesMozilla Firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-WatchDog - c:program filesInterVideoDVD CheckDVDCheck.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 11:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Cpqset = c:program filesHPQDefault Settingscpqset.exe????P[??????n??|?????? ??4B??????????????hB? ???P[?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-08-12 11:26:06
ComboFix-quarantined-files.txt 2010-08-12 09:26
Před spuštěním: Volných bajtů: 30 245 916 672
Po spuštění: Volných bajtů: 30 266 703 872
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 14581327D8E8B76811FFFCBB0C0FC092
2. log
ComboFix 10-08-11.05 - Pavla 12.08.2010 17:57:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.503.301 [GMT 2:00]
Spuštěný z: c:documents and settingsPavlaPlochaComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 15:22 . 2010-08-12 15:22 -------- d-----w- c:windowsLastGood
2010-08-12 15:00 . 2010-08-12 15:00 94208 ----a-w- c:windowssystem32pwd.dll
2010-07-17 18:37 . 2010-06-14 14:31 744448 ------w- c:windowssystem32dllcachehelpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 20:57 . 2010-07-01 18:09 38848 ----a-w- c:windowsavastSS.scr
2010-06-28 20:57 . 2010-04-04 15:43 165032 ----a-w- c:windowssystem32aswBoot.exe
2010-06-28 20:37 . 2010-04-04 15:43 46672 ----a-w- c:windowssystem32driversaswTdi.sys
2010-06-28 20:37 . 2010-04-04 15:43 165456 ----a-w- c:windowssystem32driversaswSP.sys
2010-06-28 20:33 . 2010-04-04 15:43 23376 ----a-w- c:windowssystem32driversaswRdr.sys
2010-06-28 20:32 . 2010-04-04 15:43 100176 ----a-w- c:windowssystem32driversaswmon2.sys
2010-06-28 20:32 . 2010-04-04 15:43 94544 ----a-w- c:windowssystem32driversaswmon.sys
2010-06-28 20:32 . 2010-04-04 15:43 17744 ----a-w- c:windowssystem32driversaswFsBlk.sys
2010-06-28 20:32 . 2010-04-04 15:43 28880 ----a-w- c:windowssystem32driversaavmker4.sys
2010-06-23 16:55 . 2004-09-08 10:22 82750 ----a-w- c:windowssystem32perfc005.dat
2010-06-23 16:55 . 2004-09-08 10:22 438070 ----a-w- c:windowssystem32perfh005.dat
2010-06-14 14:31 . 2004-08-18 08:00 744448 ----a-w- c:windowspchealthhelpctrbinarieshelpsvc.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"WMPNSCFG"="c:program filesWindows Media PlayerWMPNSCFG.exe" [2007-01-05 204288]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-02-18 248040]
"PTHOSTTR"="c:program filesHPQHP ProtectTools Security ManagerPTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="c:program filesHPQDefault Settingscpqset.exe" [2006-01-26 172094]
"Recguard"="c:windowsSminstRecguard.exe" [2005-12-20 1187840]
"Reminder"="c:windowsCreatorRemind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:windowsSMINSTScheduler.exe" [2006-02-15 892928]
"WatchDog"="c:program filesInterVideoDVD CheckDVDCheck.exe" [2005-11-08 184320]
"SynTPStart"="c:program filesSynapticsSynTPSynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:windowssystem32igfxpers.exe" [2008-02-15 131072]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 8.0ReaderReader_sl.exe" [2007-05-11 40048]
"avast5"="c:progra~1ALWILS~1Avast5avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\SMINST\Scheduler.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [4.4.2010 17:43 165456]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [4.4.2010 17:43 17744]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:windowssystem32driversAVerBDA3x.sys [20.12.2009 15:33 1180544]
S3 GTIPCI21;GTIPCI21;c:windowssystem32DRIVERSgtipci21.sys --> c:windowssystem32DRIVERSgtipci21.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-11 c:windowsTasksUser_Feed_Synchronization-{47D071D6-7BCB-4FD6-9188-B95B3EA5A58B}.job
- c:windowssystem32msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://info-bn.sxg.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF - ProfilePath - c:documents and settingsPavlaData aplikacíMozillaFirefoxProfilesxigmokmx.default
FF - prefs.js: browser.startup.homepage - hxxp://info-bn.sxg.cz/
FF - plugin: c:program filesMozilla FirefoxpluginsnpdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
---- NASTAVENÍ FIREFOXU ----
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesMozilla Firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 18:02
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Cpqset = c:program filesHPQDefault Settingscpqset.exe????P[??????n??|?????? ??4B??????????????hB? ???P[?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-08-12 18:04:30
ComboFix-quarantined-files.txt 2010-08-12 16:04
Před spuštěním: Volných bajtů: 11 200 221 184
Po spuštění: Volných bajtů: 11 712 774 144
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - A035277762D4B1CEB0A3FE39D9373EED
Dejte soubor otestovat na 
.
Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci