Avast hlásí Cutwail, nevím co s tím,prosím o kontrolu logu + Vyřešeno

[glov]

Zdravím, Avast neustále detekuje trojana Cutwail, neví si s tím rady žádnej Doctor, Ad-aware, Spybot..... počítač je dost pomalej, některý věci nejdou spustit, občas vynechávají prohlížeče... pomozte jak se toho zbavit, nechci přeinstalovávat systém.... díky za rady, ale prosím o podrobnější popis, jak na to, na tyhle věci jsem začátečník.... děkuju moc

[Reklama]

[tamagoci]

Vítej na foru.Vlož sem nebo do sekce Hijackthis log z tohoto programu.
Návod zde:
viewtopic.php?f=70&t=5119

[guest]

Vítám Tě na PC-Help. Udělej log z HijackThis, vlož ho do sekce HijackThis a požádej o kontrolu. Návod a odkaz na stažení mám v podpisu.

[glov]

díky, tady je ten log (můžu kdyžtak udělat i log z RSIT)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:38, on 12.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetCentrum\Notifikator\Notifikator.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSof0.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSof0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSof0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SpyRemoverPro] C:\PROGRA~1\SPYREM~1\SpyRemoverPro.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [Centrum.cz Notifikátor] "C:\Program Files\NetCentrum\Notifikator\Notifikator.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Wittec] C:\Documents and Settings\Wittec\Wittec.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: rncsys32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6CA5EF1-ED0F-45AF-8E18-B92864CF6310}: NameServer = 195.128.203.2,195.128.203.3
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9248 bytes

[guest]

Jestli mohu poradit, tak si název trochu uprav a napiš tam prosím o kontrolu logu. Např. Avast hlásí Cutwail, prosím o kontrolu logu. Jedná se o to, že odborníků na logy je zde jen pár, mají spoustu práce a při stávajícím názvu si toho nemusejí všimnout.

[memphisto]

ale všimnou

Odinstaluj ICQ Toolbar,doporučuji vypnout rezidentní štít Spybota,protože AVAST už antispyware štít obsahuje a může se s Spybotem bát

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[guest]

No ne vždy, někdy máte spoustu práce jen v HijackThis a když ti lidi dají log někam jinam tak čekají a diví se, že se nedočkali odpovědi. Někdy ta komunikace je opravdu divná a tazatel nepochopí kam ten log má dát.

[glov]

tady je ten log z mbam, během části toho skenu se Avast mohl zbláznit, co to vyhazovalo trojanů... (možná jsem ho měl před tím scanem vypnout?)

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2413
Windows 5.1.2600 Service Pack 2

12.7.2009 23:13:58
mbam-log-2009-07-12 (23-13-37).txt

Typ skenu: Rychlý sken
Objektu skenováno: 110471
Uplynulý cas: 21 minute(s), 46 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 10
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 1
Infikované soubory: 34

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyRemoverPro (Rogue.SpyRemover) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
c:\program files\SpyRemover Pro (Rogue.SpyRemover) -> No action taken.

Infikované soubory:
c:\documents and settings\Wittec\local settings\Temp\~TM2B.tmp (Trojan.Dropper) -> No action taken.
c:\documents and settings\Wittec\Wittec.exe (Trojan.Agent) -> No action taken.
c:\program files\spyremover pro\News.html (Rogue.SpyRemover) -> No action taken.
c:\program files\spyremover pro\SpyRemover Pro_Startup.txt (Rogue.SpyRemover) -> No action taken.
c:\program files\spyremover pro\SS_BHR.ini (Rogue.SpyRemover) -> No action taken.
c:\documents and settings\localservice\local settings\Temp\BN1E.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\local settings\Temp\BN2B.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\local settings\Temp\BN2C.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\local settings\Temp\BN3A.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\local settings\Temp\BN3C.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\local settings\Temp\BN3E.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\local settings\Temp\BN43.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN13.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN14.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN16.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN18.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN19.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN1C.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN20.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN21.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN22.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN24.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN25.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN35.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN36.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN37.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\Wittec\local settings\Temp\BN38.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\nicsk32.sys (Rootkit.Agent) -> No action taken.
c:\documents and settings\Wittec\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

[glov]

mám z toho viru rozhašenej celej počítač, nejhorší je to po restartu, asi po 2-3 hodinách se to detekování Avastu trochu uklidní, ale padá mi skoro všechno co spustím, i než se dostanu sem na forum, tak mi prohlížeč 10x spadne... ICQ se nerozjede...

