ed ecco il log di combofix
ComboFix 10-06-10.04 - Luigi 11/06/2010 15.42.36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2037.1632 [GMT 2:00]
Eseguito da: c:\documents and settings\Luigi\Documenti\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0057005C-0069-006E-5300-780053005C00}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\RelevantKnowledge
c:\programmi\RelevantKnowledge\install.rdf
c:\programmi\RelevantKnowledge\MSVCP71.DLL
c:\programmi\RelevantKnowledge\MSVCR71.DLL
c:\programmi\RelevantKnowledge\rloci.bin
c:\windows\exefld
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\unins000.exe
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
-------\Legacy_SROSA
-------\Service_ICF
-------\Service_srosa
((((((((((((((((((((((((( Files Creati Da 2010-05-11 al 2010-06-11 )))))))))))))))))))))))))))))))))))
.
2010-06-11 11:31 . 2010-06-11 11:31 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-11 11:30 . 2010-06-11 11:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-11 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 09:31 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-11 09:18 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-11 09:17 . 2010-06-11 09:17 -------- d-----w- c:\programmi\Panda Security
2010-06-11 09:13 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-11 09:13 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-11 09:13 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-11 09:13 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-11 09:13 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-11 09:13 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-11 09:13 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-11 09:12 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-11 09:12 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\programmi\Alwil Software
2010-06-11 09:12 . 2010-06-11 09:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-10 16:31 . 2010-06-10 16:31 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-06-10 16:29 . 2010-06-10 16:29 -------- d-----w- c:\programmi\Microsoft
2010-06-10 15:52 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-10 14:39 . 2010-06-10 14:39 -------- d-----w- c:\documents and settings\HelpAssistant\Impostazioni locali\Dati applicazioni\Microangelo Toolset 6
2010-06-10 14:39 . 2010-06-10 14:39 -------- d-----w- c:\documents and settings\HelpAssistant\Impostazioni locali\Dati applicazioni\Macromedia
2010-06-10 14:39 . 2010-06-10 14:39 -------- d-----w- c:\documents and settings\HelpAssistant\Impostazioni locali\Dati applicazioni\IsolatedStorage
2010-06-10 14:39 . 2010-06-10 14:39 -------- d-----w- c:\documents and settings\HelpAssistant\Impostazioni locali\Dati applicazioni\Identities
2010-06-10 14:39 . 2010-06-10 14:39 -------- d-----w- c:\documents and settings\HelpAssistant\Impostazioni locali\Dati applicazioni\HP
2010-06-10 14:39 . 2010-06-10 14:39 -------- d-----w- c:\documents and settings\HelpAssistant\Impostazioni locali\Dati applicazioni\Help
2010-06-07 18:35 . 2010-06-10 12:00 -------- d-----w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\vortbkl
2010-06-07 18:34 . 2010-06-07 18:34 50981 ----a-w- c:\windows\system32\sbhryqduvxvit.exe
2010-06-07 18:34 . 2010-06-07 18:34 -------- d-----w- c:\programmi\$NtUninstallWTF1012$
2010-06-07 18:33 . 2010-06-07 18:34 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\8BCDD3AAC06E20C3BD22DD50F82550A1
2010-05-29 19:14 . 2010-05-29 19:14 3177 ----a-w- c:\windows\mozver.dat
2010-05-23 17:16 . 2010-05-23 17:16 -------- d-----w- c:\documents and settings\Luigi\.android
2010-05-22 15:54 . 2010-05-22 17:40 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Pro Cycling Manager 2007 - Demo
2010-05-22 15:50 . 2010-05-22 15:50 -------- d-----w- c:\programmi\Cyanide
2010-05-17 16:40 . 2010-05-17 16:40 -------- d-----w- c:\programmi\mp3DirectCut
2010-05-17 16:36 . 2010-05-17 16:36 -------- d-----w- C:\video_output
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 13:06 . 2009-03-26 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-06-11 10:30 . 2009-04-22 11:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-11 10:21 . 2004-08-19 12:00 85132 ----a-w- c:\windows\system32\perfc010.dat
2010-06-11 10:21 . 2004-08-19 12:00 492266 ----a-w- c:\windows\system32\perfh010.dat
2010-06-10 21:31 . 2009-10-21 15:50 -------- d-----w- c:\programmi\EasyPHP5.3.0
2010-06-10 20:55 . 2007-03-24 20:45 -------- d-----w- c:\programmi\File comuni\HP
2010-06-10 20:40 . 2010-01-21 14:27 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-06-10 16:31 . 2010-01-14 14:31 -------- d-----w- c:\programmi\Windows Live
2010-06-05 21:02 . 2009-11-06 16:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 19:02 . 2009-12-19 13:22 -------- d-----w- c:\programmi\FreeTime
