virus policia log panda 9-11-12

1. ***** PANDA SECURITY *****
2. ***** POLICE RESCUE UTILITY *****
3. ---------------------------------
4.  
5.  
6. ** Detecting hard disks!!
7. Done!!
8.  
9.  
10. ** 64 bits operative system : 0
11. ** Finding Windows Registry!!
12. Looking for in: /mnt/sda1/WINDOWS/system32/config/software
13. Found!!
14. Applying generic disinfection!!
15. *******************
16.  
17. reged version 0.1 110511, (c) Petter N Hagen
18. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
19. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
20. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
21. Used for data: 602047/33422048 blocks/bytes, unused: 3793/35200 blocks/bytes.
22.  
23. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
24. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
25. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
26. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
27. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
28. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon>
29. END OF IMPORT, file </root/policeWinlogon.reg>, operation SUCCEEDED!
30. 6 keys
31. 0 new keys added
32. 6 values total
33.  
34.  
35. Hives that have changed:
36. # Name
37. 0 <./mnt/sda1/WINDOWS/system32/config/software> - OK
38. Modificadas claves HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | State | Userinit | Taskman | taskman
39. *******************
40.  
41. reged version 0.1 110511, (c) Petter N Hagen
42. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
43. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
44. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
45. Used for data: 602051/33422224 blocks/bytes, unused: 3795/35024 blocks/bytes.
46.  
47. --- Import KEY <\Microsoft\Windows\CurrentVersion\Explorer> with 1 values.
48. --- Import KEY <\Microsoft\Windows\CurrentVersion\Explorer> with 1 values.
49. --- Import KEY <\Microsoft\Windows\CurrentVersion\Explorer>
50. END OF IMPORT, file </root/policeExplorer.reg>, operation SUCCEEDED!
51. 3 keys
52. 0 new keys added
53. 3 values total
54.  
55.  
56. Hives that have changed:
57. # Name
58. 0 <./mnt/sda1/WINDOWS/system32/config/software> - OK
59. Modificadas claves HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer | Expanded | Favorites | FullPath
60. *******************
61.  
62.  
63. ERROR: import_reg: failed to add (sub)key <explorer>
64. reged version 0.1 110511, (c) Petter N Hagen
65. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
66. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
67. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
68. Used for data: 602054/33422360 blocks/bytes, unused: 3795/34888 blocks/bytes.
69.  
70. --- Import KEY <\Microsoft\Windows\CurrentVersion\explorer> add_key: key explorer already exists!
71.  
72. END OF IMPORT, file </root/policeExplorerWvista.reg>, operation FAILED!
73. 1 keys
74. 0 new keys added
75. 0 values total
76.  
77.  
78. Hives that have changed:
79. # Name
80. None!
81.  
82. Modificadas claves HKLM\Software\Microsoft\Windows\CurrentVersion\explorer | Expanded | Favorites | FullPath
83. *******************
84.  
85. reged version 0.1 110511, (c) Petter N Hagen
86. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
87. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
88. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
89. Used for data: 602054/33422360 blocks/bytes, unused: 3795/34888 blocks/bytes.
90.  
91. Exporting to file '/tmp/runRead.reg'...
92. Exporting key 'Run' with 0 subkeys and 1 values...
93. *******************
94.  
95. Fichero /tmp/runRead.reg
96. Windows Registry Editor Version 5.00
97.  
98. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
99. "avgnt"="\"C:\\Archivos de programa\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
100.  
101. *******************
102.  
103. Fichero /tmp/runWrite.reg
104. Windows Registry Editor Version 5.00
105. [HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Run]
106. "avgnt"=
107. *******************
108.  
109. reged version 0.1 110511, (c) Petter N Hagen
110. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
111. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
112. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
113. Used for data: 602054/33422360 blocks/bytes, unused: 3795/34888 blocks/bytes.
114.  
115. --- Import KEY <\Microsoft\Windows\CurrentVersion\Run>
116. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
117. 1 keys
118. 0 new keys added
119. 1 values total
120.  
121.  
122. Hives that have changed:
123. # Name
124. 0 <./mnt/sda1/WINDOWS/system32/config/software> - OK
125. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
126. *******************
127.  
128. reged version 0.1 110511, (c) Petter N Hagen
129. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
130. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
131. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
132. Used for data: 602053/33422224 blocks/bytes, unused: 3796/35024 blocks/bytes.
133.  
134. Exporting to file '/tmp/runRead.reg'...
135. export_subkey: Key 'Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' not found!
136. *******************
137.  
138. Fichero /tmp/runRead.reg
139. Windows Registry Editor Version 5.00
140.  
141. *******************
142.  
143. Fichero /tmp/runWrite.reg
144. Windows Registry Editor Version 5.00
145. *******************
146.  
147. reged version 0.1 110511, (c) Petter N Hagen
148. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
149. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
150. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
151. Used for data: 602053/33422224 blocks/bytes, unused: 3796/35024 blocks/bytes.
152.  
153.  
154. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
155. 0 keys
156. 0 new keys added
157. 0 values total
158.  
159.  
160. Hives that have changed:
161. # Name
162. None!
163.  
164. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Todos los valores a vacio
165. *******************
166.  
167. reged version 0.1 110511, (c) Petter N Hagen
168. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
169. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
170. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
171. Used for data: 602053/33422224 blocks/bytes, unused: 3796/35024 blocks/bytes.
172.  
173. Exporting to file '/tmp/runRead.reg'...
174. export_subkey: Key 'Microsoft\Windows\CurrentVersion\policies\Explorer\Run' not found!
175. *******************
176.  
177. Fichero /tmp/runRead.reg
178. Windows Registry Editor Version 5.00
179.  
180. *******************
181.  
182. Fichero /tmp/runWrite.reg
183. Windows Registry Editor Version 5.00
184. *******************
185.  
186. reged version 0.1 110511, (c) Petter N Hagen
187. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
188. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
189. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
190. Used for data: 602053/33422224 blocks/bytes, unused: 3796/35024 blocks/bytes.
191.  
192.  
193. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
194. 0 keys
195. 0 new keys added
196. 0 values total
197.  
198.  
199. Hives that have changed:
200. # Name
201. None!
202.  
203. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Todos los valores a vacio
204. *******************
205.  
206. reged version 0.1 110511, (c) Petter N Hagen
207. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
208. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
209. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
210. Used for data: 602053/33422224 blocks/bytes, unused: 3796/35024 blocks/bytes.
211.  
212. Exporting to file '/tmp/runRead.reg'...
213. export_subkey: Key 'Microsoft\Shared Tools\MSConfig\startupfolder' not found!
214. *******************
215.  
216. Fichero /tmp/runRead.reg
217. Windows Registry Editor Version 5.00
218.  
219. *******************
220.  
221. Fichero /tmp/runWrite.reg
222. Windows Registry Editor Version 5.00
223. *******************
224.  
225. reged version 0.1 110511, (c) Petter N Hagen
226. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
227. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
228. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
229. Used for data: 602053/33422224 blocks/bytes, unused: 3796/35024 blocks/bytes.
230.  
231.  
232. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
233. 0 keys
234. 0 new keys added
235. 0 values total
236.  
237.  
238. Hives that have changed:
239. # Name
240. None!
241.  
242. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder | Todos los valores a vacio
243. Applying user disinfection!!
244. This step may take a while depending on the size of your hard disk!!
245. *******************
246.  
247. reged version 0.1 110511, (c) Petter N Hagen
248. Hive <./mnt/sda1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
249. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
250. File size 33816576 [2040000] bytes, containing 7901 pages (+ 1 headerpage)
251. Used for data: 602053/33422224 blocks/bytes, unused: 3796/35024 blocks/bytes.
252.  
253. Exporting to file '/tmp/users.reg'...
254. Exporting key 'ProfileList' with 4 subkeys and 3 values...
255. Exporting key 'S-1-5-18' with 0 subkeys and 5 values...
256. Exporting key 'S-1-5-19' with 0 subkeys and 8 values...
257. Exporting key 'S-1-5-20' with 0 subkeys and 8 values...
258. Exporting key 'S-1-5-21-606747145-746137067-682003330-1003' with 0 subkeys and 10 values...
259. User: S-1-5-18
260. NTUSER: /mnt/sda1/Documents and Settings/Default User/NTUSER.DAT
261. *******************
262.  
263. reged version 0.1 110511, (c) Petter N Hagen
264. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
265. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
266. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
267. Used for data: 4190/234832 blocks/bytes, unused: 126/4944 blocks/bytes.
268.  
269. Exporting to file '/tmp/runRead.reg'...
270. Exporting key 'Run' with 0 subkeys and 1 values...
271. *******************
272.  
273. Fichero /tmp/runRead.reg
274. Windows Registry Editor Version 5.00
275.  
276. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
277. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
278.  
279. *******************
280.  
