vi attacco il log finale per chi ne capisce qualcosa, il mio problema è questo il pc è diventato instabile, capita che si spenga e poi si riavvia da solo windows installer non funziona più e non riesco nemmeno a reinstallare il servicepack 2 o 3 perchè non sono abilitato a cambiare il registro nemmeno se amministratore in modalità provvisoria...
Spero qualcuno mi possa aiutare, a mi dimenticavo non chiedetemi della consol di ripristino perchè ho detto di no e ho mandata avanti il programma
C'è niente che posso fare??? Rimetto il disco GHOST e riparto da zero?
mandoil LOG diviso in due parti non sapendo come allegare il file
- Codice: Seleziona tutto
ComboFix 09-10-20.03 - Luca 21/10/2009 9.51.24.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.952 [GMT 2:00]
Eseguito da: c:\documents and settings\Palmina\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
C:\InfoSat.txt
c:\programmi\AskSearch\bin\DeFAultsearch.dll
c:\recycler\S-1-5-21-1390067357-746137067-839522115-1003
c:\recycler\S-1-5-21-1784787723-2839902967-2910414889-1003
c:\windows\Installer\14e10.msi
c:\windows\Installer\14e1c.msi
c:\windows\Installer\14e22.msi
c:\windows\Installer\2eacc.msi
c:\windows\Installer\2f3ee8.msi
c:\windows\Installer\720aa.msi
c:\windows\Installer\7313f.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\sstray.exe
c:\windows\system32\wservice.exe
D:\AUTORUN.INF
((((((((((((((((((((((((( Files Creati Da 2009-09-21 al 2009-10-21 )))))))))))))))))))))))))))))))))))
2009-10-21 07:05 . 2009-10-21 07:05 -------- d-----w- c:\documents and settings\Palmina\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2009-10-21 07:04 . 2009-10-21 07:04 -------- d-----w- c:\documents and settings\Palmina\Impostazioni locali\Dati applicazioni\Mozilla
2009-10-20 20:41 . 2009-10-20 20:41 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2009-10-20 14:21 . 2009-10-20 15:45 -------- d-----w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Identities
2009-10-19 14:28 . 2009-05-15 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-10-18 16:20 . 2009-10-19 15:22 -------- d-----w- C:\$AVG8.VAULT$
2009-10-18 16:15 . 2009-10-18 16:15 -------- d-----w- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2009-10-18 16:04 . 2009-10-18 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-18 16:04 . 2009-10-18 16:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-18 16:04 . 2009-10-18 16:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-18 16:04 . 2009-10-20 21:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-18 16:04 . 2009-10-18 16:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2009-10-18 16:04 . 2009-10-18 16:04 -------- d-----w- c:\programmi\AVG
2009-10-18 16:04 . 2009-10-18 16:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-18 15:49 . 2009-10-18 16:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-18 12:00 . 2009-10-18 12:00 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-10-18 12:00 . 2009-10-18 12:00 -------- d-----w- c:\programmi\Radeon Omega Drivers
2009-10-06 17:12 . 2009-10-06 17:12 -------- d-----w- c:\programmi\Empire Interactive
2009-10-03 05:48 . 2009-10-07 18:28 -------- d-----w- c:\programmi\X Plugin Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 15:42 . 2009-03-16 14:32 -------- d-----w- c:\programmi\EGOSOFT
2009-10-19 14:09 . 2008-07-22 00:36 -------- d-----w- c:\programmi\ATI Technologies
2009-10-19 12:26 . 2009-03-30 12:11 -------- d-----w- c:\programmi\SEGA
2009-10-19 08:52 . 2008-07-22 15:36 71816 ----a-w- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-18 17:06 . 2008-07-24 12:12 -------- d-----w- c:\programmi\DAEMON Tools
2009-10-18 13:44 . 2009-07-16 16:37 -------- d-----w- c:\programmi\File comuni\ATI Technologies
