Blog Registrarse Manuales Programas Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar Problemas con mensajes que llegan del msn (Solucionado)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
Página 1 de 3 1 23
 
Enviar a: Herramientas
  post #1  
Antiguo 18/09/08, 00:22:43
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Malware Problemas con mensajes que llegan del msn (Solucionado)
BUENO MI PROBLEMA ES EL SIGUIENTE CADA VES QUE ESTOY EN EL MSN ME LLEGAN MENSAJES CON MSN EXTRAÑOS QUE NO TENGO AGREGADOS A MI MSN Y Y ME SALE UNA VENTANA QUE DICE QUE SI ACEPTO ESE MENSAJE Y CUANDO LE DOY ACEPTAR ME SALE LA VENTANA DEL MSN CON PALABRAS EN INGLES Y CON UNA DIRECCION DE PAGINA WEB ENTRE LOS MENSAJES QUE ME LLAGAN ESTA EL DE "MIRA ESTA ANIMACION DE BUSCH" PERO ES MUY SEGUIDO AVECES CADA 5 MINUTOS.

BUENO MI SISTEMA OPERATIVO ES WINDOWS XP
TENGO DE ANTIVIRUS EL AVAST
TENGO EL SUPER-ANTISPYWARE
DE LIMPIADOR TENGO EL RegSeeker
TENGO EL COMBOFIX PERO NO SE QUE LE PASA CADA VES Q LO ABRO NO ME RESPONDE Y NO SE ABRE NADA

:: Help::
Responder Con Cita
InfoSpyware

  post #2  
Antiguo 18/09/08, 00:45:58
Avatar de Anleg_30
Warrior
  
Registrado: dic 2007
Ubicación: B@rc3l0n@ - Venezuela
Mensajes: 5.755
Re: Problemas con mensajes que llegan del msn
Que tal ramsay,

No debes aceptar links ni archivos de contactos que no conoscas.

A.-Descarga y descomprime el archivo MsnCleaner.zip
B.-Descarga e instala SDFix@AndyMachesta+Manuall
1.-Desactiva restaurar sistema
2.-Entra en modo seguro
  • Utilizar el programa MSNCleaner.exe de la siguiente manera:
    • Ejecutar el archivo MSNCleaner.exe
    • Haz Clic en el botón Analizar, Si se detecta algún archivo nocivo, se activará el botón Eliminar
    • Seleccionar las opciones "Eliminar archivos temporales" y "Restaurar el archivo Hosts"
    • Haz Clic en el botón Eliminar
  • Ejecuta SDFix@AndyMachesta como indica su manual:
Código:
  1. Abra la carpeta C:\SDFix y hágale doble-clic sobre el archivo "RunThis.bat" 

.
    2. 

  2.  En la pantalla en modo MS-DOS (modo con símbolo del sistema), teclea "Y" (Yes) para empezar la ejecución del programa. Aparecerá una ventana mostrando los siguientes textos:

    Please wait...
"Checking Running Processes"
"Checking Running Services"
    3. 

  3.  Cuando haya terminado, presiona cualquier tecla para reiniciar  nota: Notarás que el sistema tardará algo más en reiniciar. Esto es normal.
    4. 

  4.  Espera unos minutos para completar la desinfeccion, Por último, aparecerá la ventana "The FixTool has finished".Presiona cualquier tecla para finalizar el script
    5. 

  5. ubica el reporte "report.txt" en la carpeta C:\SDFix y lo pegas aqui
    6.
3.-Reiniciar en modo normal y ejecuta el CCcleaner <Leer_manual>en su modo de limpiador y luego en la opcion de registro (realizando su respectiva copia de seguridad)

C.-Realiza un Scan Online con el Panda ActiveScan+Manualy pega el reporte que genere envolviendolo con la etiqueta CODE #

Regresa con los reportes e indicame como esta el paciente

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #3  
Antiguo 18/09/08, 03:01:27
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Re: Problemas con mensajes que llegan del msn
buenas noches. amigo en la carpeta de SDFix habian tres bloc de notas que decian asi
el 1er bloc de nota decia "REPORT"

SDFix: Version 1.226
Run by Rafael y Saidy on 2008-09-18 at 01:20

Microsoft Windows XP [Versión 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

El 2do bloc de nota decia "W2K_VirusAlert_Repair" y como estaba en bloc de nota y decia eso de virus me imagien que tenia que ver algo en esto. ESTE ES EL REPORTE:

; This .inf file will remove Policy restrictions added by the VirusAlert infection

[Version]
Signature="$Windows NT$"

[DefaultInstall]
DelReg=RemoveRestrictions

[RemoveRestrictions]
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoSetFolders"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoSetFolders"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoStartMenuMorePrograms"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoStartMenuMorePrograms"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoToolbarCustomize"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoToolbarCustomize"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","StartMenuLogoff"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","StartMenuLogoff"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableCMD"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableCMD"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableRegistryTools"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableRegistryTools"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableTaskMgr"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableTaskMgr"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispCPL"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispCPL"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispBackgroundPage"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispBackgroundPage"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispScrSavPage"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispScrSavPage"
HKCU, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
HKLM, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
HKCU, "Software\Policies\Microsoft\Windows\system","Disa bleCMD"
HKLM, "Software\Policies\Microsoft\Windows\system","Disa bleCMD"

y el 3er bloc de nota decias asi " XP_VirusAlert_Repair" Y tambien lo pegue aqui por lo mismo pues como decia algo de virus pense que tenia que ver:

; This .inf file will remove Policy restrictions added by the VirusAlert
; infection and restore the default start menu icons and drive settings

[Version]
Signature="$Windows NT$"

[DefaultInstall]
DelReg=RemoveRestrictions
AddReg=ResetRegChanges

[ResetRegChanges]
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowControlPanel,0x10001,0x00 000002
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowHelp,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyComputer,0x10001,0x0000 0002
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyDocs,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyMusic,0x10001,0x0000000 1
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyPics,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowNetPlaces,0x10001,0x00000 001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowRun,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowSearch,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer,NoDrives,0x10001,0x00000000

[RemoveRestrictions]
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoSetFolders"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoSetFolders"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoStartMenuMorePrograms"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoStartMenuMorePrograms"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoToolbarCustomize"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoToolbarCustomize"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","StartMenuLogoff"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","StartMenuLogoff"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableCMD"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableCMD"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableRegistryTools"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableRegistryTools"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableTaskMgr"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableTaskMgr"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispCPL"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispCPL"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispBackgroundPage"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispBackgroundPage"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispScrSavPage"
HKLM, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispScrSavPage"
HKCU, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
HKLM, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
HKCU, "Software\Policies\Microsoft\Windows\system","Disa bleCMD"
HKLM, "Software\Policies\Microsoft\Windows\system","Disa bleCMD"
Última edición por ramsay fecha: 18/09/08 a las 03:30:10. Razón: colocar reporte
Responder Con Cita
  post #4  
Antiguo 18/09/08, 05:32:39
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Malware Re: Problemas con mensajes que llegan del msn
Es una prueba.........
Responder Con Cita
  post #5  
Antiguo 18/09/08, 05:42:16
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Malware Re: Problemas con mensajes que llegan del msn
TENGO PROBLEMAS PARA ENVIARTE TODO EL REPORTE QUE ME SALIO LUEGO DE A VER REINICIADO LA PC CUANDO ME SALIO EL CUADRO AZUL DE MS-DOS ME DEJO UN REPORTE EN UN BLOC DE NOTA LA CUAL NO ME PERMITE PEGARLO TODO Y ME ARROJA UN ERROR DE QUE TENGO QUE AGREGAR MAS DE 10 CARACTERES SON LAS 04:17 AM Y TODAVIA ESTOY INTENTANDO PEGARLO LA UNICA SOLUCION QUE ME DIO UN COLOBARADOR FUE QUE LO PEGARA EN VARIAS PARTES Y ESO ES LO QUE VOY HACER OK...
Responder Con Cita
  post #6  
Antiguo 18/09/08, 05:44:16
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Malware Re: Problemas con mensajes que llegan del msn
1RA PARTE DEL REPORTE:

SDFix: Version 1.226
Run by Rafael y Saidy on 2008-09-18 at 01:20

Microsoft Windows XP [Versión 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found




Folder C:\Documents and Settings\Rafael y Saidy\Datos de programa\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w .redtube.com - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 01:43:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{3FDF25EE-E592-4495-8391-6E9C504DAC2B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\WMSET10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\wmset10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{60204BB3-7078-4F70-8F69-68297621941C}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{60204BB3-7078-4F70-8F69-68297621941C}\MPSTUB10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{60204BB3-7078-4F70-8F69-68297621941C}\mpstub10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\MPCD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\mpcd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{DD90D410-1823-43EB-9A16-A2331BF08799}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPa ckages\{DD90D410-1823-43EB-9A16-A2331BF08799}\WMP10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\Register edPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SideBySide\Installations\x86_Microsoft. Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\Codebases\U_KB923191]
"Prompt"="Archivos de origen Windows XP KB923191"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SideBySide\Installations\x86_Microsoft. Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\Files\0]
@="comctl32.dll"
"SHA1"=hex:b5,77,9b,e0,b8,8d,6d,b8,4d,89,0c,4c,f6, 46,93,8e,3a,9c,50,9a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SideBySide\Installations\x86_Microsoft. Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\References]
"U_KB923191"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SideBySide\Installations\x86_policy.6.0 .Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ef752e68\Codebases\U_KB923191]
"Prompt"="Archivos de origen Windows XP KB923191"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SideBySide\Installations\x86_policy.6.0 .Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ef752e68\References]
"U_KB923191"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.mpe\OpenWithProgids]
"mpegfile"=hex(0):
"RealPlayer.MPEG.6"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Streams\Desktop]
"Upgrade"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved\{B6E71C25-AA7D-6238-8C90-0695A8B06DDD}]
"ialkdoennajkffoihk"=hex:6a,61,63,64,6b,63,67,69,6 a,68,6d,65,67,61,69,61,66,70,6e,68,00,..
"hafgfnjgnejnofnn"=hex:6a,61,63,64,6a,63,6e,69,65, 69,6d,6f,69,62,6f,66,6c,6e,65,6e,00,..
"hamhnjgjhiejfaca"=hex:66,61,61,65,6e,70,6f,70,6f, 66,68,6a,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell \Bags\1\Desktop]
"Mode"=dword:00000001
"ScrollPos1024x768(1).x"=dword:00000000
"ScrollPos1024x768(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,fd,df,df,fd,0f,..
"ItemPos1024x768(1)"=hex:00,00,00,00,00,00,00,00,0 0,00,00,00,00,00,00,00,65,00,00,00,02,..
"FFlags"=dword:00000224
"ScrollPos800x600(1).x"=dword:00000000
"ScrollPos800x600(1).y"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0]
"NodeSlot"=dword:00000006

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0]
"NodeSlot"=dword:00000001
"MRUListEx"=hex:02,00,00,00,00,00,00,00,01,00,00,0 0,ff,ff,ff,ff
"0"=hex:1e,00,71,2d,00,00,00,00,00,00,00,00,00,00, 80,a2,27,22,ea,3a,69,..
"1"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00, 36,b7,11,e2,fd,43,d1,..
"2"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00, c7,ac,07,70,02,32,d1,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\0]
"NodeSlot"=dword:00000007
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\1]
"NodeSlot"=dword:00000008
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\0\2]
"NodeSlot"=dword:00000009
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\1]
"0"=hex:5c,00,31,00,00,00,00,00,3e,34,2e,bf,11,00, 4d,49,53,49,4d,47,7e,..
"MRUListEx"=hex:00,00,00,00,02,00,00,00,01,00,00,0 0,ff,ff,ff,ff
"NodeSlot"=dword:00000019
"1"=hex:58,00,31,00,00,00,00,00,27,38,d6,bc,11,00, 4d,49,53,56,44,45,7e,..
"2"=hex:56,00,31,00,00,00,00,00,27,38,11,a4,11,00, 4d,49,4d,53,49,43,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\1\0]
"0"=hex:56,00,31,00,00,00,00,00,41,34,3d,1f,11,00, 49,4d,47,45,4e,45,7e,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:000000a0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\1\0\0]
"NodeSlot"=dword:00000005
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\1\1]
"NodeSlot"=dword:000000a1
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\1\2]
"NodeSlot"=dword:000000a2
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:48,00,31,00,00,00,00,00,3e,34,70,bf,10,00, 4d,59,50,4c,41,59,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\1\2\0]
"NodeSlot"=dword:000000a3
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2]
"NodeSlot"=dword:0000000a
"MRUListEx"=hex:01,00,00,00,02,00,00,00,00,00,00,0 0,0b,00,00,00,04,00,00,00,0a,..
"0"=hex:58,00,31,00,00,00,00,00,28,38,0b,96,11,00, 41,52,43,48,49,56,7e,..
"1"=hex:5c,00,31,00,00,00,00,00,27,38,b4,aa,10,00, 44,4f,43,55,4d,45,7e,..
"2"=hex:3c,00,31,00,00,00,00,00,32,38,cc,84,30,00, 57,49,4e,44,4f,57,53,..
"3"=hex:40,00,31,00,00,00,00,00,3f,34,5c,3c,30,00, 56,41,4c,55,45,41,44,..
"4"=hex:40,00,31,00,00,00,00,00,00,00,00,00,10,00, 44,4f,43,55,4d,45,7e,..
"5"=hex:36,00,31,00,00,00,00,00,27,38,18,a8,10,00, 42,6f,6f,6b,73,00,22,..
"6"=hex:3c,00,31,00,00,00,00,00,3f,34,5c,3c,30,00, 53,55,50,50,4f,52,54,..
"7"=hex:3c,00,31,00,00,00,00,00,27,38,b9,aa,30,00, 53,57,54,4f,4f,4c,53,..
"8"=hex:34,00,31,00,00,00,00,00,27,38,d7,aa,30,00, 49,33,38,36,00,00,20,..
"9"=hex:3c,00,31,00,00,00,00,00,28,38,96,20,30,00, 64,72,69,76,65,72,73,..
"10"=hex:40,00,31,00,00,00,00,00,28,38,e1,92,13,20 ,4d,53,4f,43,61,63,68,..
"11"=hex:46,00,31,00,00,00,00,00,42,38,f1,a8,12,00 ,43,6f,6e,66,69,67,2e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0]
"NodeSlot"=dword:0000000b
"MRUListEx"=hex:09,00,00,00,18,00,00,00,17,00,00,0 0,12,00,00,00,16,00,00,00,05,..
"0"=hex:46,00,31,00,00,00,00,00,3e,34,29,bf,10,00, 4d,4f,56,49,45,4d,7e,..
"1"=hex:58,00,31,00,00,00,00,00,27,38,af,a5,10,00, 57,49,4e,44,4f,57,7e,..
"2"=hex:50,00,31,00,00,00,00,00,2d,38,63,88,10,00, 41,52,43,48,49,56,7e,..
"3"=hex:44,00,31,00,00,00,00,00,32,38,f7,73,10,00, 42,49,54,54,4f,52,7e,..
"4"=hex:d1,00,31,00,00,00,00,00,32,38,f2,73,10,00, 44,4e,41,00,1e,00,03,..
"5"=hex:34,00,31,00,00,00,00,00,32,38,4b,8d,10,00, 52,65,61,6c,00,00,20,..
"6"=hex:34,00,31,00,00,00,00,00,32,38,10,54,10,00, 41,72,65,73,00,00,20,..
"7"=hex:3a,00,31,00,00,00,00,00,32,38,b7,95,10,00, 47,6f,6f,67,6c,65,00,..
"8"=hex:4e,00,31,00,00,00,00,00,32,38,25,92,10,00, 4d,4f,5a,49,4c,4c,7e,..
"9"=hex:36,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 43,68,61,6d,69,00,22,..
"10"=hex:4c,00,31,00,00,00,00,00,27,38,bc,b1,10,00 ,41,4c,57,49,4c,53,7e,..
"11"=hex:5a,00,31,00,00,00,00,00,27,38,76,a7,10,00 ,44,49,53,4b,45,45,7e,..
"12"=hex:3a,00,31,00,00,00,00,00,3a,38,45,64,10,00 ,57,69,6e,52,41,52,00,..
"13"=hex:44,00,31,00,00,00,00,00,3e,34,2c,bf,10,00 ,4e,45,54,4d,45,45,7e,..
"14"=hex:44,00,31,00,00,00,00,00,3e,34,f7,be,10,00 ,57,49,4e,44,4f,57,7e,..
"15"=hex:48,00,31,00,00,00,00,00,27,38,53,a6,10,00 ,54,48,49,4e,4b,56,7e,..
"16"=hex:36,00,31,00,00,00,00,00,2d,38,33,88,10,00 ,41,64,6f,62,65,00,22,..
"17"=hex:48,00,31,00,00,00,00,00,2d,38,25,65,10,00 ,57,49,31,46,38,36,7e,..
"18"=hex:40,00,31,00,00,00,00,00,46,38,6c,41,10,00 ,56,69,64,65,6f,4c,41,..
"19"=hex:4c,00,31,00,00,00,00,00,27,38,53,a5,10,00 ,41,4e,41,4c,4f,47,7e,..
"20"=hex:7c,00,31,00,00,00,00,00,27,38,53,a6,12,00 ,49,4e,53,54,41,4c,7e,..
"21"=hex:40,00,31,00,00,00,00,00,36,38,77,3a,10,00 ,4c,61,76,61,73,6f,66,..
"22"=hex:36,00,31,00,00,00,00,00,27,38,4e,a6,10,00 ,53,6f,6e,69,63,00,22,..
"23"=hex:4a,00,31,00,00,00,00,00,3e,34,3a,bf,12,00 ,57,49,4e,44,4f,57,7e,..
"24"=hex:36,00,31,00,00,00,00,00,3f,34,62,00,10,00 ,78,65,72,6f,78,00,22,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\0]
"NodeSlot"=dword:0000000c
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\1]
"NodeSlot"=dword:0000000d
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\10]
"NodeSlot"=dword:00000052
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3a,00,31,00,00,00,00,00,27,38,c3,b1,10,00, 41,76,61,73,74,34,00,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\10\0]
"NodeSlot"=dword:00000053
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\11]
"NodeSlot"=dword:0000007b
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,27,38,78,a7,10,00, 44,49,53,4b,45,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\11\0]
"NodeSlot"=dword:0000007c
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\12]
"NodeSlot"=dword:0000007d
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\13]
"NodeSlot"=dword:00000081
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\14]
"NodeSlot"=dword:00000082
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\15]
"NodeSlot"=dword:00000083
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\16]
"NodeSlot"=dword:000000dc
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:48,00,31,00,00,00,00,00,2d,38,60,88,10,00, 41,43,52,4f,42,41,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\16\0]
"NodeSlot"=dword:000000dd
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\17]
"NodeSlot"=dword:000000de
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,2d,38,b5,63,10,00, 4d,45,53,53,45,4e,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\17\0]
"NodeSlot"=dword:000000df
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18]
"0"=hex:30,00,31,00,00,00,00,00,46,38,78,41,10,00, 56,4c,43,00,1e,00,03,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:000000ea