281. Fichero /tmp/runWrite.reg
282. Windows Registry Editor Version 5.00
283. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
284. "CTFMON.EXE"=
285. *******************
286.  
287. reged version 0.1 110511, (c) Petter N Hagen
288. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
289. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
290. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
291. Used for data: 4190/234832 blocks/bytes, unused: 126/4944 blocks/bytes.
292.  
293. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
294. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
295. 1 keys
296. 0 new keys added
297. 1 values total
298.  
299.  
300. Hives that have changed:
301. # Name
302. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
303. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
304. *******************
305.  
306. reged version 0.1 110511, (c) Petter N Hagen
307. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
308. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
309. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
310. Used for data: 4189/234760 blocks/bytes, unused: 127/5016 blocks/bytes.
311.  
312. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
313. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
314. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
315. 2 keys
316. 0 new keys added
317. 4 values total
318.  
319.  
320. Hives that have changed:
321. # Name
322. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
323. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
324. *******************
325.  
326. reged version 0.1 110511, (c) Petter N Hagen
327. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
328. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
329. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
330. Used for data: 4193/234936 blocks/bytes, unused: 129/4840 blocks/bytes.
331.  
332. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
333. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
334. 1 keys
335. 0 new keys added
336. 2 values total
337.  
338.  
339. Hives that have changed:
340. # Name
341. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
342. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
343. NTUSER: /mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT
344. *******************
345.  
346. reged version 0.1 110511, (c) Petter N Hagen
347. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
348. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
349. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
350. Used for data: 4159/230144 blocks/bytes, unused: 141/1504 blocks/bytes.
351.  
352. Exporting to file '/tmp/runRead.reg'...
353. Exporting key 'Run' with 0 subkeys and 1 values...
354. *******************
355.  
356. Fichero /tmp/runRead.reg
357. Windows Registry Editor Version 5.00
358.  
359. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
360. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
361.  
362. *******************
363.  
364. Fichero /tmp/runWrite.reg
365. Windows Registry Editor Version 5.00
366. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
367. "CTFMON.EXE"=
368. *******************
369.  
370. reged version 0.1 110511, (c) Petter N Hagen
371. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
372. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
373. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
374. Used for data: 4159/230144 blocks/bytes, unused: 141/1504 blocks/bytes.
375.  
376. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
377. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
378. 1 keys
379. 0 new keys added
380. 1 values total
381.  
382.  
383. Hives that have changed:
384. # Name
385. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
386. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
387. *******************
388.  
389. reged version 0.1 110511, (c) Petter N Hagen
390. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
391. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
392. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
393. Used for data: 4158/230072 blocks/bytes, unused: 142/1576 blocks/bytes.
394.  
395. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
396. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
397. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
398. 2 keys
399. 0 new keys added
400. 4 values total
401.  
402.  
403. Hives that have changed:
404. # Name
405. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
406. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
407. *******************
408.  
409. reged version 0.1 110511, (c) Petter N Hagen
410. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
411. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
412. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
413. Used for data: 4162/230248 blocks/bytes, unused: 144/1400 blocks/bytes.
414.  
415. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
416. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
417. 1 keys
418. 0 new keys added
419. 2 values total
420.  
421.  
422. Hives that have changed:
423. # Name
424. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
425. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
426. NTUSER: /mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT
427. *******************
428.  
429. reged version 0.1 110511, (c) Petter N Hagen
430. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
431. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
432. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
433. Used for data: 4127/294672 blocks/bytes, unused: 133/2512 blocks/bytes.
434.  
435. Exporting to file '/tmp/runRead.reg'...
436. Exporting key 'Run' with 0 subkeys and 1 values...
437. *******************
438.  
439. Fichero /tmp/runRead.reg
440. Windows Registry Editor Version 5.00
441.  
442. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
443. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
444.  
445. *******************
446.  
447. Fichero /tmp/runWrite.reg
448. Windows Registry Editor Version 5.00
449. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
450. "CTFMON.EXE"=
451. *******************
452.  
453. reged version 0.1 110511, (c) Petter N Hagen
454. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
455. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
456. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
457. Used for data: 4127/294672 blocks/bytes, unused: 133/2512 blocks/bytes.
458.  
459. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
460. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
461. 1 keys
462. 0 new keys added
463. 1 values total
464.  
465.  
466. Hives that have changed:
467. # Name
468. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
469. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
470. *******************
471.  
472. reged version 0.1 110511, (c) Petter N Hagen
473. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
474. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
475. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
476. Used for data: 4126/294600 blocks/bytes, unused: 134/2584 blocks/bytes.
477.  
478. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
479. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
480. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
481. 2 keys
482. 0 new keys added
483. 4 values total
484.  
485.  
486. Hives that have changed:
487. # Name
488. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
489. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
490. *******************
491.  
492. reged version 0.1 110511, (c) Petter N Hagen
493. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
494. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
495. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
496. Used for data: 4130/294776 blocks/bytes, unused: 133/2408 blocks/bytes.
497.  
498. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
499. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
500. 1 keys
501. 0 new keys added
502. 2 values total
503.  
504.  
505. Hives that have changed:
506. # Name
507. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
508. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
509. NTUSER: /mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT
510. *******************
511.  
512. reged version 0.1 110511, (c) Petter N Hagen
513. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
514. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
515. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
516. Used for data: 99150/5792192 blocks/bytes, unused: 6567/140480 blocks/bytes.
517.  
518. Exporting to file '/tmp/runRead.reg'...
519. Exporting key 'Run' with 0 subkeys and 1 values...
520. *******************
521.  
522. Fichero /tmp/runRead.reg
523. Windows Registry Editor Version 5.00
524.  
525. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
526. "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
527.  
528. *******************
529.  
530. Fichero /tmp/runWrite.reg
531. Windows Registry Editor Version 5.00
532. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
533. "ctfmon.exe"=
534. *******************
535.  
536. reged version 0.1 110511, (c) Petter N Hagen
537. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
538. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
539. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
540. Used for data: 99150/5792192 blocks/bytes, unused: 6567/140480 blocks/bytes.
541.  
542. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
543. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
544. 1 keys
545. 0 new keys added
546. 1 values total
547.  
548.  
549. Hives that have changed:
550. # Name
551. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
552. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
553. *******************
554.  
555. reged version 0.1 110511, (c) Petter N Hagen
556. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
557. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
558. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
559. Used for data: 99149/5792120 blocks/bytes, unused: 6568/140552 blocks/bytes.
560.  
561. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
562. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
563. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
564. 2 keys
565. 0 new keys added
566. 4 values total
567.  
568.  
569. Hives that have changed:
570. # Name
571. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
572. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
573. *******************
574.  
575. reged version 0.1 110511, (c) Petter N Hagen
576. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
577. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
578. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
579. Used for data: 99153/5792296 blocks/bytes, unused: 6568/140376 blocks/bytes.
580.  
581. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
582. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
583. 1 keys
584. 0 new keys added
585. 2 values total
586.  
587.  
588. Hives that have changed:
589. # Name
590. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
591. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
592. NTUSER: /mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat
593. *******************
594.  
595. reged version 0.1 110511, (c) Petter N Hagen
596. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
597. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
598. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
599. Used for data: 2/264 blocks/bytes, unused: 1/3800 blocks/bytes.
600.  
601. Exporting to file '/tmp/runRead.reg'...
602. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
603. *******************
604.  
605. Fichero /tmp/runRead.reg
606. Windows Registry Editor Version 5.00
607.  
608. *******************
609.  
610. Fichero /tmp/runWrite.reg
611. Windows Registry Editor Version 5.00
612. *******************
613.  
614. reged version 0.1 110511, (c) Petter N Hagen
615. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
616. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
617. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
618. Used for data: 2/264 blocks/bytes, unused: 1/3800 blocks/bytes.
619.  
620.  
621. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
622. 0 keys
623. 0 new keys added
624. 0 values total
625.  
626.  
627. Hives that have changed:
628. # Name
629. None!
630.  
631. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
632. *******************
633.  
634. reged version 0.1 110511, (c) Petter N Hagen
635. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
636. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
637. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
638. Used for data: 2/264 blocks/bytes, unused: 1/3800 blocks/bytes.
639.  
640. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> [added <Software>] [added <Microsoft>] [added <Windows NT>] [added <CurrentVersion>] [added <Winlogon>] with 2 values.
641. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
642. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
643. 2 keys
644. 5 new keys added
645. 4 values total
646.  
647.  
648. Hives that have changed:
649. # Name
650. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
651. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
652. *******************
653.  
654. reged version 0.1 110511, (c) Petter N Hagen
655. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
656. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
657. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
658. Used for data: 17/1056 blocks/bytes, unused: 4/3008 blocks/bytes.
659.  
660. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows> [added <Windows>]
661. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
662. 1 keys
663. 1 new keys added
664. 2 values total
665.  
666.  