2009-10-18 12:23 . 2008-07-22 00:36 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-02 17:00 . 2009-06-09 08:20 -------- d-----w- c:\programmi\Microsoft Games
2009-09-12 09:35 . 2008-08-24 16:33 86000 ----a-w- c:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-12 09:35 . 2009-09-12 09:35 -------- d--h--r- c:\documents and settings\Franco\Dati applicazioni\SecuROM
2009-09-12 08:41 . 2008-09-17 12:46 -------- d-----w- c:\programmi\Electronic Arts
2009-09-12 08:40 . 2009-09-12 08:40 -------- d-----w- c:\programmi\AGEIA Technologies
2009-09-12 08:40 . 2009-09-12 08:40 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-09-12 07:03 . 2009-09-12 07:03 -------- d-----w- c:\programmi\DeepSilver
2009-09-10 09:43 . 2009-09-10 09:37 -------- d-----w- c:\programmi\Attack on Pearl Harbor
2009-09-05 14:51 . 2009-09-05 14:51 -------- d-----w- c:\programmi\MilkShape 3D 1.8.4
2009-09-05 14:48 . 2009-09-05 14:48 -------- d-----w- c:\programmi\%discreet%
2009-09-05 14:48 . 2008-07-24 12:07 724992 ----a-w- c:\windows\iun6002.exe
2009-08-28 06:56 . 2009-08-28 06:56 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\CyberLink
2009-08-27 09:30 . 2009-08-27 09:30 -------- d-----w- c:\programmi\JoWooD
2009-08-26 14:12 . 2008-10-23 11:43 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-31 19:27 . 2009-07-31 19:03 46356 ----a-w- c:\windows\unins001.dat
2009-07-31 19:03 . 2009-07-31 19:03 687602 ----a-w- c:\windows\unins001.exe
2009-07-23 15:30 . 2009-06-04 14:24 12460 ----a-w- c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 68856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IW ControlCenter"="c:\programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 836096]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-05 393728]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-18 2025752]
"BluetoothAuthenticationAgent"="irprops.cpl" - c:\windows\system32\irprops.cpl [2008-04-13 380928]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-03-18 4608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-24 113664]
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
EPSON SMART PANEL for Scanner.lnk - c:\programmi\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2008-7-24 180224]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-18 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"=
"c:\\Programmi\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Programmi\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 14.46.06 63352]
R1 atitray;atitray;c:\programmi\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [18/10/2009 14.01.14 17952]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/10/2009 18.04.42 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/10/2009 18.04.42 108552]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [22/07/2008 2.49.30 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [22/07/2008 2.49.30 187392]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [18/10/2009 18.04.04 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/10/2009 18.04.04 297752]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [22/07/2008 2.49.26 64000]
R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader;c:\windows\system32\drivers\scrccid.sys [22/07/2008 2.49.29 47100]
S2 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [22/07/2008 2.49.26 13824]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [24/07/2008 14.56.13 1527900]
S3 gsplittm;gsplittm;\??\c:\docume~1\Luca\IMPOST~1\Temp\gsplittm.sys --> c:\docume~1\Luca\IMPOST~1\Temp\gsplittm.sys [?]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [22/07/2008 2.49.29 181875]
.
.