[memphisto]

nemusíš ho vypínat,ale na test Combofixem jo!


. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[glov]

Tady je ten log, ráno udělám Combofix

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2413
Windows 5.1.2600 Service Pack 2

13.7.2009 4:01:59
mbam-log-2009-07-13 (04-01-59).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Objektu skenováno: 233725
Uplynulý cas: 4 hour(s), 20 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 10
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 1
Infikované soubory: 37

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyRemoverPro (Rogue.SpyRemover) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
c:\program files\SpyRemover Pro (Rogue.SpyRemover) -> Quarantined and deleted successfully.

Infikované soubory:
c:\documents and settings\Wittec\Wittec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wittec\local settings\Temp\~TM2B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wittec\nabídka start\Programy\po spuštění\rncsys32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\alwil software\avast4\data\moved\ati64si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
d:\Utils\acdsee 32 v2.4\ACDSee32 2.4 keymaker.exe (Trojan.Downloader) -> Not selected for removal.
c:\program files\spyremover pro\News.html (Rogue.SpyRemover) -> Quarantined and deleted successfully.
c:\program files\spyremover pro\SpyRemover Pro_Startup.txt (Rogue.SpyRemover) -> Quarantined and deleted successfully.
c:\program files\spyremover pro\SS_BHR.ini (Rogue.SpyRemover) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temp\BN2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temp\BN3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temp\BN3C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temp\BN3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temp\BN43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN36.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN37.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\wittec\local settings\temp\BN38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nicsk32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wittec\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Delete on reboot.

[glov]

tady je Combofix

ComboFix 09-07-12.03 - Wittec 13.07.2009 5:32.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.102 [GMT 2:00]
Spuštěný z: c:\documents and settings\Wittec\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090712-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KSI32SK
-------\Legacy_NETSIK