667. Hives that have changed:
668. # Name
669. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
670. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
671. NTUSER: /mnt/sda1/WINDOWS/repair/ntuser.dat
672. *******************
673.  
674. reged version 0.1 110511, (c) Petter N Hagen
675. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
676. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
677. File size 241664 [3b000] bytes, containing 58 pages (+ 1 headerpage)
678. Used for data: 4185/234472 blocks/bytes, unused: 127/1240 blocks/bytes.
679.  
680. Exporting to file '/tmp/runRead.reg'...
681. Exporting key 'Run' with 0 subkeys and 1 values...
682. *******************
683.  
684. Fichero /tmp/runRead.reg
685. Windows Registry Editor Version 5.00
686.  
687. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
688. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
689.  
690. *******************
691.  
692. Fichero /tmp/runWrite.reg
693. Windows Registry Editor Version 5.00
694. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
695. "CTFMON.EXE"=
696. *******************
697.  
698. reged version 0.1 110511, (c) Petter N Hagen
699. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
700. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
701. File size 241664 [3b000] bytes, containing 58 pages (+ 1 headerpage)
702. Used for data: 4185/234472 blocks/bytes, unused: 127/1240 blocks/bytes.
703.  
704. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
705. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
706. 1 keys
707. 0 new keys added
708. 1 values total
709.  
710.  
711. Hives that have changed:
712. # Name
713. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
714. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
715. *******************
716.  
717. reged version 0.1 110511, (c) Petter N Hagen
718. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
719. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
720. File size 241664 [3b000] bytes, containing 58 pages (+ 1 headerpage)
721. Used for data: 4184/234400 blocks/bytes, unused: 128/1312 blocks/bytes.
722.  
723. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
724. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> alloc_block: failed to alloc 40 bytes, trying to expand hive..
725. add_bin: request size = 40 [28], rounded to 4096 [1000]
726. add_bin: old buffer size = 241664 [3b000]
727. add_bin: firs nonbin off = 241664 [3b000]
728. add_bin: free at end = 0 [0]
729. add_bin: new buffer size = 262144 [40000]
730. add_bin: adjusting size field in REGF: 241664 [3b000]
731.  
732. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
733. 2 keys
734. 0 new keys added
735. 4 values total
736.  
737.  
738. Hives that have changed:
739. # Name
740. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK WARNING: File was expanded! Experimental! Use at own risk!
741.  
742. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
743. *******************
744.  
745. reged version 0.1 110511, (c) Petter N Hagen
746. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
747. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
748. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
749. Used for data: 4188/234584 blocks/bytes, unused: 131/5192 blocks/bytes.
750.  
751. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
752. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
753. 1 keys
754. 0 new keys added
755. 2 values total
756.  
757.  
758. Hives that have changed:
759. # Name
760. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
761. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
762. User: S-1-5-19
763. NTUSER: /mnt/sda1/Documents and Settings/Default User/NTUSER.DAT
764. *******************
765.  
766. reged version 0.1 110511, (c) Petter N Hagen
767. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
768. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
769. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
770. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
771.  
772. Exporting to file '/tmp/runRead.reg'...
773. Exporting key 'Run' with 0 subkeys and 1 values...
774. *******************
775.  
776. Fichero /tmp/runRead.reg
777. Windows Registry Editor Version 5.00
778.  
779. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
780. "CTFMON.EXE"=""
781.  
782. *******************
783.  
784. Fichero /tmp/runWrite.reg
785. Windows Registry Editor Version 5.00
786. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
787. "CTFMON.EXE"=
788. *******************
789.  
790. reged version 0.1 110511, (c) Petter N Hagen
791. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
792. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
793. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
794. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
795.  
796. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
797. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
798. 1 keys
799. 0 new keys added
800. 1 values total
801.  
802.  
803. Hives that have changed:
804. # Name
805. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
806. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
807. *******************
808.  
809. reged version 0.1 110511, (c) Petter N Hagen
810. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
811. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
812. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
813. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
814.  
815. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
816. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
817. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
818. 2 keys
819. 0 new keys added
820. 4 values total
821.  
822.  
823. Hives that have changed:
824. # Name
825. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
826. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
827. *******************
828.  
829. reged version 0.1 110511, (c) Petter N Hagen
830. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
831. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
832. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
833. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
834.  
835. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
836. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
837. 1 keys
838. 0 new keys added
839. 2 values total
840.  
841.  
842. Hives that have changed:
843. # Name
844. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
845. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
846. NTUSER: /mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT
847. *******************
848.  
849. reged version 0.1 110511, (c) Petter N Hagen
850. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
851. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
852. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
853. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
854.  
855. Exporting to file '/tmp/runRead.reg'...
856. Exporting key 'Run' with 0 subkeys and 1 values...
857. *******************
858.  
859. Fichero /tmp/runRead.reg
860. Windows Registry Editor Version 5.00
861.  
862. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
863. "CTFMON.EXE"=""
864.  
865. *******************
866.  
867. Fichero /tmp/runWrite.reg
868. Windows Registry Editor Version 5.00
869. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
870. "CTFMON.EXE"=
871. *******************
872.  
873. reged version 0.1 110511, (c) Petter N Hagen
874. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
875. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
876. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
877. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
878.  
879. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
880. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
881. 1 keys
882. 0 new keys added
883. 1 values total
884.  
885.  
886. Hives that have changed:
887. # Name
888. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
889. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
890. *******************
891.  
892. reged version 0.1 110511, (c) Petter N Hagen
893. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
894. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
895. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
896. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
897.  
898. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
899. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
900. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
901. 2 keys
902. 0 new keys added
903. 4 values total
904.  
905.  
906. Hives that have changed:
907. # Name
908. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
909. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
910. *******************
911.  
912. reged version 0.1 110511, (c) Petter N Hagen
913. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
914. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
915. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
916. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
917.  
918. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
919. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
920. 1 keys
921. 0 new keys added
922. 2 values total
923.  
924.  
925. Hives that have changed:
926. # Name
927. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
928. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
929. NTUSER: /mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT
930. *******************
931.  
932. reged version 0.1 110511, (c) Petter N Hagen
933. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
934. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
935. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
936. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
937.  
938. Exporting to file '/tmp/runRead.reg'...
939. Exporting key 'Run' with 0 subkeys and 1 values...
940. *******************
941.  
942. Fichero /tmp/runRead.reg
943. Windows Registry Editor Version 5.00
944.  
945. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
946. "CTFMON.EXE"=""
947.  
948. *******************
949.  
950. Fichero /tmp/runWrite.reg
951. Windows Registry Editor Version 5.00
952. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
953. "CTFMON.EXE"=
954. *******************
955.  
956. reged version 0.1 110511, (c) Petter N Hagen
957. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
958. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
959. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
960. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
961.  
962. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
963. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
964. 1 keys
965. 0 new keys added
966. 1 values total
967.  
968.  
969. Hives that have changed:
970. # Name
971. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
972. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
973. *******************
974.  
975. reged version 0.1 110511, (c) Petter N Hagen
976. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
977. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
978. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
979. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
980.  
981. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
982. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
983. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
984. 2 keys
985. 0 new keys added
986. 4 values total
987.  
988.  
989. Hives that have changed:
990. # Name
991. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
992. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
993. *******************
994.  
995. reged version 0.1 110511, (c) Petter N Hagen
996. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
997. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
998. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
999. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1000.  
1001. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1002. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1003. 1 keys
1004. 0 new keys added
1005. 2 values total
1006.  
1007.  
1008. Hives that have changed:
1009. # Name
1010. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
1011. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1012. NTUSER: /mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT
1013. *******************
1014.  
1015. reged version 0.1 110511, (c) Petter N Hagen
1016. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1017. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1018. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1019. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1020.  
1021. Exporting to file '/tmp/runRead.reg'...
1022. Exporting key 'Run' with 0 subkeys and 1 values...
1023. *******************
1024.  
1025. Fichero /tmp/runRead.reg
1026. Windows Registry Editor Version 5.00
1027.  
1028. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
1029. "ctfmon.exe"=""
1030.  
1031. *******************
1032.  
1033. Fichero /tmp/runWrite.reg
1034. Windows Registry Editor Version 5.00
1035. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
1036. "ctfmon.exe"=
1037. *******************
1038.  
1039. reged version 0.1 110511, (c) Petter N Hagen
1040. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1041. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1042. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1043. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1044.  
1045. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1046. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1047. 1 keys
1048. 0 new keys added
1049. 1 values total
1050.  
1051.  
1052. Hives that have changed:
1053. # Name
1054. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
1055. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1056. *******************
1057.  
1058. reged version 0.1 110511, (c) Petter N Hagen
1059. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1060. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1061. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1062. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1063.  
1064. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1065. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1066. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1067. 2 keys
1068. 0 new keys added
1069. 4 values total
1070.  
1071.  
1072. Hives that have changed:
1073. # Name
1074. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
1075. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1076. *******************
1077.  