------- Scansione supplementare -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
FF - ProfilePath - c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\ivvw1r6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
URLSearchHooks-*{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-OEM-Reset - (no file)
HKLM-Run-WService - WService.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 10:09
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\Microsoft\Internet Explorer\Default MHTML Editor\shell]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\Microsoft\PerfVis\Settings\Default]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,38,7e,2d,aa,12,68,ed,a6,03,15,5a,17,e6,22,d4,ae,42,e9,ab,8b,66,d8,
8b,5b,5b,42,68,77,56,45,07,69,d7,bf,21,a3,e9,a3,e5,45,ae,3d,a4,0e,3d,d8,eb,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
[HKEY_USERS\S-1-5-21-1654513398-3152344497-1130559075-1005\Software\SecuROM\License information*]
"datasecu"=hex:9c,72,2d,9d,b1,a9,e6,5e,cd,f5,db,77,b3,62,60,02,7b,05,67,35,b8,
24,23,af,76,8b,4d,bd,83,48,a3,86,02,ad,8b,b3,45,6f,64,cf,8a,8d,b3,7f,0f,c0,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
@DACL=(02 0000)
@SACL=
"ComponentID"="Director"
"IsInstalled"="1,01,00,00,00"
"Version"="8,5,1,102"
"Locale"="EN"
@="Macromedia Shockwave Director 8.5.1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
@DACL=(02 0000)
@SACL=
"ComponentID"="Director"
"IsInstalled"="1,01,00,00,00"
"Version"="8,5,1,102"
"Locale"="EN"
@="Macromedia Shockwave Director 8.5.1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}]
@DACL=(02 0000)
@SACL=
@="Q822925"
"IsInstalled"=dword:00000001
"Version"="6,0,2800,1226"
"ComponentID"="Q822925"
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
@SACL=
@="Microsoft DirectX"
"Versione"=hex:04,00,09,00,00,00,85,03
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
@DACL=(02 0000)
@SACL=
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
@DACL=(02 0000)
@SACL=
@="Q330994"
"IsInstalled"=dword:00000001
"Version"="6,0,2800,1165"
"ComponentID"="Q330994"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\ieupdate\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\oeupdate\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2]
@DACL=(02 0000)
@SACL=
"fdwSupport"=dword:00000001
"cFormatTags"=dword:00000002
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,02,04,00,00,14,00,00,00
"cFilterTags"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\dasetup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Direct3D\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"Name"="IKernel.exe"
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectDraw\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"Name"="IKernel.exe"
"ID"=dword:3d40686c
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPModemModem]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider del servizio modem DirectPlay8"
"GUID"="{6D4A3650-628D-11D2-AE0F-006097B01411}"
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPModemSerial]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider del servizio modem DirectPlay8"
"GUID"="{743B5D60-628D-11D2-AE0F-006097B01411}"
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPWinsockIPX]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider di servizi IPX DirectPlay8"
"GUID"="{53934290-628D-11D2-AE0F-006097B01411}"
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Service Providers\DPNSPWinsockTCP]
@DACL=(02 0000)
@SACL=
"Friendly Name"="Provider di servizi TCP/IP DirectPlay8"
"GUID"="{EBFE7BA0-628D-11D2-AE0F-006097B01411}"
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveFirewallMappingsV6]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\Certificates]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CRLs]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CTLs]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\HTMLHelp]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{167701E3-FDCF-11D0-A48E-006097C549FF}]
@DACL=(02 0000)
@SACL=
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{970C7E08-05A7-11D0-89AA-00A0C9054129}]
@DACL=(02 0000)
@SACL=
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\ActiveX Compatibility\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}]
@DACL=(02 0000)
@SACL=
"Compatibility Flags"=dword:00000400
"AlternateCLSID"="{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Application Compatibility]
@DACL=(02 0000)
@SACL=
"HelpCtr.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wpl]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.Set"="yes"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllExclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllInclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimExclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimInclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D7E9C0B4-0E4D-46B4-BC46-1D0222F92C6F}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffc
"AutoInsert"=dword:00000001
"Name"="Seamless Audio DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{E5A8C40E-654B-44D4-ACBB-DBE6D3B3333B}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffd
"AutoInsert"=dword:00000001
"Name"="Volume Normalization DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{FB02E8EF-ACFE-4CC0-96DF-8B5C7098272C}]
@DACL=(02 0000)
@SACL=
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Time Compression DMO"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services]
@DACL=(02 0000)
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Installed Versions]
@DACL=(02 0000)
@SACL=
"wmp.dll"=hex:00,00,09,00,97,11,00,00
