Condividi:        

problema combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

problema combofix

Postdi doctor_cbf » 21/10/09 15:23

Ciao ragazzi, chiedo aiuto, ho ricevuto con emule un piccolo file che ho aperto sul portatile e mi ha installato bagle in una delle sue varianti, la storia la sapete, perfarla breve uso una schedina per attaccare il discofisso del portatile al pc di mio figlio, e faccio partire gli antivirus, l'ultimo è stato combofix, pensavo fosse come elibagle che permette di scegliere il disco fisso su cui fare lo scan, invece parte e comincia a lavorare sul C di mio figlio e alla fine elimina delle cose e blocca delle altre.

vi attacco il log finale per chi ne capisce qualcosa, il mio problema è questo il pc è diventato instabile, capita che si spenga e poi si riavvia da solo windows installer non funziona più e non riesco nemmeno a reinstallare il servicepack 2 o 3 perchè non sono abilitato a cambiare il registro nemmeno se amministratore in modalità provvisoria... :(
Spero qualcuno mi possa aiutare, a mi dimenticavo non chiedetemi della consol di ripristino perchè ho detto di no e ho mandata avanti il programma :oops:

C'è niente che posso fare??? Rimetto il disco GHOST e riparto da zero?
mandoil LOG diviso in due parti non sapendo come allegare il file
Codice: Seleziona tutto
ComboFix 09-10-20.03 - Luca 21/10/2009  9.51.24.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1535.952 [GMT 2:00]
Eseguito da: c:\documents and settings\Palmina\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
C:\InfoSat.txt
c:\programmi\AskSearch\bin\DeFAultsearch.dll
c:\recycler\S-1-5-21-1390067357-746137067-839522115-1003
c:\recycler\S-1-5-21-1784787723-2839902967-2910414889-1003
c:\windows\Installer\14e10.msi
c:\windows\Installer\14e1c.msi
c:\windows\Installer\14e22.msi
c:\windows\Installer\2eacc.msi
c:\windows\Installer\2f3ee8.msi
c:\windows\Installer\720aa.msi
c:\windows\Installer\7313f.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\sstray.exe
c:\windows\system32\wservice.exe
D:\AUTORUN.INF
(((((((((((((((((((((((((   Files Creati Da 2009-09-21 al 2009-10-21  )))))))))))))))))))))))))))))))))))
2009-10-21 07:05 . 2009-10-21 07:05   --------   d-----w-   c:\documents and settings\Palmina\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2009-10-21 07:04 . 2009-10-21 07:04   --------   d-----w-   c:\documents and settings\Palmina\Impostazioni locali\Dati applicazioni\Mozilla
2009-10-20 20:41 . 2009-10-20 20:41   --------   d-----w-   c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2009-10-20 14:21 . 2009-10-20 15:45   --------   d-----w-   c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Identities
2009-10-19 14:28 . 2009-05-15 19:05   593920   ------w-   c:\windows\system32\ati2sgag.exe
2009-10-18 16:20 . 2009-10-19 15:22   --------   d-----w-   C:\$AVG8.VAULT$
2009-10-18 16:15 . 2009-10-18 16:15   --------   d-----w-   c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2009-10-18 16:04 . 2009-10-18 16:04   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-10-18 16:04 . 2009-10-18 16:04   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-10-18 16:04 . 2009-10-18 16:04   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-10-18 16:04 . 2009-10-20 21:59   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-10-18 16:04 . 2009-10-18 16:12   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2009-10-18 16:04 . 2009-10-18 16:04   --------   d-----w-   c:\programmi\AVG
2009-10-18 16:04 . 2009-10-18 16:04   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-18 15:49 . 2009-10-18 16:04   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-10-18 12:00 . 2009-10-18 12:00   472576   ----a-w-   c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-10-18 12:00 . 2009-10-18 12:00   --------   d-----w-   c:\programmi\Radeon Omega Drivers
2009-10-06 17:12 . 2009-10-06 17:12   --------   d-----w-   c:\programmi\Empire Interactive
2009-10-03 05:48 . 2009-10-07 18:28   --------   d-----w-   c:\programmi\X Plugin Manager
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 15:42 . 2009-03-16 14:32   --------   d-----w-   c:\programmi\EGOSOFT
2009-10-19 14:09 . 2008-07-22 00:36   --------   d-----w-   c:\programmi\ATI Technologies
2009-10-19 12:26 . 2009-03-30 12:11   --------   d-----w-   c:\programmi\SEGA
2009-10-19 08:52 . 2008-07-22 15:36   71816   ----a-w-   c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-18 17:06 . 2008-07-24 12:12   --------   d-----w-   c:\programmi\DAEMON Tools
2009-10-18 13:44 . 2009-07-16 16:37   --------   d-----w-   c:\programmi\File comuni\ATI Technologies