1078. reged version 0.1 110511, (c) Petter N Hagen
1079. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1080. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1081. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1082. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1083.  
1084. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1085. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1086. 1 keys
1087. 0 new keys added
1088. 2 values total
1089.  
1090.  
1091. Hives that have changed:
1092. # Name
1093. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
1094. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1095. NTUSER: /mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat
1096. *******************
1097.  
1098. reged version 0.1 110511, (c) Petter N Hagen
1099. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1100. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1101. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1102. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1103.  
1104. Exporting to file '/tmp/runRead.reg'...
1105. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
1106. *******************
1107.  
1108. Fichero /tmp/runRead.reg
1109. Windows Registry Editor Version 5.00
1110.  
1111. *******************
1112.  
1113. Fichero /tmp/runWrite.reg
1114. Windows Registry Editor Version 5.00
1115. *******************
1116.  
1117. reged version 0.1 110511, (c) Petter N Hagen
1118. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1119. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1120. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1121. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1122.  
1123.  
1124. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1125. 0 keys
1126. 0 new keys added
1127. 0 values total
1128.  
1129.  
1130. Hives that have changed:
1131. # Name
1132. None!
1133.  
1134. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1135. *******************
1136.  
1137. reged version 0.1 110511, (c) Petter N Hagen
1138. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1139. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1140. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1141. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1142.  
1143. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1144. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1145. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1146. 2 keys
1147. 0 new keys added
1148. 4 values total
1149.  
1150.  
1151. Hives that have changed:
1152. # Name
1153. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
1154. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1155. *******************
1156.  
1157. reged version 0.1 110511, (c) Petter N Hagen
1158. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1159. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1160. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1161. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1162.  
1163. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1164. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1165. 1 keys
1166. 0 new keys added
1167. 2 values total
1168.  
1169.  
1170. Hives that have changed:
1171. # Name
1172. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
1173. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1174. NTUSER: /mnt/sda1/WINDOWS/repair/ntuser.dat
1175. *******************
1176.  
1177. reged version 0.1 110511, (c) Petter N Hagen
1178. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1179. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1180. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1181. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1182.  
1183. Exporting to file '/tmp/runRead.reg'...
1184. Exporting key 'Run' with 0 subkeys and 1 values...
1185. *******************
1186.  
1187. Fichero /tmp/runRead.reg
1188. Windows Registry Editor Version 5.00
1189.  
1190. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
1191. "CTFMON.EXE"=""
1192.  
1193. *******************
1194.  
1195. Fichero /tmp/runWrite.reg
1196. Windows Registry Editor Version 5.00
1197. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
1198. "CTFMON.EXE"=
1199. *******************
1200.  
1201. reged version 0.1 110511, (c) Petter N Hagen
1202. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1203. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1204. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1205. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1206.  
1207. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1208. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1209. 1 keys
1210. 0 new keys added
1211. 1 values total
1212.  
1213.  
1214. Hives that have changed:
1215. # Name
1216. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
1217. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1218. *******************
1219.  
1220. reged version 0.1 110511, (c) Petter N Hagen
1221. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1222. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1223. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1224. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1225.  
1226. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1227. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1228. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1229. 2 keys
1230. 0 new keys added
1231. 4 values total
1232.  
1233.  
1234. Hives that have changed:
1235. # Name
1236. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
1237. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1238. *******************
1239.  
1240. reged version 0.1 110511, (c) Petter N Hagen
1241. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1242. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1243. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1244. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1245.  
1246. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1247. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1248. 1 keys
1249. 0 new keys added
1250. 2 values total
1251.  
1252.  
1253. Hives that have changed:
1254. # Name
1255. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
1256. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1257. User: S-1-5-20
1258. NTUSER: /mnt/sda1/Documents and Settings/Default User/NTUSER.DAT
1259. *******************
1260.  
1261. reged version 0.1 110511, (c) Petter N Hagen
1262. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1263. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1264. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1265. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1266.  
1267. Exporting to file '/tmp/runRead.reg'...
1268. Exporting key 'Run' with 0 subkeys and 1 values...
1269. *******************
1270.  
1271. Fichero /tmp/runRead.reg
1272. Windows Registry Editor Version 5.00
1273.  
1274. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1275. "CTFMON.EXE"=""
1276.  
1277. *******************
1278.  
1279. Fichero /tmp/runWrite.reg
1280. Windows Registry Editor Version 5.00
1281. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1282. "CTFMON.EXE"=
1283. *******************
1284.  
1285. reged version 0.1 110511, (c) Petter N Hagen
1286. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1287. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1288. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1289. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1290.  
1291. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1292. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1293. 1 keys
1294. 0 new keys added
1295. 1 values total
1296.  
1297.  
1298. Hives that have changed:
1299. # Name
1300. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
1301. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1302. *******************
1303.  
1304. reged version 0.1 110511, (c) Petter N Hagen
1305. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1306. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1307. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1308. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1309.  
1310. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1311. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1312. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1313. 2 keys
1314. 0 new keys added
1315. 4 values total
1316.  
1317.  
1318. Hives that have changed:
1319. # Name
1320. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
1321. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1322. *******************
1323.  
1324. reged version 0.1 110511, (c) Petter N Hagen
1325. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1326. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1327. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1328. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1329.  
1330. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1331. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1332. 1 keys
1333. 0 new keys added
1334. 2 values total
1335.  
1336.  
1337. Hives that have changed:
1338. # Name
1339. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
1340. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1341. NTUSER: /mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT
1342. *******************
1343.  
1344. reged version 0.1 110511, (c) Petter N Hagen
1345. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1346. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1347. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1348. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1349.  
1350. Exporting to file '/tmp/runRead.reg'...
1351. Exporting key 'Run' with 0 subkeys and 1 values...
1352. *******************
1353.  
1354. Fichero /tmp/runRead.reg
1355. Windows Registry Editor Version 5.00
1356.  
1357. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1358. "CTFMON.EXE"=""
1359.  
1360. *******************
1361.  
1362. Fichero /tmp/runWrite.reg
1363. Windows Registry Editor Version 5.00
1364. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1365. "CTFMON.EXE"=
1366. *******************
1367.  
1368. reged version 0.1 110511, (c) Petter N Hagen
1369. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1370. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1371. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1372. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1373.  
1374. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1375. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1376. 1 keys
1377. 0 new keys added
1378. 1 values total
1379.  
1380.  
1381. Hives that have changed:
1382. # Name
1383. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
1384. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1385. *******************
1386.  
1387. reged version 0.1 110511, (c) Petter N Hagen
1388. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1389. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1390. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1391. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1392.  
1393. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1394. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1395. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1396. 2 keys
1397. 0 new keys added
1398. 4 values total
1399.  
1400.  
1401. Hives that have changed:
1402. # Name
1403. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
1404. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1405. *******************
1406.  
1407. reged version 0.1 110511, (c) Petter N Hagen
1408. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1409. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1410. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1411. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1412.  
1413. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1414. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1415. 1 keys
1416. 0 new keys added
1417. 2 values total
1418.  
1419.  
1420. Hives that have changed:
1421. # Name
1422. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
1423. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1424. NTUSER: /mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT
1425. *******************
1426.  
1427. reged version 0.1 110511, (c) Petter N Hagen
1428. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1429. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1430. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1431. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1432.  
1433. Exporting to file '/tmp/runRead.reg'...
1434. Exporting key 'Run' with 0 subkeys and 1 values...
1435. *******************
1436.  
1437. Fichero /tmp/runRead.reg
1438. Windows Registry Editor Version 5.00
1439.  
1440. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1441. "CTFMON.EXE"=""
1442.  
1443. *******************
1444.  
1445. Fichero /tmp/runWrite.reg
1446. Windows Registry Editor Version 5.00
1447. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1448. "CTFMON.EXE"=
1449. *******************
1450.  
1451. reged version 0.1 110511, (c) Petter N Hagen
1452. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1453. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1454. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1455. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1456.  
1457. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1458. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1459. 1 keys
1460. 0 new keys added
1461. 1 values total
1462.  
1463.  
1464. Hives that have changed:
1465. # Name
1466. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
1467. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1468. *******************
1469.  
1470. reged version 0.1 110511, (c) Petter N Hagen
1471. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1472. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1473. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1474. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1475.  
1476. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1477. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1478. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1479. 2 keys
1480. 0 new keys added
1481. 4 values total
1482.  
1483.  
1484. Hives that have changed:
1485. # Name
1486. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
1487. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1488. *******************
1489.  
1490. reged version 0.1 110511, (c) Petter N Hagen
1491. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1492. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1493. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1494. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1495.  
1496. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1497. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1498. 1 keys
1499. 0 new keys added
1500. 2 values total
1501.  
1502.  
1503. Hives that have changed:
1504. # Name
1505. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
1506. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1507. NTUSER: /mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT
1508. *******************
1509.  
