a tady je combofix, jinak problém s tim fake virem ustal
ComboFix 09-09-29.04 - Eda 30.09.2009 18:59.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.537 [GMT 2:00]
Spuštěný z: X:\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
/wow section - STAGE 10
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dokumenty\arykuty.pif
c:\documents and settings\All Users\Dokumenty\byzax.sys
c:\documents and settings\All Users\Dokumenty\esologihil.inf
c:\documents and settings\All Users\Dokumenty\jyqidan.exe
c:\documents and settings\All Users\Dokumenty\tevajab.exe
c:\documents and settings\All Users\Dokumenty\tuzuwe.dll
c:\documents and settings\All Users\Dokumenty\wamezipy.dl
c:\documents and settings\Eda\Data aplikací\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Eda\Data aplikací\Microsoft\Clip Organizer\Offic10.MGC
c:\documents and settings\LocalService\Cookies\cukokyryt.inf
c:\documents and settings\LocalService\Cookies\gafaqyq.dl
c:\documents and settings\LocalService\Cookies\irytyger.bat
c:\documents and settings\LocalService\Cookies\lejih.com
c:\documents and settings\LocalService\Cookies\olak.scr
c:\documents and settings\LocalService\Local Settings\Data aplikacˇ\byxo.vbs
c:\documents and settings\LocalService\Local Settings\Data aplikacˇ\feverejuw.vbs
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\azywure.inf
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ifefocewob.bin
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\pipafyp.inf
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\pory.sys
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\sexodego.reg
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wureno._dl
c:\program files\Common Files\acoro.inf
c:\program files\Common Files\egih.exe
c:\windows\ajydejuqi._dl
c:\windows\amilyfix.pif
c:\windows\egedam.vbs
c:\windows\gaminof.dll
c:\windows\Installer\1658554.msi
c:\windows\Installer\9521fa.msi
c:\windows\puwoxu.pif
c:\windows\system32\_scui.cpl
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp47.tmp
c:\windows\system32\tmp74.tmp
c:\windows\system32\ubosaxa.ban
c:\windows\system32\udex.pif
c:\windows\system32\uqazaquwi._dl
c:\windows\system32\wpcap.dll
c:\windows\UA000079.DLL
c:\windows\UA000080.DLL
c:\windows\wyduf._dl
Nakažená kopie c:\windows\system32\drivers\AGP440.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-28 do 2009-09-30 )))))))))))))))))))))))))))))))
.
2009-09-30 16:48 . 2009-09-30 16:48 17300 ----a-w- c:\windows\iqaxulu.dat
2009-09-30 16:48 . 2009-09-30 16:48 12196 ----a-w- c:\windows\system32\wuvile.com
2009-09-30 16:48 . 2009-09-30 16:49 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-30 13:49 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 13:49 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 13:49 . 2009-09-30 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 12:29 . 2009-09-30 12:29 -------- d-----w- c:\program files\Trend Micro
2009-09-30 05:12 . 2009-09-30 05:12 -------- d-----w- C:\AntivirusPro_2010
2009-09-22 21:31 . 2009-09-22 21:31 -------- d-----w- c:\program files\CountDown ShutDown PC
2009-09-22 13:21 . 2007-08-22 15:02 32768 ----a-w- c:\documents and settings\Eda\mspformat.exe
2009-09-21 20:54 . 2009-09-21 20:54 -------- d-sh--w- c:\documents and settings\Eda\IECompatCache
2009-09-08 12:59 . 2009-09-08 12:59 -------- d-----w- C:\Sounds
2009-09-08 12:45 . 2008-11-11 11:42 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-09-08 12:45 . 2008-11-11 11:41 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-09-08 12:45 . 2008-11-11 11:41 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-09-08 12:45 . 2009-09-08 12:45 -------- d-----w- c:\program files\LG Electronics
2009-09-08 12:43 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-09-08 12:43 . 2009-09-28 21:22 -------- d-----w- c:\program files\LG PC Suite II
2009-09-03 17:42 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-09-03 17:42 . 2005-04-04 15:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2009-09-03 17:42 . 2005-03-28 13:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-09-03 17:42 . 2005-02-24 09:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2009-09-03 17:42 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2009-09-03 17:42 . 2005-05-17 10:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-09-03 17:42 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-09-03 17:42 . 2005-04-15 10:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2009-09-03 17:42 . 2004-11-04 11:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-09-03 17:42 . 2009-09-03 17:42 -------- d-----w- c:\program files\Mp3 Editor for Free
2009-09-01 18:31 . 2009-09-01 18:31 -------- d-----w- c:\program files\ICQ6Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 16:45 . 2009-01-29 23:20 -------- d-----w- c:\program files\ViStart