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0]
"NodeSlot"=dword:000000e9
"MRUListEx"=hex:04,00,00,00,03,00,00,00,02,00,00,0 0,00,00,00,00,01,00,00,00,ff,..
"0"=hex:3c,00,31,00,00,00,00,00,46,38,75,41,10,00, 6f,73,64,6d,65,6e,75,..
"1"=hex:3a,00,31,00,00,00,00,00,46,38,75,41,10,00, 6c,6f,63,61,6c,65,00,..
"2"=hex:3c,00,31,00,00,00,00,00,46,38,73,41,10,00, 70,6c,75,67,69,6e,73,..
"3"=hex:36,00,31,00,00,00,00,00,46,38,76,41,10,00, 73,6b,69,6e,73,00,22,..
"4"=hex:34,00,31,00,00,00,00,00,46,38,76,41,10,00, 68,74,74,70,00,00,20,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\0]
"NodeSlot"=dword:000000eb
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\1]
"NodeSlot"=dword:000000ec
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\2]
"NodeSlot"=dword:000000ed
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\3]
"NodeSlot"=dword:000000ee
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\4]
"NodeSlot"=dword:000000f1
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,0 0,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,46,38,76,41,10,00, 72,65,71,75,65,73,74,..
"1"=hex:3c,00,31,00,00,00,00,00,46,38,76,41,10,00, 64,69,61,6c,6f,67,73,..
"2"=hex:3a,00,31,00,00,00,00,00,46,38,76,41,10,00, 69,6d,61,67,65,73,00,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\4\0]
"NodeSlot"=dword:000000f2
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\4\1]
"NodeSlot"=dword:000000f3
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\18\0\4\2]
"NodeSlot"=dword:000000f4
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\19]
"NodeSlot"=dword:00000102
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,f f
"0"=hex:34,00,31,00,00,00,00,00,27,38,56,a5,10,00, 43,6f,72,65,00,00,20,..
"1"=hex:40,00,31,00,00,00,00,00,27,38,54,a7,10,00, 53,6f,75,6e,64,4d,41,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\19\0]
"NodeSlot"=dword:00000103
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\19\1]
"NodeSlot"=dword:00000104
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\2]
"NodeSlot"=dword:00000014
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\20]
"NodeSlot"=dword:00000105
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\21]
"NodeSlot"=dword:00000106
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4a,00,31,00,00,00,00,00,42,38,c3,10,10,00, 41,44,2d,41,57,41,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\21\0]
"NodeSlot"=dword:00000107
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\22]
"NodeSlot"=dword:00000108
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\23]
"NodeSlot"=dword:00000109
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\24]
"NodeSlot"=dword:0000010a
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:36,00,31,00,00,00,00,00,3f,34,62,00,10,00, 6e,77,77,69,61,00,22,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\24\0]
"NodeSlot"=dword:0000010b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\3]
"NodeSlot"=dword:00000017
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\4]
"NodeSlot"=dword:0000001c
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\5]
"NodeSlot"=dword:0000001d
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:44,00,31,00,00,00,00,00,32,38,94,91,10,00, 52,45,41,4c,50,4c,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\5\0]
"NodeSlot"=dword:0000001e
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,32,38,55,95,10,00, 6c,61,6e,67,00,00,20,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\5\0\0]
"NodeSlot"=dword:00000025
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\6]
"NodeSlot"=dword:0000001f
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\7]
"NodeSlot"=dword:00000024
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\8]
"NodeSlot"=dword:00000027
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9]
"NodeSlot"=dword:00000038
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 48,54,4d,4c,2d,4b,69,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0]
"NodeSlot"=dword:00000039
"MRUListEx"=hex:05,00,00,00,00,00,00,00,02,00,00,0 0,01,00,00,00,06,00,00,00,04,..
"0"=hex:3a,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 42,61,63,6b,75,70,00,..
"1"=hex:36,00,31,00,00,00,00,00,3a,38,02,62,10,00, 43,61,63,68,65,00,22,..
"2"=hex:34,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 48,65,6c,70,00,00,20,..
"3"=hex:36,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 50,72,6f,6f,66,00,22,..
"4"=hex:30,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 42,69,6e,00,1e,00,03,..
"5"=hex:34,00,31,00,00,00,00,00,3a,38,fd,61,10,00, 44,61,74,61,00,00,20,..
"6"=hex:3c,00,31,00,00,00,00,00,3a,38,d6,61,10,00, 50,6c,75,67,69,6e,73,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\0]
"NodeSlot"=dword:0000003a
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\1]
"NodeSlot"=dword:0000003b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\2]
"NodeSlot"=dword:0000003c
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,0 0,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 4b,65,79,77,6f,72,64,..
"1"=hex:3c,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 50,72,6f,67,72,61,6d,..
"2"=hex:3c,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 43,6f,6e,74,65,6e,74,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\2\0]
"NodeSlot"=dword:00000044
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\2\1]
"NodeSlot"=dword:00000045
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\2\2]
"NodeSlot"=dword:00000046
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\3]
"NodeSlot"=dword:0000003d
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\4]
"NodeSlot"=dword:0000003e
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\5]
"NodeSlot"=dword:0000003f
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,3a,38,4b,63,10,00, 44,65,66,61,75,6c,74,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\5\0]
"NodeSlot"=dword:00000047
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,f f
"0"=hex:64,00,32,00,06,22,00,00,3a,38,a4,63,20,00, 49,52,54,52,41,4e,7e,..
"1"=hex:58,00,31,00,00,00,00,00,3a,38,2d,65,10,00, 49,52,54,52,41,4e,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\5\0\0]
"NodeSlot"=dword:00000048
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\5\0\1]
"NodeSlot"=dword:0000004c
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\6]
"NodeSlot"=dword:00000040
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,0 0,ff,ff,ff,ff
"0"=hex:30,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 42,69,6e,00,1e,00,03,..
"1"=hex:3a,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 43,6f,6e,66,69,67,00,..
"2"=hex:30,00,31,00,00,00,00,00,3a,38,d5,61,10,00, 4c,69,62,00,1e,00,03,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\6\0]
"NodeSlot"=dword:00000041
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\6\1]
"NodeSlot"=dword:00000042
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\0\9\0\6\2]
"NodeSlot"=dword:00000043
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1]
"0"=hex:42,00,31,00,00,00,00,00,27,38,ad,aa,10,00, 41,4c,4c,55,53,45,7e,..
"MRUListEx"=hex:01,00,00,00,00,00,00,00,02,00,00,0 0,03,00,00,00,ff,ff,ff,ff
"1"=hex:4c,00,31,00,00,00,00,00,27,38,b4,aa,10,00, 52,41,46,41,45,4c,7e,..
"NodeSlot"=dword:00000061
"2"=hex:4a,00,31,00,00,00,00,00,27,38,ac,aa,10,00, 41,44,4d,49,4e,49,7e,..
"3"=hex:48,00,31,00,00,00,00,00,27,38,a7,aa,12,00, 44,45,46,41,55,4c,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0]
"0"=hex:5a,00,31,00,00,00,00,00,28,38,2a,96,11,00, 4d,45,4e,49,4e,49,7e,..
"MRUListEx"=hex:02,00,00,00,00,00,00,00,01,00,00,0 0,ff,ff,ff,ff
"NodeSlot"=dword:00000062
"1"=hex:58,00,31,00,00,00,00,00,27,38,d6,bc,11,00, 44,4f,43,55,4d,45,7e,..
"2"=hex:66,00,31,00,00,00,00,00,36,38,76,3a,13,00, 44,41,54,4f,53,44,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0]
"0"=hex:56,00,31,00,00,00,00,00,28,38,18,96,11,00, 50,52,4f,47,52,41,7e,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:000000e0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0\0]
"0"=hex:6e,00,31,00,00,00,00,00,27,38,62,a6,10,00, 50,43,2d,44,4f,43,7e,..
"MRUListEx"=hex:04,00,00,00,03,00,00,00,02,00,00,0 0,01,00,00,00,00,00,00,00,ff,..
"1"=hex:4e,00,31,00,00,00,00,00,3a,38,d6,61,10,00, 48,54,4d,4c,2d,4b,69,..
"2"=hex:3a,00,31,00,00,00,00,00,00,00,00,00,10,00, 57,69,6e,52,41,52,00,..
"3"=hex:42,00,31,00,00,00,00,00,32,38,42,95,10,00, 52,65,61,6c,00,00,20,..
"4"=hex:56,00,31,00,00,00,00,00,46,38,6e,3d,10,00, 44,49,56,58,50,52,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0\0\0]
"NodeSlot"=dword:0000000e
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0\0\1]
"NodeSlot"=dword:00000049
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0\0\2]
"NodeSlot"=dword:0000004a
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0\0\3]
"NodeSlot"=dword:0000004f
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:44,00,31,00,00,00,00,00,32,38,43,95,10,00, 52,45,41,4c,50,4c,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0\0\3\0]
"NodeSlot"=dword:00000050
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\0\0\4]
"NodeSlot"=dword:000000e8
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\1]
"NodeSlot"=dword:000000c1
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2]
"NodeSlot"=dword:000000c2
"MRUListEx"=hex:06,00,00,00,05,00,00,00,04,00,00,0 0,03,00,00,00,02,00,00,00,01,..
"0"=hex:46,00,31,00,00,00,00,00,2d,38,b6,61,10,00, 57,4c,49,4e,53,54,7e,..
"1"=hex:40,00,31,00,00,00,00,00,27,38,d6,b3,10,00, 53,79,6d,61,6e,74,65,..
"2"=hex:4e,00,31,00,00,00,00,00,28,38,d3,95,10,00, 48,45,57,4c,45,54,7e,..
"3"=hex:42,00,31,00,00,00,00,00,28,38,18,96,10,00, 48,50,53,53,55,50,7e,..
"4"=hex:40,00,31,00,00,00,00,00,42,38,c3,10,10,00, 4c,61,76,61,73,6f,66,..
"5"=hex:42,00,31,00,00,00,00,00,2d,38,cb,63,14,00, 4d,49,43,52,4f,53,7e,..
"6"=hex:3c,00,31,00,00,00,00,00,47,38,48,a2,10,00, 4b,65,79,54,65,78,74,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\0]
"NodeSlot"=dword:000000c3
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\1]
"NodeSlot"=dword:000000c4
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\2]
"NodeSlot"=dword:000000c5
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\3]
"NodeSlot"=dword:000000c6
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\4]
"NodeSlot"=dword:000000c7
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:46,00,31,00,00,00,00,00,36,38,89,3a,10,00, 4d,49,4e,49,4d,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\4\0]
"NodeSlot"=dword:000000c8
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\5]
"NodeSlot"=dword:000000c9
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\0\2\6]
"NodeSlot"=dword:00000100
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1]
"0"=hex:5a,00,31,00,00,00,00,00,3e,34,49,be,11,00, 4d,45,4e,49,4e,49,7e,..
"MRUListEx"=hex:00,00,00,00,04,00,00,00,03,00,00,0 0,01,00,00,00,07,00,00,00,08,..
"1"=hex:56,00,31,00,00,00,00,00,3f,34,e2,00,12,00, 43,4f,4e,46,49,47,7e,..
"2"=hex:54,00,31,00,00,00,00,00,32,38,58,6e,13,00, 52,65,63,69,65,6e,74,..
"3"=hex:44,00,31,00,00,00,00,00,32,38,e8,86,10,00, 45,53,43,52,49,54,7e,..
"NodeSlot"=dword:00000026
"4"=hex:74,00,31,00,00,00,00,00,36,38,c2,73,11,00, 4d,49,53,44,4f,43,7e,..
"5"=hex:40,00,31,00,00,00,00,00,39,38,97,94,10,00, 43,6f,6e,74,61,63,74,..
"6"=hex:56,00,31,00,00,00,00,00,27,38,c3,aa,11,00, 46,41,56,4f,52,49,7e,..
"7"=hex:66,00,31,00,00,00,00,00,41,38,c5,4b,13,00, 44,41,54,4f,53,44,7e,..
"8"=hex:90,00,31,00,00,00,00,00,46,38,ba,3a,10,00, 52,45,41,4c,5f,4f,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0]
"NodeSlot"=dword:0000000f
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:56,00,31,00,00,00,00,00,32,38,77,6b,11,00, 50,52,4f,47,52,41,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0]
"0"=hex:48,00,31,00,00,00,00,00,3a,38,45,64,10,00, 57,69,6e,52,41,52,00,..
"MRUListEx"=hex:02,00,00,00,04,00,00,00,01,00,00,0 0,03,00,00,00,00,00,00,00,ff,..
"NodeSlot"=dword:00000065
"1"=hex:46,00,31,00,00,00,00,00,27,38,a4,a5,10,00, 41,43,43,45,53,53,7e,..
"2"=hex:58,00,31,00,00,00,00,00,3f,34,dd,00,11,00, 41,43,43,45,53,4f,7e,..
"3"=hex:4e,00,31,00,00,00,00,00,27,38,40,a6,11,00, 49,6e,69,63,69,6f,00,..
"4"=hex:48,00,31,00,00,00,00,00,27,38,18,a8,10,00, 4f,4e,4c,49,4e,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\0]
"NodeSlot"=dword:0000004b
"MRUListEx"=hex:ff,ff,ff,ff
Responder Con Cita
  post #7  
Antiguo 18/09/08, 05:46:42
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Malware Re: Problemas con mensajes que llegan del msn
2DA PARTE DEL REPORTE:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\1]
"NodeSlot"=dword:00000066
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:60,00,31,00,00,00,00,00,27,38,a4,a5,10,00, 48,45,52,52,41,4d,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\1\0]
"NodeSlot"=dword:00000067
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\2]
"NodeSlot"=dword:0000006d
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,f f
"0"=hex:5e,00,31,00,00,00,00,00,3e,34,77,bf,11,00, 41,43,43,45,53,49,7e,..
"1"=hex:62,00,31,00,00,00,00,00,32,38,8a,91,11,00, 45,4e,54,52,45,54,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\2\0]
"NodeSlot"=dword:0000006e
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\2\1]
"NodeSlot"=dword:0000006f
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\3]
"NodeSlot"=dword:00000079
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\0\0\4]
"NodeSlot"=dword:00000091
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1]
"0"=hex:52,00,31,00,00,00,00,00,32,38,10,54,12,00, 44,41,54,4f,53,44,7e,..
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,0 0,04,00,00,00,03,00,00,00,ff,..
"1"=hex:34,00,31,00,00,00,00,00,35,38,8b,82,10,00, 54,65,6d,70,00,00,20,..
"2"=hex:88,00,b1,00,00,00,00,00,30,38,7b,56,16,20, 41,52,43,48,49,56,7e,..
"NodeSlot"=dword:00000092
"3"=hex:50,00,31,00,00,00,00,00,3f,34,e2,00,10,00, 41,50,50,4c,49,43,7e,..
"4"=hex:34,00,31,00,00,00,00,00,32,38,01,90,10,00, 41,70,70,73,00,00,20,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\0]
"0"=hex:34,00,31,00,00,00,00,00,32,38,0a,6b,10,00, 41,72,65,73,00,00,20,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:000000e4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\0\0]
"0"=hex:50,00,31,00,00,00,00,00,32,38,67,67,10,00, 4d,59,53,48,41,52,7e,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000110