1510. reged version 0.1 110511, (c) Petter N Hagen
1511. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1512. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1513. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1514. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1515.  
1516. Exporting to file '/tmp/runRead.reg'...
1517. Exporting key 'Run' with 0 subkeys and 1 values...
1518. *******************
1519.  
1520. Fichero /tmp/runRead.reg
1521. Windows Registry Editor Version 5.00
1522.  
1523. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1524. "ctfmon.exe"=""
1525.  
1526. *******************
1527.  
1528. Fichero /tmp/runWrite.reg
1529. Windows Registry Editor Version 5.00
1530. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1531. "ctfmon.exe"=
1532. *******************
1533.  
1534. reged version 0.1 110511, (c) Petter N Hagen
1535. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1536. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1537. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1538. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1539.  
1540. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1541. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1542. 1 keys
1543. 0 new keys added
1544. 1 values total
1545.  
1546.  
1547. Hives that have changed:
1548. # Name
1549. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
1550. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1551. *******************
1552.  
1553. reged version 0.1 110511, (c) Petter N Hagen
1554. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1555. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1556. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1557. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1558.  
1559. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1560. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1561. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1562. 2 keys
1563. 0 new keys added
1564. 4 values total
1565.  
1566.  
1567. Hives that have changed:
1568. # Name
1569. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
1570. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1571. *******************
1572.  
1573. reged version 0.1 110511, (c) Petter N Hagen
1574. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
1575. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1576. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
1577. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
1578.  
1579. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1580. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1581. 1 keys
1582. 0 new keys added
1583. 2 values total
1584.  
1585.  
1586. Hives that have changed:
1587. # Name
1588. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
1589. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1590. NTUSER: /mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat
1591. *******************
1592.  
1593. reged version 0.1 110511, (c) Petter N Hagen
1594. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1595. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1596. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1597. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1598.  
1599. Exporting to file '/tmp/runRead.reg'...
1600. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
1601. *******************
1602.  
1603. Fichero /tmp/runRead.reg
1604. Windows Registry Editor Version 5.00
1605.  
1606. *******************
1607.  
1608. Fichero /tmp/runWrite.reg
1609. Windows Registry Editor Version 5.00
1610. *******************
1611.  
1612. reged version 0.1 110511, (c) Petter N Hagen
1613. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1614. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1615. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1616. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1617.  
1618.  
1619. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1620. 0 keys
1621. 0 new keys added
1622. 0 values total
1623.  
1624.  
1625. Hives that have changed:
1626. # Name
1627. None!
1628.  
1629. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1630. *******************
1631.  
1632. reged version 0.1 110511, (c) Petter N Hagen
1633. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1634. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1635. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1636. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1637.  
1638. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1639. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1640. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1641. 2 keys
1642. 0 new keys added
1643. 4 values total
1644.  
1645.  
1646. Hives that have changed:
1647. # Name
1648. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
1649. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1650. *******************
1651.  
1652. reged version 0.1 110511, (c) Petter N Hagen
1653. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
1654. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1655. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
1656. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
1657.  
1658. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1659. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1660. 1 keys
1661. 0 new keys added
1662. 2 values total
1663.  
1664.  
1665. Hives that have changed:
1666. # Name
1667. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
1668. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1669. NTUSER: /mnt/sda1/WINDOWS/repair/ntuser.dat
1670. *******************
1671.  
1672. reged version 0.1 110511, (c) Petter N Hagen
1673. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1674. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1675. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1676. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1677.  
1678. Exporting to file '/tmp/runRead.reg'...
1679. Exporting key 'Run' with 0 subkeys and 1 values...
1680. *******************
1681.  
1682. Fichero /tmp/runRead.reg
1683. Windows Registry Editor Version 5.00
1684.  
1685. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1686. "CTFMON.EXE"=""
1687.  
1688. *******************
1689.  
1690. Fichero /tmp/runWrite.reg
1691. Windows Registry Editor Version 5.00
1692. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
1693. "CTFMON.EXE"=
1694. *******************
1695.  
1696. reged version 0.1 110511, (c) Petter N Hagen
1697. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1698. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1699. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1700. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1701.  
1702. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1703. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1704. 1 keys
1705. 0 new keys added
1706. 1 values total
1707.  
1708.  
1709. Hives that have changed:
1710. # Name
1711. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
1712. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1713. *******************
1714.  
1715. reged version 0.1 110511, (c) Petter N Hagen
1716. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1717. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1718. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1719. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1720.  
1721. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1722. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1723. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1724. 2 keys
1725. 0 new keys added
1726. 4 values total
1727.  
1728.  
1729. Hives that have changed:
1730. # Name
1731. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
1732. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1733. *******************
1734.  
1735. reged version 0.1 110511, (c) Petter N Hagen
1736. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
1737. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1738. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1739. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
1740.  
1741. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1742. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1743. 1 keys
1744. 0 new keys added
1745. 2 values total
1746.  
1747.  
1748. Hives that have changed:
1749. # Name
1750. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
1751. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1752. User: S-1-5-21-606747145-746137067-682003330-1003
1753. NTUSER: /mnt/sda1/Documents and Settings/Default User/NTUSER.DAT
1754. *******************
1755.  
1756. reged version 0.1 110511, (c) Petter N Hagen
1757. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1758. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1759. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1760. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1761.  
1762. Exporting to file '/tmp/runRead.reg'...
1763. Exporting key 'Run' with 0 subkeys and 1 values...
1764. *******************
1765.  
1766. Fichero /tmp/runRead.reg
1767. Windows Registry Editor Version 5.00
1768.  
1769. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
1770. "CTFMON.EXE"=""
1771.  
1772. *******************
1773.  
1774. Fichero /tmp/runWrite.reg
1775. Windows Registry Editor Version 5.00
1776. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
1777. "CTFMON.EXE"=
1778. *******************
1779.  
1780. reged version 0.1 110511, (c) Petter N Hagen
1781. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1782. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1783. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1784. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1785.  
1786. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1787. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1788. 1 keys
1789. 0 new keys added
1790. 1 values total
1791.  
1792.  
1793. Hives that have changed:
1794. # Name
1795. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
1796. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1797. *******************
1798.  
1799. reged version 0.1 110511, (c) Petter N Hagen
1800. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1801. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1802. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1803. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1804.  
1805. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1806. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1807. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1808. 2 keys
1809. 0 new keys added
1810. 4 values total
1811.  
1812.  
1813. Hives that have changed:
1814. # Name
1815. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
1816. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1817. *******************
1818.  
1819. reged version 0.1 110511, (c) Petter N Hagen
1820. Hive </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
1821. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1822. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
1823. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
1824.  
1825. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1826. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1827. 1 keys
1828. 0 new keys added
1829. 2 values total
1830.  
1831.  
1832. Hives that have changed:
1833. # Name
1834. 0 </mnt/sda1/Documents and Settings/Default User/NTUSER.DAT> - OK
1835. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1836. NTUSER: /mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT
1837. *******************
1838.  
1839. reged version 0.1 110511, (c) Petter N Hagen
1840. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1841. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1842. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1843. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1844.  
1845. Exporting to file '/tmp/runRead.reg'...
1846. Exporting key 'Run' with 0 subkeys and 1 values...
1847. *******************
1848.  
1849. Fichero /tmp/runRead.reg
1850. Windows Registry Editor Version 5.00
1851.  
1852. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
1853. "CTFMON.EXE"=""
1854.  
1855. *******************
1856.  
1857. Fichero /tmp/runWrite.reg
1858. Windows Registry Editor Version 5.00
1859. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
1860. "CTFMON.EXE"=
1861. *******************
1862.  
1863. reged version 0.1 110511, (c) Petter N Hagen
1864. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1865. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1866. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1867. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1868.  
1869. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1870. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1871. 1 keys
1872. 0 new keys added
1873. 1 values total
1874.  
1875.  
1876. Hives that have changed:
1877. # Name
1878. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
1879. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1880. *******************
1881.  
1882. reged version 0.1 110511, (c) Petter N Hagen
1883. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1884. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1885. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1886. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1887.  
1888. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1889. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1890. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1891. 2 keys
1892. 0 new keys added
1893. 4 values total
1894.  
1895.  
1896. Hives that have changed:
1897. # Name
1898. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
1899. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1900. *******************
1901.  
1902. reged version 0.1 110511, (c) Petter N Hagen
1903. Hive </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
1904. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1905. File size 262144 [40000] bytes, containing 57 pages (+ 1 headerpage)
1906. Used for data: 4163/230280 blocks/bytes, unused: 144/1368 blocks/bytes.
1907.  
1908. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1909. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1910. 1 keys
1911. 0 new keys added
1912. 2 values total
1913.  
1914.  
1915. Hives that have changed:
1916. # Name
1917. 0 </mnt/sda1/Documents and Settings/LocalService/NTUSER.DAT> - OK
1918. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
1919. NTUSER: /mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT
1920. *******************
1921.  