((((((((((((((((((((((((( Soubory vytvořené od 2009-06-13 do 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-12 20:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 20:41 . 2009-07-12 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 20:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 20:40 . 2009-07-12 20:40 3561752 ----a-w- C:\mbam-setup.exe
2009-07-12 19:05 . 2009-07-12 19:05 -------- d-----w- C:\HijackThis
2009-07-12 19:05 . 2009-07-12 19:05 318369 ----a-w- C:\HijackThis.zip
2009-07-12 16:54 . 2009-07-12 16:54 8815552 ----a-w- C:\windows-kb890830-v2.11.exe
2009-07-12 12:07 . 2009-07-12 12:08 -------- d-----w- c:\program files\trend micro
2009-07-12 12:07 . 2009-07-12 12:08 -------- d-----w- C:\rsit
2009-07-12 12:06 . 2009-07-12 12:06 781909 ----a-w- C:\RSIT.exe
2009-07-11 16:50 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-11 16:50 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-11 16:50 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-11 16:49 . 2009-07-12 07:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-11 16:49 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-11 16:49 . 2009-07-12 07:39 -------- d-----w- c:\program files\Spyware Doctor
2009-07-11 16:47 . 2009-07-11 16:47 23975456 ----a-w- C:\sdstart.exe
2009-07-11 15:46 . 2009-07-11 15:46 -------- d-----w- c:\program files\CCleaner
2009-07-11 15:45 . 2009-07-11 15:45 3252640 ----a-w- C:\ccsetup221.exe
2009-07-11 15:41 . 2009-07-11 15:41 102400 ----a-w- C:\T-Cleaner.exe
2009-06-22 08:26 . 2009-06-22 08:26 -------- d-----w- C:\Mark_Twain_Dobrodruzstvi_Hucka_Finna
2009-06-22 07:19 . 2009-06-22 07:19 -------- d-----w- C:\Twark
2009-06-22 00:27 . 2009-06-22 00:27 -------- d-----w- C:\ruska
2009-06-15 20:32 . 2009-06-15 20:32 -------- d-----w- c:\program files\DVD Decrypter
2009-06-15 20:31 . 2009-06-15 20:31 899414 ----a-w- C:\SetupDVDDecrypter_3.5.4.0.exe
2009-06-14 13:19 . 1999-04-23 20:22 151552 ----a-w- c:\windows\system32\MSOSS.DLL
2009-06-13 23:19 . 2009-06-15 13:44 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-06-13 23:19 . 2009-06-15 13:44 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-06-13 23:19 . 2009-06-15 13:44 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-06-13 22:01 . 2009-06-13 22:01 58646 ----a-w- C:\colin2g.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 02:24 . 2007-05-19 13:06 -------- d-----w- c:\program files\ICQToolbar
2009-07-05 02:22 . 2007-05-19 13:14 -------- d-----w- c:\program files\Sonique
2009-06-14 13:19 . 2007-05-24 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 09:30 . 2009-06-11 08:47 -------- d-----w- c:\program files\ICQ6.5
2009-06-11 09:01 . 2008-07-02 13:45 -------- d-----w- c:\program files\ICQ6
2009-06-09 16:39 . 2009-02-13 15:07 -------- d-----w- c:\program files\Softonic_English_TC
2009-06-04 13:17 . 2008-10-09 21:06 -------- d-----w- c:\program files\MediaCoder
2009-05-07 15:44 . 2002-09-20 16:04 345088 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:53 . 2002-09-20 16:05 660480 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:53 . 2007-05-19 22:20 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-19 20:11 . 2002-09-20 15:41 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 08:03 . 2001-10-25 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-04-17 08:03 . 2001-10-25 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-04-15 15:18 . 2002-09-20 16:04 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSof0.dll" [2009-06-09 2094616]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
2009-06-09 16:45 2094616 ----a-w- c:\program files\Softonic_English_TC\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSof0.dll" [2009-06-09 2094616]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "c:\program files\Softonic_English_TC\tbSof0.dll" [2009-06-09 2094616]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2007-05-19 44832]
"Centrum.cz Notifikátor"="c:\program files\NetCentrum\Notifikator\Notifikator.exe" [2007-05-19 606720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-30 77824]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\hry\\Age Of Empires\\EMPIRESX.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\hry\\HaD 2\\HD2_SabreSquadron.exe"=
"d:\\hry\\Age of Empires II\\empires2.exe"=
"d:\\hry\\Age of Empires II\\age2_x1.exe"=
"c:\\Program Files\\BearShare Pro\\Bearshare.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\hry\\HaD 2\\HD2DS_SabreSquadron.exe"=
"d:\\hry\\HaD 2\\hd2.exe"=
"c:\\Program Files\\UFOAI-2.2.1\\ufo.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11.7.2009 18:50 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.4.2008 11:35 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2008 11:35 20560]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [25.10.2001 14:00 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 19:31 42000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11.7.2009 18:49 348752]
.
Obsah adresáře 'Naplánované úlohy'

2007-09-15 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8181818958.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
HKCU-Run-Steam - (no file)
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {A6CA5EF1-ED0F-45AF-8E18-B92864CF6310} = 195.128.203.2,195.128.203.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Wittec\Data aplikací\Mozilla\Firefox\Profiles\w8vifg4j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Softonic_English_TC Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2040441&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 05:48
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Celkový čas: 2009-07-13 5:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-13 03:54

Před spuštěním: 4 694 069 248
Po spuštění: 4 841 390 080

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

195 --- E O F --- 2009-06-10 14:00