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\0\0\0]
"NodeSlot"=dword:00000013
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:90,00,31,00,00,00,00,00,46,38,02,a1,10,00, 52,45,41,4c,5f,4f,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\0\0\0\0]
"NodeSlot"=dword:000000ff
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\1]
"0"=hex:42,00,31,00,00,00,00,00,35,38,8b,82,10,00, 52,45,47,53,45,45,7e,..
"MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,0 0,00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000093
"1"=hex:4c,00,31,00,00,00,00,00,43,38,44,b0,10,00, 52,61,72,24,45,58,30,..
"2"=hex:40,00,31,00,00,00,00,00,32,38,5b,95,10,00, 7e,72,6e,73,65,74,75,..
"3"=hex:40,00,31,00,00,00,00,00,32,38,85,8d,10,00, 7e,72,6e,73,65,74,75,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\1\0]
"NodeSlot"=dword:0000002f
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,35,38,8c,82,10,00, 52,45,47,53,45,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\1\0\0]
"NodeSlot"=dword:00000030
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\1\1]
"NodeSlot"=dword:000000e1
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,44,38,dc,00,10,00, 52,45,47,53,45,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\1\1\0]
"NodeSlot"=dword:000000e2
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\1\2]
"NodeSlot"=dword:000000e5
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\1\3]
"NodeSlot"=dword:000000e6
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\2]
"0"=hex:62,00,b1,00,00,00,00,00,43,38,d2,64,16,20, 43,6f,6e,74,65,6e,74,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000086