2010-06-05 13:51 . 2009-11-16 19:38 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-31 12:37 . 2010-02-07 16:43 -------- d-----w- c:\programmi\NoteWorthy Composer
2010-05-17 16:34 . 2009-03-18 18:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\GetRightToGo
2010-05-07 17:52 . 2006-08-25 18:23 -------- d-----w- c:\programmi\Google
2010-05-06 10:32 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-19 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 18:47 . 2005-11-21 12:36 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-28 18:45 . 2010-04-28 18:41 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\Audacity
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-04-28 18:28 . 2010-04-28 18:28 -------- d-----w- c:\programmi\DVDVideoSoft
2010-04-20 05:30 . 2004-08-19 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 16:38 . 2010-04-18 15:25 -------- d-----w- c:\programmi\Notation
2010-04-18 15:17 . 2010-04-18 15:17 -------- d-----w- c:\documents and settings\Luigi\Dati applicazioni\MusE
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-06 18:30 . 2010-06-10 14:38 103752 ----a-w- c:\documents and settings\HelpAssistant\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-06 18:30 . 2005-11-23 14:09 103752 ----a-w- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-02 15:10 . 2009-03-13 17:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-02 15:10 . 2010-04-02 15:10 152576 ----a-w- c:\documents and settings\Luigi\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-14 14:38 . 2010-02-21 12:53 540 ---ha-w- C:\os501435.bin
2004-03-11 12:27 . 2005-11-21 13:16 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-04-02 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\HelpAssistant\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\Luigi\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-11-18 495432]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-10 17:27 136176 ----atw- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3130:TCP"= 3130:TCP:Services
"4760:TCP"= 4760:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6757:TCP"= 6757:TCP:Services
"6758:TCP"= 6758:TCP:Services
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/06/2010 11.18.24 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/06/2010 11.13.44 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/06/2010 11.13.45 19024]
S3 {F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6};\??\c:\windows\TEMP\18B.tmp --> c:\windows\TEMP\18B.tmp [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe --> c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [27/06/2006 20.33.50 39048]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/06/2010 13.30.41 38224]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [15/02/2007 22.53.58 544768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
2010-06-11 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 12:18]
2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004Core.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]
2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1979792683-725345543-1004UA.job
- c:\documents and settings\Luigi\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-10 17:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Notify-AtiExtEvent - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-11 15:51
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8991778A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> ntkrnlpa.exe @ 0x80586e11
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x8997d8a0
PacketIndicateHandler -> NDIS.sys @ 0xb9e50a21
SendHandler -> NDIS.sys @ 0xb9e2e87b
copy of MBR has been found in sector 0x098A7FEC
malicious code @ sector 0x098A7FEF !
PE file found in sector at 0x098A8005 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{F2AFBF83-1FF8-4D1A-972AEEFC33F0B0B6}]
"ImagePath"="\??\c:\windows\TEMP\18B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1123561945-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05C0C8D3-6C60-76D2-3CD5-73FE41BA2C09}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oappkbkogpgodacjgmcpebdghpkfho"=hex:64,61,6d,62,64,6b,6b,67,00,85
"oalabhcdohdmcfekapmmcijakpcmgk"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02
"nabbdglchlaccopkdgkmmbdkdgbl"=hex:6a,61,70,62,65,6a,6e,6a,65,6c,68,6d,65,6d,
6d,6b,63,67,63,64,00,02
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-11 15:59:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-11 13:59
Pre-Run: 11.368.353.792 byte disponibili
Post-Run: 11.536.883.712 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"
- - End Of File - - 942E59A20D2CE95B44A8E184EADFB506