2009-10-18 12:23 . 2008-07-22 00:36   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2009-10-02 17:00 . 2009-06-09 08:20   --------   d-----w-   c:\programmi\Microsoft Games
2009-09-12 09:35 . 2008-08-24 16:33   86000   ----a-w-   c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-12 09:35 . 2009-09-12 09:35   --------   d--h--r-   c:\documents and settings\Franco\Dati applicazioni\SecuROM
2009-09-12 08:41 . 2008-09-17 12:46   --------   d-----w-   c:\programmi\Electronic Arts
2009-09-12 08:40 . 2009-09-12 08:40   --------   d-----w-   c:\programmi\AGEIA Technologies
2009-09-12 08:40 . 2009-09-12 08:40   --------   d-----w-   c:\programmi\File comuni\Wise Installation Wizard
2009-09-12 07:03 . 2009-09-12 07:03   --------   d-----w-   c:\programmi\DeepSilver
2009-09-10 09:43 . 2009-09-10 09:37   --------   d-----w-   c:\programmi\Attack on Pearl Harbor
2009-09-05 14:51 . 2009-09-05 14:51   --------   d-----w-   c:\programmi\MilkShape 3D 1.8.4
2009-09-05 14:48 . 2009-09-05 14:48   --------   d-----w-   c:\programmi\%discreet%
2009-09-05 14:48 . 2008-07-24 12:07   724992   ----a-w-   c:\windows\iun6002.exe
2009-08-28 06:56 . 2009-08-28 06:56   --------   d-----w-   c:\documents and settings\Luca\Dati applicazioni\CyberLink
2009-08-27 09:30 . 2009-08-27 09:30   --------   d-----w-   c:\programmi\JoWooD
2009-08-26 14:12 . 2008-10-23 11:43   43520   ----a-w-   c:\windows\system32\CmdLineExt03.dll
2009-07-31 19:27 . 2009-07-31 19:03   46356   ----a-w-   c:\windows\unins001.dat
2009-07-31 19:03 . 2009-07-31 19:03   687602   ----a-w-   c:\windows\unins001.exe
2009-07-23 15:30 . 2009-06-04 14:24   12460   ----a-w-   c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58   1107200   ----a-w-   c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 68856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IW ControlCenter"="c:\programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 836096]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-05 393728]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-18 2025752]
"BluetoothAuthenticationAgent"="irprops.cpl" - c:\windows\system32\irprops.cpl [2008-04-13 380928]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-03-18 4608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-24 113664]
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
EPSON SMART PANEL for Scanner.lnk - c:\programmi\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2008-7-24 180224]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-18 16:04   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"=
"c:\\Programmi\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Programmi\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 14.46.06 63352]
R1 atitray;atitray;c:\programmi\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [18/10/2009 14.01.14 17952]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/10/2009 18.04.42 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/10/2009 18.04.42 108552]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [22/07/2008 2.49.30 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [22/07/2008 2.49.30 187392]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [18/10/2009 18.04.04 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/10/2009 18.04.04 297752]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [22/07/2008 2.49.26 64000]
R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader;c:\windows\system32\drivers\scrccid.sys [22/07/2008 2.49.29 47100]
S2 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [22/07/2008 2.49.26 13824]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [24/07/2008 14.56.13 1527900]
S3 gsplittm;gsplittm;\??\c:\docume~1\Luca\IMPOST~1\Temp\gsplittm.sys --> c:\docume~1\Luca\IMPOST~1\Temp\gsplittm.sys [?]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [22/07/2008 2.49.29 181875]
.
.
------- Scansione supplementare -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
FF - ProfilePath - c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\ivvw1r6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-*{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-OEM-Reset - (no file)
HKLM-Run-WService - WService.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 10:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\Microsoft\Internet Explorer\Default MHTML Editor\shell]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\Microsoft\PerfVis\Settings\Default]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,38,7e,2d,aa,12,68,ed,a6,03,15,5a,17,e6,22,d4,ae,42,e9,ab,8b,66,d8,
   8b,5b,5b,42,68,77,56,45,07,69,d7,bf,21,a3,e9,a3,e5,45,ae,3d,a4,0e,3d,d8,eb,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18