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\2\0]
"0"=hex:5a,00,b1,00,00,00,00,00,43,38,2d,74,16,20, 30,30,47,48,48,50,48,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:0000006c

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\2\0\0]
"NodeSlot"=dword:0000006b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\3]
"NodeSlot"=dword:00000094
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,3f,34,e2,00,10,00, 4d,49,43,52,4f,53,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\3\0]
"NodeSlot"=dword:00000095
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:44,00,31,00,00,00,00,00,3f,34,e2,00,10,00, 43,44,42,55,52,4e,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\3\0\0]
"NodeSlot"=dword:00000096
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\4]
"NodeSlot"=dword:00000097
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:30,00,31,00,00,00,00,00,32,38,01,90,10,00, 32,2e,30,00,1e,00,03,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\4\0]
"NodeSlot"=dword:00000098
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,32,38,01,90,10,00, 5a,33,56,4a,5a,43,48,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\4\0\0]
"NodeSlot"=dword:00000099
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,32,38,01,90,10,00, 37,35,58,37,34,52,4d,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\4\0\0\0]
"NodeSlot"=dword:0000009a
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,32,38,01,90,10,00, 4d,41,4e,49,46,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\1\4\0\0\0\0]
"NodeSlot"=dword:0000009b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\2]
"NodeSlot"=dword:00000016
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\3]
"NodeSlot"=dword:0000001a
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:52,00,31,00,00,00,00,00,43,38,b8,76,10,00, 54,4f,41,53,54,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\3\0]
"NodeSlot"=dword:00000073
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4]
"0"=hex:5a,00,31,00,00,00,00,00,38,38,32,79,10,00, 53,49,4e,54,45,53,7e,..
"MRUListEx"=hex:0c,00,00,00,0b,00,00,00,07,00,00,0 0,03,00,00,00,04,00,00,00,0a,..
"1"=hex:8a,00,31,00,00,00,00,00,2d,38,c1,65,15,00, 4d,59,53,54,41,54,7e,..
"2"=hex:4a,00,31,00,00,00,00,00,42,38,ee,86,10,00, 43,44,44,45,44,49,7e,..
"NodeSlot"=dword:00000064
"3"=hex:3a,00,31,00,00,00,00,00,42,38,40,78,10,00, 54,4f,50,31,30,7e,31,..
"4"=hex:4e,00,31,00,00,00,00,00,3a,38,20,70,10,00, 4d,49,53,2d,50,41,7e,..
"5"=hex:5c,00,31,00,00,00,00,00,2d,38,bd,63,10,00, 4d,49,53,41,52,43,7e,..
"6"=hex:44,00,31,00,00,00,00,00,41,38,c5,4d,11,00, 4d,49,53,56,44,45,7e,..
"7"=hex:48,00,31,00,00,00,00,00,36,38,ad,73,10,00, 4d,49,53,45,53,43,7e,..
"8"=hex:4c,00,31,00,00,00,00,00,42,38,23,78,10,00, 4a,55,49,4c,4f,49,7e,..
"9"=hex:72,00,31,00,00,00,00,00,35,38,60,90,10,00, 43,41,4e,43,49,4f,7e,..
"10"=hex:70,00,31,00,00,00,00,00,41,38,f9,73,11,00 ,4d,49,53,49,4d,47,7e,..
"11"=hex:42,00,31,00,00,00,00,00,46,38,82,9a,10,00 ,52,45,47,53,45,45,7e,..
"12"=hex:40,00,31,00,00,00,00,00,46,38,47,9e,10,00 ,4c,69,6d,65,57,69,72,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\0]
"NodeSlot"=dword:00000037
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\1]
"NodeSlot"=dword:00000055
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\10]
"NodeSlot"=dword:000000ad
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\11]
"NodeSlot"=dword:000000f9
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,46,38,83,9a,10,00, 52,45,47,53,45,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\11\0]
"NodeSlot"=dword:000000fa
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\12]
"0"=hex:36,00,31,00,00,00,00,00,46,38,20,9f,10,00, 53,61,76,65,64,00,22,..
"MRUListEx"=hex:00,00,00,00,01,00,00,00,ff,ff,ff,f f
"1"=hex:44,00,31,00,00,00,00,00,48,38,85,7e,10,00, 49,4e,43,4f,4d,50,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\12\0]
"NodeSlot"=dword:000000fe
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\12\1]
"NodeSlot"=dword:00000117
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\2]
"NodeSlot"=dword:0000005e
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\3]
"NodeSlot"=dword:00000070
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\4]
"NodeSlot"=dword:00000075
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:50,00,31,00,00,00,00,00,3a,38,39,92,10,00, 57,45,42,2d,45,4a,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\4\0]
"NodeSlot"=dword:00000076
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,3a,38,3d,70,10,00, 6f,62,6a,65,74,6f,73,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\4\0\0]
"NodeSlot"=dword:00000077
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\5]
"NodeSlot"=dword:00000078
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\6]
"NodeSlot"=dword:000000a8
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\7]
"NodeSlot"=dword:000000a9
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4a,00,31,00,00,00,00,00,3a,38,a1,59,10,00, 32,30,30,38,2d,30,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\7\0]
"NodeSlot"=dword:000000aa
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\8]
"NodeSlot"=dword:000000ab
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\4\9]
"NodeSlot"=dword:000000ac
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\5]
"NodeSlot"=dword:00000063
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\6]
"NodeSlot"=dword:00000068
"MRUListEx"=hex:00,00,00,00,02,00,00,00,01,00,00,0 0,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,3f,34,e2,00,10,00, 56,4e,43,55,4c,4f,7e,..
"1"=hex:5e,00,31,00,00,00,00,00,27,38,a4,a5,10,00, 53,49,54,49,4f,53,7e,..
"2"=hex:60,00,31,00,00,00,00,00,27,38,c3,aa,10,00, 4c,45,4e,4f,56,4f,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\6\0]
"NodeSlot"=dword:00000069
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\6\1]
"NodeSlot"=dword:0000006a
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\6\2]
"NodeSlot"=dword:00000090
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7]
"NodeSlot"=dword:000000e3
"MRUListEx"=hex:00,00,00,00,01,00,00,00,ff,ff,ff,f f
"0"=hex:40,00,31,00,00,00,00,00,48,38,b6,64,10,00, 4c,69,6d,65,57,69,72,..
"1"=hex:44,00,31,00,00,00,00,00,32,38,d7,8b,10,00, 42,49,54,54,4f,52,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\0]
"0"=hex:30,00,31,00,00,00,00,00,47,38,11,5e,10,00, 78,6d,6c,00,1e,00,03,..
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,0 0,ff,ff,ff,ff
"1"=hex:3a,00,31,00,00,00,00,00,46,38,40,9e,10,00, 74,68,65,6d,65,73,00,..
"2"=hex:4a,00,31,00,00,00,00,00,47,38,58,5a,10,00, 4e,45,54,57,4f,52,7e,..
"NodeSlot"=dword:00000115