1922. reged version 0.1 110511, (c) Petter N Hagen
1923. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1924. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1925. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1926. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1927.  
1928. Exporting to file '/tmp/runRead.reg'...
1929. Exporting key 'Run' with 0 subkeys and 1 values...
1930. *******************
1931.  
1932. Fichero /tmp/runRead.reg
1933. Windows Registry Editor Version 5.00
1934.  
1935. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
1936. "CTFMON.EXE"=""
1937.  
1938. *******************
1939.  
1940. Fichero /tmp/runWrite.reg
1941. Windows Registry Editor Version 5.00
1942. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
1943. "CTFMON.EXE"=
1944. *******************
1945.  
1946. reged version 0.1 110511, (c) Petter N Hagen
1947. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1948. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1949. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1950. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1951.  
1952. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
1953. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
1954. 1 keys
1955. 0 new keys added
1956. 1 values total
1957.  
1958.  
1959. Hives that have changed:
1960. # Name
1961. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
1962. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
1963. *******************
1964.  
1965. reged version 0.1 110511, (c) Petter N Hagen
1966. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1967. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1968. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1969. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1970.  
1971. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
1972. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
1973. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1974. 2 keys
1975. 0 new keys added
1976. 4 values total
1977.  
1978.  
1979. Hives that have changed:
1980. # Name
1981. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
1982. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
1983. *******************
1984.  
1985. reged version 0.1 110511, (c) Petter N Hagen
1986. Hive </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
1987. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
1988. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
1989. Used for data: 4131/294808 blocks/bytes, unused: 133/2376 blocks/bytes.
1990.  
1991. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
1992. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
1993. 1 keys
1994. 0 new keys added
1995. 2 values total
1996.  
1997.  
1998. Hives that have changed:
1999. # Name
2000. 0 </mnt/sda1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
2001. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2002. NTUSER: /mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT
2003. *******************
2004.  
2005. reged version 0.1 110511, (c) Petter N Hagen
2006. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2007. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2008. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
2009. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
2010.  
2011. Exporting to file '/tmp/runRead.reg'...
2012. Exporting key 'Run' with 0 subkeys and 1 values...
2013. *******************
2014.  
2015. Fichero /tmp/runRead.reg
2016. Windows Registry Editor Version 5.00
2017.  
2018. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
2019. "ctfmon.exe"=""
2020.  
2021. *******************
2022.  
2023. Fichero /tmp/runWrite.reg
2024. Windows Registry Editor Version 5.00
2025. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
2026. "ctfmon.exe"=
2027. *******************
2028.  
2029. reged version 0.1 110511, (c) Petter N Hagen
2030. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2031. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2032. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
2033. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
2034.  
2035. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
2036. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2037. 1 keys
2038. 0 new keys added
2039. 1 values total
2040.  
2041.  
2042. Hives that have changed:
2043. # Name
2044. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
2045. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2046. *******************
2047.  
2048. reged version 0.1 110511, (c) Petter N Hagen
2049. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2050. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2051. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
2052. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
2053.  
2054. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
2055. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2056. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2057. 2 keys
2058. 0 new keys added
2059. 4 values total
2060.  
2061.  
2062. Hives that have changed:
2063. # Name
2064. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
2065. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2066. *******************
2067.  
2068. reged version 0.1 110511, (c) Petter N Hagen
2069. Hive </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2070. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2071. File size 6029312 [5c0000] bytes, containing 1100 pages (+ 1 headerpage)
2072. Used for data: 99154/5792328 blocks/bytes, unused: 6567/140344 blocks/bytes.
2073.  
2074. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
2075. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2076. 1 keys
2077. 0 new keys added
2078. 2 values total
2079.  
2080.  
2081. Hives that have changed:
2082. # Name
2083. 0 </mnt/sda1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
2084. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2085. NTUSER: /mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat
2086. *******************
2087.  
2088. reged version 0.1 110511, (c) Petter N Hagen
2089. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2090. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2091. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2092. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
2093.  
2094. Exporting to file '/tmp/runRead.reg'...
2095. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
2096. *******************
2097.  
2098. Fichero /tmp/runRead.reg
2099. Windows Registry Editor Version 5.00
2100.  
2101. *******************
2102.  
2103. Fichero /tmp/runWrite.reg
2104. Windows Registry Editor Version 5.00
2105. *******************
2106.  
2107. reged version 0.1 110511, (c) Petter N Hagen
2108. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2109. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2110. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2111. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
2112.  
2113.  
2114. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2115. 0 keys
2116. 0 new keys added
2117. 0 values total
2118.  
2119.  
2120. Hives that have changed:
2121. # Name
2122. None!
2123.  
2124. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2125. *******************
2126.  
2127. reged version 0.1 110511, (c) Petter N Hagen
2128. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2129. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2130. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2131. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
2132.  
2133. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
2134. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2135. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2136. 2 keys
2137. 0 new keys added
2138. 4 values total
2139.  
2140.  
2141. Hives that have changed:
2142. # Name
2143. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
2144. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2145. *******************
2146.  
2147. reged version 0.1 110511, (c) Petter N Hagen
2148. Hive </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2149. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2150. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2151. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
2152.  
2153. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
2154. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2155. 1 keys
2156. 0 new keys added
2157. 2 values total
2158.  
2159.  
2160. Hives that have changed:
2161. # Name
2162. 0 </mnt/sda1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
2163. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2164. NTUSER: /mnt/sda1/WINDOWS/repair/ntuser.dat
2165. *******************
2166.  
2167. reged version 0.1 110511, (c) Petter N Hagen
2168. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
2169. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2170. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2171. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
2172.  
2173. Exporting to file '/tmp/runRead.reg'...
2174. Exporting key 'Run' with 0 subkeys and 1 values...
2175. *******************
2176.  
2177. Fichero /tmp/runRead.reg
2178. Windows Registry Editor Version 5.00
2179.  
2180. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
2181. "CTFMON.EXE"=""
2182.  
2183. *******************
2184.  
2185. Fichero /tmp/runWrite.reg
2186. Windows Registry Editor Version 5.00
2187. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
2188. "CTFMON.EXE"=
2189. *******************
2190.  
2191. reged version 0.1 110511, (c) Petter N Hagen
2192. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
2193. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2194. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2195. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
2196.  
2197. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
2198. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2199. 1 keys
2200. 0 new keys added
2201. 1 values total
2202.  
2203.  
2204. Hives that have changed:
2205. # Name
2206. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
2207. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2208. *******************
2209.  
2210. reged version 0.1 110511, (c) Petter N Hagen
2211. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
2212. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2213. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2214. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
2215.  
2216. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
2217. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2218. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2219. 2 keys
2220. 0 new keys added
2221. 4 values total
2222.  
2223.  
2224. Hives that have changed:
2225. # Name
2226. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
2227. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2228. *******************
2229.  
2230. reged version 0.1 110511, (c) Petter N Hagen
2231. Hive </mnt/sda1/WINDOWS/repair/ntuser.dat> name (from header): <>
2232. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2233. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2234. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
2235.  
2236. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
2237. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2238. 1 keys
2239. 0 new keys added
2240. 2 values total
2241.  
2242.  
2243. Hives that have changed:
2244. # Name
2245. 0 </mnt/sda1/WINDOWS/repair/ntuser.dat> - OK
2246. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2247. Done!!
2248.  
2249.  
2250. Looking for in: /mnt/sda1/WINDOWS/system32/config/system
2251. Found!!
2252. Applying system disinfection!!
2253. *******************
2254.  
2255. reged version 0.1 110511, (c) Petter N Hagen
2256. Hive <./mnt/sda1/WINDOWS/system32/config/system> name (from header): <SYSTEM>
2257. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2258. File size 5242880 [500000] bytes, containing 1241 pages (+ 1 headerpage)
2259. Used for data: 89253/5166080 blocks/bytes, unused: 2140/24800 blocks/bytes.
2260.  
2261. Exporting to file '/tmp/runRead.reg'...
2262. Exporting key 'Select' with 0 subkeys and 4 values...
2263. *******************
2264.  
2265. reged version 0.1 110511, (c) Petter N Hagen
2266. Hive <./mnt/sda1/WINDOWS/system32/config/system> name (from header): <SYSTEM>
2267. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2268. File size 5242880 [500000] bytes, containing 1241 pages (+ 1 headerpage)
2269. Used for data: 89253/5166080 blocks/bytes, unused: 2140/24800 blocks/bytes.
2270.  
2271. --- Import KEY <\ControlSet001\Control\SafeBoot>
2272. END OF IMPORT, file </root/policeSafeBoot.reg>, operation SUCCEEDED!
2273. 1 keys
2274. 0 new keys added
2275. 0 values total
2276.  
2277.  
2278. Hives that have changed:
2279. # Name
2280. None!
2281.  