[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\SecuROM\License information*]
"datasecu"=hex:9c,72,2d,9d,b1,a9,e6,5e,cd,f5,db,77,b3,62,60,02,7b,05,67,35,b8,
   24,23,af,76,8b,4d,bd,83,48,a3,86,02,ad,8b,b3,45,6f,64,cf,8a,8d,b3,7f,0f,c0,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
@DACL=(02 0000)
@SACL=
"ComponentID"="Director"
"IsInstalled"="1,01,00,00,00"
"Version"="8,5,1,102"
"Locale"="EN"
@="Macromedia Shockwave Director 8.5.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
@DACL=(02 0000)
@SACL=
"ComponentID"="Director"
"IsInstalled"="1,01,00,00,00"
"Version"="8,5,1,102"
"Locale"="EN"
@="Macromedia Shockwave Director 8.5.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}]
@DACL=(02 0000)
@SACL=
@="Q822925"
"IsInstalled"=dword:00000001
"Version"="6,0,2800,1226"
"ComponentID"="Q822925"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
@SACL=
@="Microsoft DirectX"
"Versione"=hex:04,00,09,00,00,00,85,03

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
@DACL=(02 0000)
@SACL=
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
@DACL=(02 0000)
@SACL=
@="Q330994"
"IsInstalled"=dword:00000001
"Version"="6,0,2800,1165"
"ComponentID"="Q330994"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\ieupdate\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\oeupdate\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2]
@DACL=(02 0000)
@SACL=
"fdwSupport"=dword:00000001
"cFormatTags"=dword:00000002
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,02,04,00,00,14,00,00,00
"cFilterTags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\dasetup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Direct3D\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"Name"="IKernel.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectDraw\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"Name"="IKernel.exe"
"ID"=dword:3d40686c

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPModemModem]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider del servizio modem DirectPlay8"
"GUID"="{6D4A3650-628D-11D2-AE0F-006097B01411}"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPModemSerial]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider del servizio modem DirectPlay8"
"GUID"="{743B5D60-628D-11D2-AE0F-006097B01411}"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPWinsockIPX]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider di servizi IPX DirectPlay8"
"GUID"="{53934290-628D-11D2-AE0F-006097B01411}"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPWinsockTCP]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider di servizi TCP/IP DirectPlay8"
"GUID"="{EBFE7BA0-628D-11D2-AE0F-006097B01411}"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveFirewallMappingsV6]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\Certificates]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CRLs]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CTLs]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\HTMLHelp]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{167701E3-FDCF-11D0-A48E-006097C549FF}]
@DACL=(02 0000)
@SACL=
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{970C7E08-05A7-11D0-89AA-00A0C9054129}]
@DACL=(02 0000)
@SACL=
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}]
@DACL=(02 0000)
@SACL=
"Compatibility Flags"=dword:00000400
"AlternateCLSID"="{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Application Compatibility]
@DACL=(02 0000)
@SACL=
"HelpCtr.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wpl]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllExclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllInclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimExclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimInclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D7E9C0B4-0E4D-46B4-BC46-1D0222F92C6F}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffc
"AutoInsert"=dword:00000001
"Name"="Seamless Audio DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{E5A8C40E-654B-44D4-ACBB-DBE6D3B3333B}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffd
"AutoInsert"=dword:00000001
"Name"="Volume Normalization DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{FB02E8EF-ACFE-4CC0-96DF-8B5C7098272C}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Time Compression DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services]
@DACL=(02 0000)
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Installed Versions]
@DACL=(02 0000)
@SACL=
"wmp.dll"=hex:00,00,09,00,97,11,00,00
"wmploc.dll"=hex:00,00,09,00,97,11,00,00
"wmplayer.exe"=hex:00,00,09,00,97,11,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllInclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MessengerService\Add-Ins]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MessengerService\Clients]
@DACL=(02 0000)
@SACL=
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\MessengerService\Policies]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MM20]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\Components]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:00000007
"Permissions"=dword:00000001
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
@DACL=(02 0000)
@SACL=
"Extension.Handler"="WMP.DVR-MSFile"
"MediaType.Icon"="c:\\Programmi\\Windows Media Player\\wmplayer.exe,-120"
"MediaType.Description"="Programma TV registrato Microsoft"
"MediaType.DescriptionID"="9927"
"ReplaceApps"="wmplayer.exe"
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"AlreadyRegistered"="yes"
"UserApprovedOwning"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.nsc]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:00000006
"Permissions"=dword:00000001
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.png]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.swf]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000a
"Permissions"=dword:00000001
"ReplaceApps"="*.*"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.wmp]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
@DACL=(02 0000)
@SACL=
"Extension.Handler"="WPLFile"
"Runtime"=dword:00000003
"Permissions"=dword:0000000f
"MediaType.Description"="Elenco di riproduzione di Windows Media"
"MediaType.DescriptionID"="9923"
"MediaType.Icon"="c:\\WINDOWS\\system32\\wmploc.dll,-616"
"Extension.MIME"="application/vnd.ms-wpl"
"ReplaceApps"="wmplayer.exe|mplayer2.exe"
"MCIHandler"="MPEGVideo"
"AlreadyRegistered"="yes"
"UserApprovedOwning"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
@DACL=(02 0000)
@SACL=
"Extensions.CommaSep"="wpl"
"Extensions.SpaceSep"=".wpl"
"Extension.Key"=".wpl"
"ReplaceApps"="wmplayer.exe"
"CLSID"="{cd3afa95-b84f-48f0-9393-7edc34128127}"
"AlreadyRegistered"="yes"
"UserApprovedOwning"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\MIME Types\vvideo/x-ms-wmp]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Schemes]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Office]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\RAS AutoDial]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Sysprep]
@DACL=(02 0000)
@SACL=
"SidsGenerated"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C]
@DACL=(02 0000)
@SACL=
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,10,9f,1c,ae,d6,45,bb,78,b3,ea,
   2b,94,c0,69,7c,74,07,33,03,1c,0f,00,00,00,01,00,00,00,10,00,00,00,05,85,87,\