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\0\0]
"0"=hex:34,00,31,00,00,00,00,00,47,38,11,5e,10,00, 64,61,74,61,00,00,20,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\0\0\0]
"NodeSlot"=dword:00000111
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\0\1]
"0"=hex:4a,00,31,00,00,00,00,00,47,38,e8,59,10,00, 57,49,4e,44,4f,57,7e,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\0\1\0]
"NodeSlot"=dword:00000112
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\0\2]
"NodeSlot"=dword:00000113
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:44,00,31,00,00,00,00,00,47,38,58,5a,10,00, 49,4e,43,4f,4d,50,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\0\2\0]
"NodeSlot"=dword:00000114
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\7\1]
"NodeSlot"=dword:00000116
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\1\8]
"NodeSlot"=dword:000000e7
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\2]
"NodeSlot"=dword:000000a5
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,27,38,05,a4,10,00, 46,41,56,4f,52,49,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\2\0]
"NodeSlot"=dword:000000a6
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:60,00,31,00,00,00,00,00,27,38,05,a4,10,00, 4c,45,4e,4f,56,4f,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\2\0\0]
"NodeSlot"=dword:000000a7
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3]
"NodeSlot"=dword:000000af
"MRUListEx"=hex:07,00,00,00,06,00,00,00,02,00,00,0 0,05,00,00,00,04,00,00,00,00,..
"0"=hex:56,00,31,00,00,00,00,00,3f,34,e2,00,12,00, 43,4f,4e,46,49,47,7e,..
"1"=hex:54,00,31,00,00,00,00,00,3f,34,e1,00,13,00, 52,65,63,69,65,6e,74,..
"2"=hex:3a,00,31,00,00,00,00,00,3f,34,d7,00,13,00, 53,65,6e,64,54,6f,00,..
"3"=hex:44,00,31,00,00,00,00,00,3e,34,49,be,10,00, 45,53,43,52,49,54,7e,..
"4"=hex:4c,00,31,00,00,00,00,00,3e,34,49,be,12,00, 45,4e,54,4f,52,4e,7e,..
"5"=hex:6e,00,31,00,00,00,00,00,27,38,a3,a5,11,00, 4d,49,53,44,4f,43,7e,..
"6"=hex:44,00,31,00,00,00,00,00,3e,34,49,be,12,00, 49,4d,50,52,45,53,7e,..
"7"=hex:44,00,31,00,00,00,00,00,3e,34,f7,be,12,00, 50,4c,41,4e,54,49,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\0]
"NodeSlot"=dword:000000b0
"MRUListEx"=hex:00,00,00,00,01,00,00,00,ff,ff,ff,f f
"0"=hex:52,00,31,00,00,00,00,00,27,38,0d,a6,12,00, 44,41,54,4f,53,44,7e,..
"1"=hex:34,00,31,00,00,00,00,00,27,38,eb,a8,10,00, 54,65,6d,70,00,00,20,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\0\0]
"NodeSlot"=dword:000000b1
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,f f
"0"=hex:54,00,31,00,00,00,00,00,27,38,18,a8,10,00, 41,50,50,4c,49,43,7e,..
"1"=hex:42,00,31,00,00,00,00,00,27,38,a4,a5,10,00, 4d,49,43,52,4f,53,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\0\0\0]
"NodeSlot"=dword:000000b6
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\0\0\1]
"NodeSlot"=dword:000000b7
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,f f
"0"=hex:3c,00,31,00,00,00,00,00,3f,34,d5,00,10,00, 57,69,6e,64,6f,77,73,..
"1"=hex:52,00,31,00,00,00,00,00,27,38,a4,a5,10,00, 49,4e,54,45,52,4e,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\0\0\1\0]
"NodeSlot"=dword:000000b8
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\0\0\1\1]
"NodeSlot"=dword:000000b9
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\0\1]
"NodeSlot"=dword:000000b5
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\1]
"NodeSlot"=dword:000000b2
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\2]
"NodeSlot"=dword:000000b3
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\3]
"NodeSlot"=dword:000000b4
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\4]
"NodeSlot"=dword:000000ba
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\5]
"NodeSlot"=dword:000000bb
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\6]
"NodeSlot"=dword:000000bc
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\1\3\7]
"NodeSlot"=dword:000000bd
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\10]
"NodeSlot"=dword:000000be
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,2a,38,d2,5c,11,20, 41,4c,4c,55,53,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\10\0]
"NodeSlot"=dword:000000bf
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\11]
"NodeSlot"=dword:000000c0
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2]
"NodeSlot"=dword:00000020
"MRUListEx"=hex:09,00,00,00,08,00,00,00,07,00,00,0 0,06,00,00,00,05,00,00,00,04,..
"0"=hex:54,00,31,00,00,00,00,00,27,38,77,a4,10,00, 52,45,47,49,53,54,7e,..
"1"=hex:48,00,31,00,00,00,00,00,27,38,c4,a9,10,00, 52,45,47,49,53,54,7e,..
"2"=hex:7a,00,b1,00,00,00,00,00,33,38,03,76,14,00, 44,4f,57,4e,4c,4f,7e,..
"3"=hex:60,00,31,00,00,00,00,00,27,38,32,a8,10,00, 44,4f,57,4e,4c,4f,7e,..
"4"=hex:5a,00,31,00,00,00,00,00,28,38,0c,65,12,08, 24,4e,35,43,44,34,7e,..
"5"=hex:30,00,31,00,00,00,00,00,30,38,52,5f,12,00, 69,6e,66,00,1e,00,03,..
"6"=hex:5a,00,31,00,00,00,00,00,28,38,22,64,12,08, 24,4e,37,34,41,36,7e,..
"7"=hex:5a,00,31,00,00,00,00,00,28,38,3b,65,12,08, 24,4e,37,45,46,32,7e,..
"8"=hex:5a,00,31,00,00,00,00,00,28,38,8c,64,12,08, 24,4e,34,38,42,43,7e,..
"9"=hex:30,00,31,00,00,00,00,00,27,38,03,a5,12,08, 69,65,37,00,1e,00,03,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\0]
"NodeSlot"=dword:00000022
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\1]
"NodeSlot"=dword:00000023
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\2]
"NodeSlot"=dword:0000007f
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\3]
"NodeSlot"=dword:00000080
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\4]
"NodeSlot"=dword:000000cf
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\5]
"NodeSlot"=dword:000000d0
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:30,00,31,00,00,00,00,00,27,38,04,a5,10,00, 49,45,4d,00,1e,00,03,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\5\0]
"NodeSlot"=dword:000000d2
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,27,38,05,a5,10,00, 30,63,30,61,00,00,20,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\5\0\0]
"NodeSlot"=dword:000000d3
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\6]
"NodeSlot"=dword:000000d4
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,28,38,22,64,10,08, 73,70,75,6e,69,6e,73,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\6\0]
"NodeSlot"=dword:000000d5
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\7]
"NodeSlot"=dword:000000d6
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,28,38,3c,65,10,08, 73,70,75,6e,69,6e,73,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\7\0]
"NodeSlot"=dword:000000d7
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\8]
"NodeSlot"=dword:000000d8
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,28,38,8c,64,10,08, 73,70,75,6e,69,6e,73,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\8\0]
"NodeSlot"=dword:000000d9
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\2\9]
"NodeSlot"=dword:000000da
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\3]
"NodeSlot"=dword:00000021
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4]
"0"=hex:40,00,31,00,00,00,00,00,00,00,00,00,10,00, 52,41,46,41,45,4c,7e,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0]
"0"=hex:40,00,31,00,00,00,00,00,00,00,00,00,10,00, 43,4f,4e,46,49,47,7e,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0]