2282. Modificadas claves HKLM\SYSTEM\ControlSet001\Control\SafeBoot | AlternateShell
2283. Done!!
2284.  
2285.  
2286. Looking for in: /mnt/sda5/WINDOWS/system32/config/software
2287. Looking for in: /mnt/sda5/WINDOWS/system32/config/system
2288. Looking for in: /mnt/sdb1/WINDOWS/system32/config/software
2289. Found!!
2290. Applying generic disinfection!!
2291. *******************
2292.  
2293. reged version 0.1 110511, (c) Petter N Hagen
2294. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2295. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2296. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2297. Used for data: 590036/32784304 blocks/bytes, unused: 3961/79568 blocks/bytes.
2298.  
2299. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
2300. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
2301. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
2302. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
2303. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon> with 1 values.
2304. --- Import KEY <\Microsoft\Windows NT\CurrentVersion\Winlogon>
2305. END OF IMPORT, file </root/policeWinlogon.reg>, operation SUCCEEDED!
2306. 6 keys
2307. 0 new keys added
2308. 6 values total
2309.  
2310.  
2311. Hives that have changed:
2312. # Name
2313. 0 <./mnt/sdb1/WINDOWS/system32/config/software> - OK
2314. Modificadas claves HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | State | Userinit | Taskman | taskman
2315. *******************
2316.  
2317. reged version 0.1 110511, (c) Petter N Hagen
2318. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2319. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2320. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2321. Used for data: 590040/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2322.  
2323. --- Import KEY <\Microsoft\Windows\CurrentVersion\Explorer> with 1 values.
2324. --- Import KEY <\Microsoft\Windows\CurrentVersion\Explorer> with 1 values.
2325. --- Import KEY <\Microsoft\Windows\CurrentVersion\Explorer>
2326. END OF IMPORT, file </root/policeExplorer.reg>, operation SUCCEEDED!
2327. 3 keys
2328. 0 new keys added
2329. 3 values total
2330.  
2331.  
2332. Hives that have changed:
2333. # Name
2334. 0 <./mnt/sdb1/WINDOWS/system32/config/software> - OK
2335. Modificadas claves HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer | Expanded | Favorites | FullPath
2336. *******************
2337.  
2338.  
2339. ERROR: import_reg: failed to add (sub)key <explorer>
2340. reged version 0.1 110511, (c) Petter N Hagen
2341. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2342. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2343. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2344. Used for data: 590044/32784616 blocks/bytes, unused: 3960/79256 blocks/bytes.
2345.  
2346. --- Import KEY <\Microsoft\Windows\CurrentVersion\explorer> add_key: key explorer already exists!
2347.  
2348. END OF IMPORT, file </root/policeExplorerWvista.reg>, operation FAILED!
2349. 1 keys
2350. 0 new keys added
2351. 0 values total
2352.  
2353.  
2354. Hives that have changed:
2355. # Name
2356. None!
2357.  
2358. Modificadas claves HKLM\Software\Microsoft\Windows\CurrentVersion\explorer | Expanded | Favorites | FullPath
2359. *******************
2360.  
2361. reged version 0.1 110511, (c) Petter N Hagen
2362. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2363. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2364. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2365. Used for data: 590044/32784616 blocks/bytes, unused: 3960/79256 blocks/bytes.
2366.  
2367. Exporting to file '/tmp/runRead.reg'...
2368. Exporting key 'Run' with 0 subkeys and 1 values...
2369. *******************
2370.  
2371. Fichero /tmp/runRead.reg
2372. Windows Registry Editor Version 5.00
2373.  
2374. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
2375. "avgnt"="\"C:\\Archivos de programa\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
2376.  
2377. *******************
2378.  
2379. Fichero /tmp/runWrite.reg
2380. Windows Registry Editor Version 5.00
2381. [HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Run]
2382. "avgnt"=
2383. *******************
2384.  
2385. reged version 0.1 110511, (c) Petter N Hagen
2386. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2387. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2388. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2389. Used for data: 590044/32784616 blocks/bytes, unused: 3960/79256 blocks/bytes.
2390.  
2391. --- Import KEY <\Microsoft\Windows\CurrentVersion\Run>
2392. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2393. 1 keys
2394. 0 new keys added
2395. 1 values total
2396.  
2397.  
2398. Hives that have changed:
2399. # Name
2400. 0 <./mnt/sdb1/WINDOWS/system32/config/software> - OK
2401. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2402. *******************
2403.  
2404. reged version 0.1 110511, (c) Petter N Hagen
2405. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2406. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2407. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2408. Used for data: 590043/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2409.  
2410. Exporting to file '/tmp/runRead.reg'...
2411. export_subkey: Key 'Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' not found!
2412. *******************
2413.  
2414. Fichero /tmp/runRead.reg
2415. Windows Registry Editor Version 5.00
2416.  
2417. *******************
2418.  
2419. Fichero /tmp/runWrite.reg
2420. Windows Registry Editor Version 5.00
2421. *******************
2422.  
2423. reged version 0.1 110511, (c) Petter N Hagen
2424. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2425. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2426. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2427. Used for data: 590043/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2428.  
2429.  
2430. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2431. 0 keys
2432. 0 new keys added
2433. 0 values total
2434.  
2435.  
2436. Hives that have changed:
2437. # Name
2438. None!
2439.  
2440. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Todos los valores a vacio
2441. *******************
2442.  
2443. reged version 0.1 110511, (c) Petter N Hagen
2444. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2445. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2446. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2447. Used for data: 590043/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2448.  
2449. Exporting to file '/tmp/runRead.reg'...
2450. export_subkey: Key 'Microsoft\Windows\CurrentVersion\policies\Explorer\Run' not found!
2451. *******************
2452.  
2453. Fichero /tmp/runRead.reg
2454. Windows Registry Editor Version 5.00
2455.  
2456. *******************
2457.  
2458. Fichero /tmp/runWrite.reg
2459. Windows Registry Editor Version 5.00
2460. *******************
2461.  
2462. reged version 0.1 110511, (c) Petter N Hagen
2463. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2464. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2465. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2466. Used for data: 590043/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2467.  
2468.  
2469. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2470. 0 keys
2471. 0 new keys added
2472. 0 values total
2473.  
2474.  
2475. Hives that have changed:
2476. # Name
2477. None!
2478.  
2479. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Todos los valores a vacio
2480. *******************
2481.  
2482. reged version 0.1 110511, (c) Petter N Hagen
2483. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2484. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2485. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2486. Used for data: 590043/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2487.  
2488. Exporting to file '/tmp/runRead.reg'...
2489. export_subkey: Key 'Microsoft\Shared Tools\MSConfig\startupfolder' not found!
2490. *******************
2491.  
2492. Fichero /tmp/runRead.reg
2493. Windows Registry Editor Version 5.00
2494.  
2495. *******************
2496.  
2497. Fichero /tmp/runWrite.reg
2498. Windows Registry Editor Version 5.00
2499. *******************
2500.  
2501. reged version 0.1 110511, (c) Petter N Hagen
2502. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2503. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2504. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2505. Used for data: 590043/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2506.  
2507.  
2508. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2509. 0 keys
2510. 0 new keys added
2511. 0 values total
2512.  
2513.  
2514. Hives that have changed:
2515. # Name
2516. None!
2517.  
2518. Modificada clave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder | Todos los valores a vacio
2519. Applying user disinfection!!
2520. This step may take a while depending on the size of your hard disk!!
2521. *******************
2522.  
2523. reged version 0.1 110511, (c) Petter N Hagen
2524. Hive <./mnt/sdb1/WINDOWS/system32/config/software> name (from header): <emRoot\System32\Config\SOFTWARE>
2525. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2526. File size 33292288 [1fc0000] bytes, containing 7756 pages (+ 1 headerpage)
2527. Used for data: 590043/32784480 blocks/bytes, unused: 3961/79392 blocks/bytes.
2528.  
2529. Exporting to file '/tmp/users.reg'...
2530. Exporting key 'ProfileList' with 4 subkeys and 3 values...
2531. Exporting key 'S-1-5-18' with 0 subkeys and 5 values...
2532. Exporting key 'S-1-5-19' with 0 subkeys and 8 values...
2533. Exporting key 'S-1-5-20' with 0 subkeys and 8 values...
2534. Exporting key 'S-1-5-21-606747145-746137067-682003330-1003' with 0 subkeys and 10 values...
2535. User: S-1-5-18
2536. NTUSER: /mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT
2537. *******************
2538.  
2539. reged version 0.1 110511, (c) Petter N Hagen
2540. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
2541. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2542. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2543. Used for data: 4190/234832 blocks/bytes, unused: 126/4944 blocks/bytes.
2544.  
2545. Exporting to file '/tmp/runRead.reg'...
2546. Exporting key 'Run' with 0 subkeys and 1 values...
2547. *******************
2548.  
2549. Fichero /tmp/runRead.reg
2550. Windows Registry Editor Version 5.00
2551.  