2009-09-30 13:47 . 2008-02-26 15:59 -------- d-----w- c:\program files\ICQToolbar
2009-09-30 13:10 . 2007-10-06 19:25 -------- d-----w- c:\program files\Logitech
2009-09-23 05:08 . 2008-07-07 21:05 -------- d-----w- c:\program files\7-Zip
2009-09-23 05:08 . 2008-03-21 18:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-21 19:42 . 2009-03-08 18:34 -------- d-----w- c:\program files\CamStudio
2009-09-21 19:42 . 2008-03-12 16:53 -------- d-----w- c:\program files\LimeWire
2009-09-21 19:39 . 2008-07-10 11:28 260 ----a-w- c:\windows\system32\FSEPath.dat
2009-09-08 12:45 . 2007-05-13 11:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-05 22:00 . 2009-02-12 21:11 -------- d-----w- c:\program files\Microsoft Works
2009-09-01 18:30 . 2008-02-26 15:57 -------- d-----w- c:\program files\ICQ6
2009-08-07 07:04 . 2004-08-18 12:00 91916 ----a-w- c:\windows\system32\perfc005.dat
2009-08-07 07:04 . 2004-08-18 12:00 461950 ----a-w- c:\windows\system32\perfh005.dat
2009-08-05 09:07 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:57 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2004-03-11 11:27 . 2007-05-13 17:08 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-01-30 1363968]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2003-12-22 86016]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2008-08-12 3508568]
"Vista Sidebar"="c:\program files\Vista Sidebar\sidebar.exe" [2007-11-20 524288]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-26 593920]
"Google Update"="c:\documents and settings\Eda\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-15 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2009-2-6 1290240]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^EA_RESTART_001.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\EA_RESTART_001.lnk
backup=c:\windows\pss\EA_RESTART_001.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Eda^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Eda\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Eda^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Eda\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Eda^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Eda\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\ricochet\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"x:\\metin2.bin"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12973:TCP"= 12973:TCP:BitComet 12973 TCP
"12973:UDP"= 12973:UDP:BitComet 12973 UDP
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [12.7.2008 17:17 39472]
R0 wxbfileb;XB File System Filter Driver;c:\windows\system32\drivers\wxbfileb.sys [10.7.2008 13:28 18816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.5.2008 16:40 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2008 16:40 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [9.6.2007 1:23 208896]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [22.4.2009 13:59 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [22.4.2009 13:59 3072]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11.7.2008 19:36 13352]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15.11.2008 13:45 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-13 09:08]
2009-09-30 c:\windows\Tasks\User_Feed_Synchronization-{79F3AA60-B8C3-4A39-9663-FB760B2A1711}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
2009-09-30 c:\windows\Tasks\User_Feed_Synchronization-{8A1CF739-A63D-4154-AEB9-91B14C533DC1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.centrum.cz/skinit/icq/uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Notify-AtiExtEvent - (no file)
AddRemove-eMusic Promotion - x:\winamp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-Video Player ActiveX 1.05a - c:\program files\Video Player ActiveX 1.05a
AddRemove-Winamp - x:\winamp\UninstWA.exe
AddRemove-{FlatOut} - d:\\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-30 19:09
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-861567501-117609710-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:19,0d,4f,00,1c,6e,c4,ae,5b,4b,ca,25,71,9b,14,88,74,fd,f6,3a,6d,33,2f,
8a,e5,8f,82,02,75,8b,b5,1c,85,3f,14,68,70,2e,04,31,71,24,76,84,e0,e1,d6,f2,\
"??"=hex:19,ba,59,ea,19,57,ef,1e,db,35,28,3a,74,e6,dd,04
[HKEY_USERS\S-1-5-21-861567501-117609710-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:0d,9f,a3,41,fa,47,21,2c,e5,7a,a8,16,e3,1f,ea,39,ea,58,80,c7,6b,
8b,14,f4,53,bd,69,38,2d,c7,28,8f,2f,b3,6b,57,3c,ca,24,a3,45,b6,8e,9e,41,19,\
"rkeysecu"=hex:55,72,b1,1f,88,a2,03,c5,fe,42,58,65,86,b9,0f,2f
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2444)
c:\program files\ViStart\MainHook.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Celkový čas: 2009-09-30 19:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-30 17:16
Před spuštěním: 4 023 230 464
Po spuštění: 6 432 665 600
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
290 --- E O F --- 2009-09-23 05:14