"0"=hex:34,00,31,00,00,00,00,00,00,00,00,00,10,00, 54,65,6d,70,00,00,20,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0]
"0"=hex:4e,00,32,00,00,00,00,00,00,00,00,00,20,00, 52,65,67,53,65,65,6b,..
"MRUListEx"=hex:0b,00,00,00,0a,00,00,00,09,00,00,0 0,08,00,00,00,07,00,00,00,06,..
"1"=hex:54,00,32,00,00,00,00,00,00,00,00,00,20,00, 52,65,67,53,65,65,6b,..
"NodeSlot"=dword:00000084
"2"=hex:62,00,31,00,00,00,00,00,2c,38,b5,59,10,00, 48,53,50,45,52,46,7e,..
"3"=hex:36,00,31,00,00,00,00,00,3a,38,a1,59,10,00, 7e,44,45,53,54,00,22,..
"4"=hex:40,00,31,00,00,00,00,00,32,38,5b,95,10,00, 7e,72,6e,73,65,74,75,..
"5"=hex:48,00,31,00,00,00,00,00,32,38,ca,55,10,00, 57,4d,43,30,30,30,30,..
"6"=hex:60,00,31,00,00,00,00,00,2f,38,38,57,10,00, 57,4c,54,42,43,55,7e,..
"7"=hex:42,00,31,00,00,00,00,00,35,38,8b,82,10,00, 52,45,47,53,45,45,7e,..
"8"=hex:46,00,31,00,00,00,00,00,37,38,c4,4c,10,00, 4d,53,4f,48,54,4d,7e,..
"9"=hex:48,00,31,00,00,00,00,00,42,38,7d,a3,10,00, 4d,53,4f,48,54,4d,7e,..
"10"=hex:7c,00,31,00,00,00,00,00,43,38,74,af,12,00 ,44,49,52,45,43,54,7e,..
"11"=hex:40,00,31,00,00,00,00,00,43,38,22,af,10,00 ,5f,61,76,61,73,74,34,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\0]
"NodeSlot"=dword:0000002c
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:5a,00,70,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,10,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\0\0]
"NodeSlot"=dword:0000002d
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:68,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,10,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\0\0\0]
"NodeSlot"=dword:0000002e
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\1]
"NodeSlot"=dword:00000031
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\10]
"NodeSlot"=dword:000000ca
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:30,00,31,00,00,00,00,00,43,38,74,af,10,00, 6c,69,62,00,1e,00,03,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\10\0]
"NodeSlot"=dword:000000cb
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3a,00,31,00,00,00,00,00,43,38,74,af,10,00, 69,6d,61,67,65,73,00,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\10\0\0]
"NodeSlot"=dword:000000cc
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,43,38,74,af,10,00, 63,75,72,73,6f,72,73,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\10\0\0\0]
"NodeSlot"=dword:000000cd
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\11]
"NodeSlot"=dword:000000ce
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\2]
"NodeSlot"=dword:00000085
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\3]
"NodeSlot"=dword:00000087
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\4]
"NodeSlot"=dword:00000088
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\5]
"NodeSlot"=dword:00000089
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\6]
"NodeSlot"=dword:0000008a
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\7]
"NodeSlot"=dword:0000008b
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,35,38,8c,82,10,00, 52,45,47,53,45,45,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\7\0]
"NodeSlot"=dword:0000008c
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\8]
"NodeSlot"=dword:0000008d
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\9]
"NodeSlot"=dword:0000008e
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:2e,00,31,00,00,00,00,00,42,38,bd,a4,10,00, 30,31,00,00,1c,00,03,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\4\0\0\0\9\0]
"NodeSlot"=dword:0000008f
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\5]
"NodeSlot"=dword:00000060
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\6]
"NodeSlot"=dword:00000071
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\7]
"NodeSlot"=dword:00000072
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\8]
"NodeSlot"=dword:0000007a
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\2\9]
"NodeSlot"=dword:000000ae
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3]
"NodeSlot"=dword:0000002a
"MRUListEx"=hex:05,00,00,00,06,00,00,00,04,00,00,0 0,03,00,00,00,01,00,00,00,02,..
"0"=hex:70,00,31,00,00,00,00,00,33,38,cc,bc,11,00, 4d,49,53,49,4d,47,7e,..
"1"=hex:5a,00,31,00,00,00,00,00,38,38,a4,59,10,00, 53,49,4e,54,45,53,7e,..
"2"=hex:6c,00,31,00,00,00,00,00,3d,38,ec,56,11,00, 4d,49,53,56,44,45,7e,..
"3"=hex:6a,00,31,00,00,00,00,00,42,38,ca,69,11,00, 4d,49,4d,53,49,43,7e,..
"4"=hex:4a,00,31,00,00,00,00,00,42,38,7b,9c,10,00, 43,44,44,45,44,49,7e,..
"5"=hex:5c,00,31,00,00,00,00,00,2d,38,bd,63,10,00, 4d,49,53,41,52,43,7e,..
"6"=hex:4e,00,31,00,00,00,00,00,3a,38,20,70,10,00, 4d,49,53,2d,50,41,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\0]
"NodeSlot"=dword:0000002b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\1]
"NodeSlot"=dword:00000036
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\2]
"NodeSlot"=dword:00000051
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\3]
"NodeSlot"=dword:0000005c
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:48,00,31,00,00,00,00,00,42,38,ca,69,10,00, 4d,59,50,4c,41,59,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\3\0]
"NodeSlot"=dword:0000005d
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\4]
"NodeSlot"=dword:0000005f
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\5]
"NodeSlot"=dword:0000007e
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\6]
"NodeSlot"=dword:0000009d
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:50,00,31,00,00,00,00,00,3a,38,39,92,10,00, 57,45,42,2d,45,4a,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\6\0]
"NodeSlot"=dword:0000009e
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,3a,38,3d,70,10,00, 6f,62,6a,65,74,6f,73,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\3\6\0\0]
"NodeSlot"=dword:0000009f
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\0\4]
"NodeSlot"=dword:000000a4
"MRUListEx"=hex:ff,ff,ff,ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\BagMRU\1]
"NodeSlot"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\Bags\1\Shell]
"MinPos1024x768(1).x"=dword:ffff8300
"MinPos1024x768(1).y"=dword:ffff8300
"MaxPos1024x768(1).x"=dword:ffffffff
"MaxPos1024x768(1).y"=dword:ffffffff
"WinPos1024x768(1).left"=dword:00000092
"WinPos1024x768(1).top"=dword:00000041
"WinPos1024x768(1).right"=dword:000003b2
"WinPos1024x768(1).bottom"=dword:00000299
"Rev"=dword:00000000
"WFlags"=dword:00000000
"ShowCmd"=dword:00000001
"FFlags"=dword:00000000
"HotKey"=dword:00000000
"Buttons"=dword:ffffffff
"Links"=dword:00000000
"Address"=dword:00000000
"Vid"="{0057D0E0-3573-11CF-AE69-08002B2E1262}"
"Mode"=dword:00000001
"ScrollPos1024x768(1).x"=dword:00000000
"ScrollPos1024x768(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,fd,df,df,fd,0f,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\Bags\2\Shell]
"MinPos1024x768(1).x"=dword:ffffffff
"MinPos1024x768(1).y"=dword:ffffffff
"MaxPos1024x768(1).x"=dword:ffffffff
"MaxPos1024x768(1).y"=dword:ffffffff
"WinPos1024x768(1).left"=dword:00000084
"WinPos1024x768(1).top"=dword:0000008a
"WinPos1024x768(1).right"=dword:000003a4
"WinPos1024x768(1).bottom"=dword:000002e2
"Rev"=dword:00000000
"WFlags"=dword:00000000
"ShowCmd"=dword:00000001
"FFlags"=dword:00000000
"HotKey"=dword:00000000
"Buttons"=dword:ffffffff
"Links"=dword:ffffffff
"Address"=dword:ffffffff