"wmploc.dll"=hex:00,00,09,00,97,11,00,00
"wmplayer.exe"=hex:00,00,09,00,97,11,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllInclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MessengerService\Add-Ins]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MessengerService\Clients]
@DACL=(02 0000)
@SACL=
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\MessengerService\Policies]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MM20]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\Components]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:00000007
"Permissions"=dword:00000001
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
@DACL=(02 0000)
@SACL=
"Extension.Handler"="WMP.DVR-MSFile"
"MediaType.Icon"="c:\\Programmi\\Windows Media Player\\wmplayer.exe,-120"
"MediaType.Description"="Programma TV registrato Microsoft"
"MediaType.DescriptionID"="9927"
"ReplaceApps"="wmplayer.exe"
"Runtime"=dword:00000007
"Permissions"=dword:0000000f
"AlreadyRegistered"="yes"
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.nsc]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:00000006
"Permissions"=dword:00000001
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.png]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000b
"Permissions"=dword:00000001
"PerceivedType"="image"
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.swf]
@DACL=(02 0000)
@SACL=
"Runtime"=dword:0000000a
"Permissions"=dword:00000001
"ReplaceApps"="*.*"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.wmp]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
@DACL=(02 0000)
@SACL=
"Extension.Handler"="WPLFile"
"Runtime"=dword:00000003
"Permissions"=dword:0000000f
"MediaType.Description"="Elenco di riproduzione di Windows Media"
"MediaType.DescriptionID"="9923"
"MediaType.Icon"="c:\\WINDOWS\\system32\\wmploc.dll,-616"
"Extension.MIME"="application/vnd.ms-wpl"
"ReplaceApps"="wmplayer.exe|mplayer2.exe"
"MCIHandler"="MPEGVideo"
"AlreadyRegistered"="yes"
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
@DACL=(02 0000)
@SACL=
"Extensions.CommaSep"="wpl"
"Extensions.SpaceSep"=".wpl"
"Extension.Key"=".wpl"
"ReplaceApps"="wmplayer.exe"
"CLSID"="{cd3afa95-b84f-48f0-9393-7edc34128127}"
"AlreadyRegistered"="yes"
"UserApprovedOwning"="yes"
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\MIME Types\vvideo/x-ms-wmp]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\WMPlayer\Schemes]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Office]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\RAS AutoDial]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Sysprep]
@DACL=(02 0000)
@SACL=
"SidsGenerated"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C]
@DACL=(02 0000)
@SACL=
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,10,9f,1c,ae,d6,45,bb,78,b3,ea,
2b,94,c0,69,7c,74,07,33,03,1c,0f,00,00,00,01,00,00,00,10,00,00,00,05,85,87,\
[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\ROOT\Certificates\74CDD21C2F1D104F8940DFFE7E6F035756E2F5D0]
@DACL=(02 0000)
@SACL=
"Blob"=hex:14,00,00,00,01,00,00,00,14,00,00,00,d9,cf,ea,0f,a4,af,d8,0b,23,67,
95,bf,ea,dd,d6,35,5f,e7,75,6e,04,00,00,00,01,00,00,00,10,00,00,00,0c,19,2a,\
[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\TrustedPublisher]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\WBEM\PROVIDERS\Logging]
@DACL=(02 0000)
"Logging"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Empires Dawn of the Modern World]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,d0,ef,02,00,00,00,00,ff,ff,ff,
ff,ff,ff,ff,ff,06,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Flight Simulator 9.0]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,b0,4e,b3,00,00,00,00,88,1f,4c,
f3,55,47,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IL-2 Sturmovik]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,f0,76,00,00,00,00,06,68,16,
9b,33,4f,ca,01,0e,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,3b,b3,00,00,00,00,1c,0c,d6,
f9,cf,11,ca,01,0b,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MilkShape 3D 1.8.4]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,06,01,00,00,00,00,ca,c3,57,
2d,69,30,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PEARLHIT_is1]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,be,31,00,00,00,00,b8,79,ea,
5b,df,4f,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PunkBusterSvc]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Radeon Omega Drivers for Windows XP/2kv4.8.442]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,5a,05,00,00,00,00,d8,c5,32,
0f,eb,4f,ca,01,06,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Space Empires V_is1]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,30,8c,2e,00,00,00,00,3e,3e,77,
92,a8,46,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wudf01000]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\X Plugin Manager]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,61,01,00,00,00,00,3a,e4,ac,
20,e9,4f,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{000E79B7-E725-4F01-870A-C12942B7F8E4}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,00,50,d3,8c,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{25F28E39-FDBB-11DB-8314-0800200C9A66}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,78,bd,1c,00,00,00,00,5a,9f,4b,
01,a5,4d,ca,01,06,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{35CB6715-41F8-4F99-8881-6FC75BF054B0}]
@DACL=(02 0000)
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,f0,a0,16,01,00,00,00,66,8d,c4,
82,a7,0b,ca,01,10,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
SEGUE
