Tema: virus por msn
Ver Mensaje Individual
  post #6 (permalink)  
Antiguo 27/02/08, 15:05:10
alexis_ve alexis_ve está offline
Usuario
  
Registrado: feb 2008
Ubicación: argentina
Mensajes: 6
Sonrisa Re: virus por msn
Hice todo lo que me dijiste.El reporte del Malwarebytes' Anti-Malware es el siguiente:

Malwarebytes' Anti-Malware 1.05
Versión de la Base de Datos: 416

Tipo de examen : Examen Completo (A:\|C:\|D:\|)
Objetos examinados: 105451
Tiempo transcurrido: 13 minute(s), 39 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 69
Valores del Registro Infectados: 5
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 26

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\ Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Archivos de programa\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.v ir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.s cr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.



El reporte del SDFix.exe es el siguiente:


SDFix: Version 1.148

Run by JONATAN on 27/02/2008 at 16:49

Microsoft Windows XP [Versión 5.1.2600]
Running From: C:\DOCUME~1\JONATAN\ESCRIT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted





Removing Temp Files

ADS Check :

C:\WINDOWS
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
WINDOWS: deleted 0 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 16:52:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:6e206277
"s2"=dword:9c7336f8
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ac,60,6c,60,79,74,dc,23,35,20,bb,f9,26 ,e9,2b,28,20,0a,26,e6,ef,..
"p0"="C:\Archivos de programa\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"khjeh"=hex:66,fe,8c,ec,0a,e8,c8,94,41,e5,e3,fd,13 ,04,2c,3d,a6,80,8e,cd,87,..
"a0"=hex:20,01,00,00,63,17,4c,06,a8,ef,6f,d3,9f,0e ,7b,82,95,30,99,49,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42]
"khjeh"=hex:10,ea,8d,48,7e,00,5d,e5,35,b7,6c,2e,b8 ,a1,8f,ee,78,a6,e6,18,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43]
"khjeh"=hex:66,44,85,23,13,03,14,2c,19,98,60,f1,9b ,9c,89,f5,78,1d,bf,10,ad,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ac,60,6c,60,79,74,dc,23,35,20,bb,f9,26 ,e9,2b,28,20,0a,26,e6,ef,..
"p0"="C:\Archivos de programa\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,fe,8c,ec,0a,e8,c8,94,41,e5,e3,fd,13 ,04,2c,3d,a6,80,8e,cd,87,..
"a0"=hex:20,01,00,00,63,17,4c,06,a8,ef,6f,d3,9f,0e ,7b,82,95,30,99,49,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42]
"khjeh"=hex:10,ea,8d,48,7e,00,5d,e5,35,b7,6c,2e,b8 ,a1,8f,ee,78,a6,e6,18,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43]
"khjeh"=hex:66,44,85,23,13,03,14,2c,19,98,60,f1,9b ,9c,89,f5,78,1d,bf,10,ad,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\BitTorrent_DNA\\dna.exe"="C:\\Archivos de programa\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTor rent DNA"
"D:\\Documentos de joni\\Descargas ares\\Torrent\\BitTorrent\\bittorrent.exe"="D:\\Do cumentos de joni\\Descargas ares\\Torrent\\BitTorrent\\bittorrent.exe:*:Enable d:BitTorrent"
"C:\\Archivos de programa\\BitTorrent\\bittorrent.exe"="C:\\Archivo s de programa\\BitTorrent\\bittorrent.exe:*:Enabled:Bit Torrent"
"D:\\Juegos Joni\\ultimo pro\\PES2008.exe"="D:\\Juegos Joni\\ultimo pro\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"D:\\Juegos Joni\\Crysis\\juego\\Bin32\\Crysis.exe"="D:\\Juego s Joni\\Crysis\\juego\\Bin32\\Crysis.exe:*:Enabled:C rysis_32"
"D:\\Juegos Joni\\Crysis\\juego\\Bin32\\CrysisDedicatedServer. exe"="D:\\Juegos Joni\\Crysis\\juego\\Bin32\\CrysisDedicatedServer. exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\JONATAN\ESCRIT~1\SDFix\backups\backups .zip