scanning hidden files ...

C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Confundidos.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Desencanto.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - El Malquerido.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - La Comparsa.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Mosaico No.10.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Mosaico No.9.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Muy Tarde.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Por Encima de Todo.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Sintiendote Mia.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\mmnnn\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Sombras.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Confundidos.mp3 4741861 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Desencanto.mp3 5785713 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - El Malquerido.mp3 6926744 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - La Comparsa.mp3 6841061 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Mosaico No.10.mp3 20406973 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Mosaico No.9.mp3 14593161 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Muy Tarde.mp3 7242299 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Por Encima de Todo.mp3 5331190 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Sintiendote Mia.mp3 6969587 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\Felipe Pirela : Billo's Caracas Boys - Sombras.mp3 6573563 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Confundidos.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Desencanto.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - El Malquerido.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - La Comparsa.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Mosaico No.10.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Mosaico No.9.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Muy Tarde.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Por Encima de Todo.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Sintiendote Mia.mp3 82 bytes hidden from API
C:\Documents and Settings\Rafael y Saidy\Mis documentos\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\__MACOSX\Felipe Pirela - Con Billo's Caracas Boys - 320 kbps\._Felipe Pirela : Billo's Caracas Boys - Sombras.mp3 82 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 30


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"="C:\\Archivos de programa\\LimeWire\\LimeWire.exe:*:Enabled:LimeWir e"
"C:\\Archivos de programa\\Ares\\Ares.exe"="C:\\Archivos de programa\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Archivos de programa\\Remote Desktop Control 2\\apc_host.exe"="C:\\Archivos de programa\\Remote Desktop Control 2\\apc_host.exe:*:Enabled:Remote Desktop Control - Host Module"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 4 Nov 2005 4,126,240 ...H. --- "C:\Archivos de programa\Picasa2\setup.exe"
Thu 6 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\487E7E42E0.sys"
Sun 16 Mar 2008 848 ..SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 16 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 15 Mar 2008 0 ..SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Thu 8 May 2008 0 ...H. --- "C:\WINDOWS\SoftwareDistribution\Download\e333946a 72df07902c13124415079b00\BITFC.tmp"

Finished!
Responder Con Cita
  post #8  
Antiguo 18/09/08, 13:20:49
Avatar de Anleg_30
Warrior
  
Registrado: dic 2007
Ubicación: B@rc3l0n@ - Venezuela
Mensajes: 5.755
Re: Problemas con mensajes que llegan del msn
Hola,

Ubica y sube este archivo a Virus Total <Leer Manual> y dejame el reporte que te genere.

Cita:
C:\WINDOWS\system32\487E7E42E0.sys
También realiza el Scan con el Panda Active Scan y dejame su reporte para checkearlo y recomendarte los pasos a seguir.


Salu2..............

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #9  
Antiguo 19/09/08, 01:00:13
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Malware Re: Problemas con mensajes que llegan del msn
ESTE ES EL REPORTE DEL PANDA ACTIVE SCAN

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-09-18 14:18:26
PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
avast! antivirus 4.8.1229 [VPS 080918-0] 4.8.1229 No Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Rafael y Saidy\Mis documentos\SDFix.exe[C:\Documents and Settings\Rafael y Saidy\Mis documentos\SDFix.exe][SDFix\apps\Process.exe]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.tribalfusion.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@yadro[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.xiti.com/]
00167738 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[fe.lea.lycos.es/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[counter.hitslink.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@bs.serving-sys[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.888.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.888.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[server.iad.liveperson.net/]
00169189 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[adserver.terra.es/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[statse.webtrendslive.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.overture.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.zedo.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.go.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@atwola[2].txt
00267886 Joke/JoAlPro Jokes No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Configuración local\Datos de programa\Microsoft\Windows Live Mail\Hotmail (mi 4de\Elementos e e0c\102C3C22-00000184.eml[joder_al_proximo.htm1.htm]
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Cookies\rafael_y_saidy@www6.addfreestats[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Rafael y Saidy\Escritorio\ComboFix.exe[C:\Documents and Settings\Rafael y Saidy\Escritorio\ComboFix.exe][327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.cfexe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Rafael y Saidy\Escritorio\ComboFix.exe[C:\Documents and Settings\Rafael y Saidy\Escritorio\ComboFix.exe][327882R2FWJFW\nircmd.com]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Rafael y Saidy\Datos de programa\Mozilla\Firefox\Profiles\514nbwpj.default \cookies.txt[.adserver.easyad.info/]
03493109 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Rafael y Saidy\Mis documentos\Mis archivos recibidos\photo.zip[photo1226.jpeg-www.myspace.com]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location /
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description /
;================================================= ================================================== ================================================== ==============================
133387 MEDIUM MS06-065 /
;================================================= ================================================== ================================================== ==============================
Responder Con Cita
  post #10  
Antiguo 19/09/08, 01:41:46
Avatar de ramsay
Usuario
  
Registrado: oct 2007
Ubicación: venezuela
Mensajes: 60
Malware Re: Problemas con mensajes que llegan del msn
ESTE ARCHIVO NO LO ENCUENTRO Y NO E PODIDO ANALIZARLO CON EL VIRUS TOTAL

C:\WINDOWS\system32\487E7E42E0.sys

LLEGO HASTA SISTEM32 Y BUSCO ESOS NUMEROS Y NO APARECEN
SALUDOS....... Y ESPERO TU AYUDA
Responder Con Cita
Respuesta
Página 1 de 3 1 23

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
La técnica « Hardware Transform & Lighting » no está soportada por el Sistema jovaf18 Foro de Hardware 5 31/10/08 06:56:44
Problemas con el bluetooth jocapapi Foro de Hardware 9 07/07/08 09:16:21
no tengo sonio con windows xp (Solucionado) dori360 Foro de Hardware 16 26/03/08 06:18:25
hosts (cerrado) esther151 Temas Solucionados 33 16/01/08 11:57:53
Tengo problemas con el MSN.... maquina Foro Oficial de HijackThis en español 9 26/11/06 12:23:13




Todas las horas son GMT -4. La hora es 09:20:21.

Sobre Infospyware - Contáctanos - Políticas del Foro - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2004 - 2009, ForoSpyware.com
© Copyright 2005 - 2009 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31