[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\ROOT\Certificates\74CDD21C2F1D104F8940DFFE7E6F035756E2F5D0]
@DACL=(02 0000)
@SACL=
"Blob"=hex:14,00,00,00,01,00,00,00,14,00,00,00,d9,cf,ea,0f,a4,af,d8,0b,23,67,
   95,bf,ea,dd,d6,35,5f,e7,75,6e,04,00,00,00,01,00,00,00,10,00,00,00,0c,19,2a,\

[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\TrustedPublisher]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\WBEM\PROVIDERS\Logging]
@DACL=(02 0000)
"Logging"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Empires Dawn of the Modern World]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,d0,ef,02,00,00,00,00,ff,ff,ff,
   ff,ff,ff,ff,ff,06,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Flight Simulator 9.0]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,b0,4e,b3,00,00,00,00,88,1f,4c,
   f3,55,47,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IL-2 Sturmovik]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
   00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,f0,76,00,00,00,00,06,68,16,
   9b,33,4f,ca,01,0e,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,3b,b3,00,00,00,00,1c,0c,d6,
   f9,cf,11,ca,01,0b,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MilkShape 3D 1.8.4]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,06,01,00,00,00,00,ca,c3,57,
   2d,69,30,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PEARLHIT_is1]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,be,31,00,00,00,00,b8,79,ea,
   5b,df,4f,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PunkBusterSvc]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
   00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Radeon Omega Drivers for Windows XP/2kv4.8.442]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,5a,05,00,00,00,00,d8,c5,32,
   0f,eb,4f,ca,01,06,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Space Empires V_is1]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,30,8c,2e,00,00,00,00,3e,3e,77,
   92,a8,46,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wudf01000]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
   00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\X Plugin Manager]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,61,01,00,00,00,00,3a,e4,ac,
   20,e9,4f,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{000E79B7-E725-4F01-870A-C12942B7F8E4}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,00,50,d3,8c,00,00,00,00,00,00,00,
   00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{25F28E39-FDBB-11DB-8314-0800200C9A66}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,78,bd,1c,00,00,00,00,5a,9f,4b,
   01,a5,4d,ca,01,06,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{35CB6715-41F8-4F99-8881-6FC75BF054B0}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,f0,a0,16,01,00,00,00,66,8d,c4,
   82,a7,0b,ca,01,10,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000


SEGUE
doctor_cbf
Newbie
 
Post: 1
Iscritto il: 21/10/09 15:11

Sponsor
 

Re: problema combofix

Postdi hydra » 22/10/09 07:13

Quando devi inserire dei log usa il tag CODE: viewtopic.php?f=1&t=79667

Sposto in sezione adatta.
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis

Re: problema combofix

Postdi shel » 22/10/09 10:00

ciao

scarica

http://dc108.4shared.com/download/75022 ... 1-de3379fb


Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt


Controlla qui ====> http://www.virustotal.com/it/

il file segnalato in rosso e posta il risultato

c:\docume~1\Luca\IMPOST~1\Temp\gsplittm.sys


Scaricati elibagla:

http://www.zonavirus.com/datos/descarga ... ibagla.asp

Ti sposti in fondo alla pagina e clicca sul bottone descarger elibagla

Salva il file sul desktop

Doppio click sull'icona per avviare il programma:

Metti il segno di spunta a eliminar ficheros automaticamente e clicca sul bottone Explorar.

Al termine della scansione, comunque sia andata, dovrai riavviare il pc.

Al riavvio, dovresti trovare il log C:\InfoSat.txt.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56


Torna a Sicurezza e Privacy


Topic correlati a "problema combofix":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9
Problema Tiktok
Autore: Fra_rey
Forum: Discussioni
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 91 ospiti