Files with Hidden Attributes :

Tue 12 Jun 2007 213,293 A.SH. --- "C:\Documents and Settings\JONATAN\Datos de programa\7z.dll"
Tue 12 Jun 2007 59,418 A.SHR --- "C:\Documents and Settings\JONATAN\Datos de programa\7z.exe"
Fri 9 Feb 2007 386,630 A.SHR --- "C:\Documents and Settings\JONATAN\Datos de programa\wunauclt.zip"
Thu 27 Jun 1996 83,520 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PCDLIB.DLL"
Thu 27 Jun 1996 2,336 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PCDXBMP.DLL"
Thu 27 Jun 1996 36,976 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PHOTO.DLL"
Thu 27 Jun 1996 1,038,112 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50BAS.DLL"
Thu 27 Jun 1996 120,192 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50BMP.DLL"
Thu 27 Jun 1996 48,320 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50CBT.DLL"
Thu 27 Jun 1996 328,288 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50CMP.DLL"
Thu 27 Jun 1996 83,296 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50DLG.DLL"
Thu 27 Jun 1996 18,880 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50DOS.DLL"
Thu 27 Jun 1996 171,136 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50FLT.DLL"
Thu 27 Jun 1996 65,472 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50JPG.DLL"
Thu 13 Dec 2001 188,224 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50LNL.DLL"
Thu 27 Jun 1996 43,616 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50MM.DLL"
Thu 27 Jun 1996 47,520 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50NET.EXE"
Thu 27 Jun 1996 176,088 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50RCR.DLL"
Thu 27 Jun 1996 713,696 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50RUN.EXE"
Thu 27 Jun 1996 119,008 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50UTL.DLL"
Thu 27 Jun 1996 57,728 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50WIN.DLL"
Thu 27 Jun 1996 12,352 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TBLOAD.EXE"
Wed 11 Feb 1998 55,808 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\voice32.dll"
Thu 9 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 17 Jul 2007 1,824,648 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0430282f 2bf1ec57c42b1f57f6d61a29\BIT34C.tmp"
Mon 16 Jul 2007 2,303,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0f371b32 3f6d6a7a2edf7796ad531854\BIT47C.tmp"
Mon 16 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\302e0d5b 85d3f962e1987493dc5d679a\BIT275.tmp"
Tue 17 Jul 2007 1,271,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3fa9cf83 149bfaaf6b5cc816631a3987\BIT11C.tmp"
Tue 17 Jul 2007 640,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5816d9cc 046a67540201dd8fb4b4b279\BIT6.tmp"
Mon 16 Jul 2007 518,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a480698 0940e8f88638af5558753593\BITF.tmp"
Tue 17 Jul 2007 544,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f665087 142eabdac6e73a101b60e654\BIT7.tmp"
Tue 17 Jul 2007 4,692,872 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b5d43cb 5483991b3e0ca9650ffff5c3\BITE.tmp"
Thu 28 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9b57123f 34b36d78301160a5473d6135\BIT3.tmp"
Mon 16 Jul 2007 568,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac2e0a45 223141a46f81bedd3b9f192a\BIT16C.tmp"
Tue 17 Jul 2007 1,607,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3958dae 49728da026def65195c3aa84\BIT8.tmp"
Tue 17 Jul 2007 792,888 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b9b86da3 572751e60098fe1626d3a89a\BIT521.tmp"
Tue 17 Jul 2007 902,456 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6062a2b 7ad73a3b90ab048fdb80f48f\BIT4.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4878a18 7565d10d360502f64c0bf9b8\BIT10.tmp"
Tue 17 Jul 2007 582,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e62973c0 21403938dc26bb4b31008e0d\BIT5.tmp"
Mon 16 Jul 2007 3,147,576 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1a57820 c5945cd21c25ee55f39f3d90\BIT481.tmp"
Tue 17 Jul 2007 1,830,280 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f4a915cf fb8101d320f17a94bff8fa38\BIT9.tmp"

Finished!


Espero q ahora este todo bien,y sino espero q me sigan ayudando.Una pregunta ahora activo el restaurar sistema no?otra vez muchas gracias