2552. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2553. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
2554.  
2555. *******************
2556.  
2557. Fichero /tmp/runWrite.reg
2558. Windows Registry Editor Version 5.00
2559. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2560. "CTFMON.EXE"=
2561. *******************
2562.  
2563. reged version 0.1 110511, (c) Petter N Hagen
2564. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
2565. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2566. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2567. Used for data: 4190/234832 blocks/bytes, unused: 126/4944 blocks/bytes.
2568.  
2569. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
2570. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2571. 1 keys
2572. 0 new keys added
2573. 1 values total
2574.  
2575.  
2576. Hives that have changed:
2577. # Name
2578. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
2579. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2580. *******************
2581.  
2582. reged version 0.1 110511, (c) Petter N Hagen
2583. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
2584. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2585. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2586. Used for data: 4189/234760 blocks/bytes, unused: 127/5016 blocks/bytes.
2587.  
2588. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
2589. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2590. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2591. 2 keys
2592. 0 new keys added
2593. 4 values total
2594.  
2595.  
2596. Hives that have changed:
2597. # Name
2598. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
2599. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2600. *******************
2601.  
2602. reged version 0.1 110511, (c) Petter N Hagen
2603. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
2604. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2605. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
2606. Used for data: 4193/234936 blocks/bytes, unused: 129/4840 blocks/bytes.
2607.  
2608. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
2609. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2610. 1 keys
2611. 0 new keys added
2612. 2 values total
2613.  
2614.  
2615. Hives that have changed:
2616. # Name
2617. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
2618. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2619. NTUSER: /mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT
2620. *******************
2621.  
2622. reged version 0.1 110511, (c) Petter N Hagen
2623. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
2624. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2625. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
2626. Used for data: 4163/230672 blocks/bytes, unused: 139/5040 blocks/bytes.
2627.  
2628. Exporting to file '/tmp/runRead.reg'...
2629. Exporting key 'Run' with 0 subkeys and 1 values...
2630. *******************
2631.  
2632. Fichero /tmp/runRead.reg
2633. Windows Registry Editor Version 5.00
2634.  
2635. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2636. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
2637.  
2638. *******************
2639.  
2640. Fichero /tmp/runWrite.reg
2641. Windows Registry Editor Version 5.00
2642. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2643. "CTFMON.EXE"=
2644. *******************
2645.  
2646. reged version 0.1 110511, (c) Petter N Hagen
2647. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
2648. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2649. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
2650. Used for data: 4163/230672 blocks/bytes, unused: 139/5040 blocks/bytes.
2651.  
2652. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
2653. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2654. 1 keys
2655. 0 new keys added
2656. 1 values total
2657.  
2658.  
2659. Hives that have changed:
2660. # Name
2661. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
2662. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2663. *******************
2664.  
2665. reged version 0.1 110511, (c) Petter N Hagen
2666. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
2667. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2668. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
2669. Used for data: 4162/230600 blocks/bytes, unused: 140/5112 blocks/bytes.
2670.  
2671. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
2672. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2673. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2674. 2 keys
2675. 0 new keys added
2676. 4 values total
2677.  
2678.  
2679. Hives that have changed:
2680. # Name
2681. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
2682. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2683. *******************
2684.  
2685. reged version 0.1 110511, (c) Petter N Hagen
2686. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
2687. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2688. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
2689. Used for data: 4166/230776 blocks/bytes, unused: 142/4936 blocks/bytes.
2690.  
2691. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
2692. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2693. 1 keys
2694. 0 new keys added
2695. 2 values total
2696.  
2697.  
2698. Hives that have changed:
2699. # Name
2700. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
2701. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2702. NTUSER: /mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT
2703. *******************
2704.  
2705. reged version 0.1 110511, (c) Petter N Hagen
2706. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
2707. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2708. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
2709. Used for data: 4131/295200 blocks/bytes, unused: 139/1984 blocks/bytes.
2710.  
2711. Exporting to file '/tmp/runRead.reg'...
2712. Exporting key 'Run' with 0 subkeys and 1 values...
2713. *******************
2714.  
2715. Fichero /tmp/runRead.reg
2716. Windows Registry Editor Version 5.00
2717.  
2718. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2719. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
2720.  
2721. *******************
2722.  
2723. Fichero /tmp/runWrite.reg
2724. Windows Registry Editor Version 5.00
2725. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2726. "CTFMON.EXE"=
2727. *******************
2728.  
2729. reged version 0.1 110511, (c) Petter N Hagen
2730. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
2731. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2732. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
2733. Used for data: 4131/295200 blocks/bytes, unused: 139/1984 blocks/bytes.
2734.  
2735. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
2736. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2737. 1 keys
2738. 0 new keys added
2739. 1 values total
2740.  
2741.  
2742. Hives that have changed:
2743. # Name
2744. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
2745. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2746. *******************
2747.  
2748. reged version 0.1 110511, (c) Petter N Hagen
2749. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
2750. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2751. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
2752. Used for data: 4130/295128 blocks/bytes, unused: 140/2056 blocks/bytes.
2753.  
2754. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
2755. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2756. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2757. 2 keys
2758. 0 new keys added
2759. 4 values total
2760.  
2761.  
2762. Hives that have changed:
2763. # Name
2764. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
2765. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2766. *******************
2767.  
2768. reged version 0.1 110511, (c) Petter N Hagen
2769. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
2770. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2771. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
2772. Used for data: 4134/295304 blocks/bytes, unused: 140/1880 blocks/bytes.
2773.  
2774. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
2775. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2776. 1 keys
2777. 0 new keys added
2778. 2 values total
2779.  
2780.  
2781. Hives that have changed:
2782. # Name
2783. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
2784. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2785. NTUSER: /mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT
2786. *******************
2787.  
2788. reged version 0.1 110511, (c) Petter N Hagen
2789. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2790. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2791. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
2792. Used for data: 103925/5499760 blocks/bytes, unused: 8508/134480 blocks/bytes.
2793.  
2794. Exporting to file '/tmp/runRead.reg'...
2795. Exporting key 'Run' with 0 subkeys and 1 values...
2796. *******************
2797.  
2798. Fichero /tmp/runRead.reg
2799. Windows Registry Editor Version 5.00
2800.  
2801. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2802. "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
2803.  
2804. *******************
2805.  
2806. Fichero /tmp/runWrite.reg
2807. Windows Registry Editor Version 5.00
2808. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2809. "ctfmon.exe"=
2810. *******************
2811.  
2812. reged version 0.1 110511, (c) Petter N Hagen
2813. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2814. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2815. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
2816. Used for data: 103925/5499760 blocks/bytes, unused: 8508/134480 blocks/bytes.
2817.  
2818. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
2819. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2820. 1 keys
2821. 0 new keys added
2822. 1 values total
2823.  
2824.  
2825. Hives that have changed:
2826. # Name
2827. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
2828. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2829. *******************
2830.  
2831. reged version 0.1 110511, (c) Petter N Hagen
2832. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2833. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2834. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
2835. Used for data: 103924/5499688 blocks/bytes, unused: 8509/134552 blocks/bytes.
2836.  
2837. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
2838. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2839. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2840. 2 keys
2841. 0 new keys added
2842. 4 values total
2843.  
2844.  
2845. Hives that have changed:
2846. # Name
2847. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
2848. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2849. *******************
2850.  
2851. reged version 0.1 110511, (c) Petter N Hagen
2852. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
2853. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2854. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
2855. Used for data: 103928/5499864 blocks/bytes, unused: 8511/134376 blocks/bytes.
2856.  
2857. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
2858. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2859. 1 keys
2860. 0 new keys added
2861. 2 values total
2862.  
2863.  
2864. Hives that have changed:
2865. # Name
2866. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
2867. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2868. NTUSER: /mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat
2869. *******************
2870.  
2871. reged version 0.1 110511, (c) Petter N Hagen
2872. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2873. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2874. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2875. Used for data: 2/264 blocks/bytes, unused: 1/3800 blocks/bytes.
2876.  
2877. Exporting to file '/tmp/runRead.reg'...
2878. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
2879. *******************
2880.  
2881. Fichero /tmp/runRead.reg
2882. Windows Registry Editor Version 5.00
2883.  
2884. *******************
2885.  
2886. Fichero /tmp/runWrite.reg
2887. Windows Registry Editor Version 5.00
2888. *******************
2889.  
2890. reged version 0.1 110511, (c) Petter N Hagen
2891. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2892. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2893. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2894. Used for data: 2/264 blocks/bytes, unused: 1/3800 blocks/bytes.
2895.  
2896.  
2897. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2898. 0 keys
2899. 0 new keys added
2900. 0 values total
2901.  
2902.  
2903. Hives that have changed:
2904. # Name
2905. None!
2906.  
2907. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2908. *******************
2909.  
2910. reged version 0.1 110511, (c) Petter N Hagen
2911. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2912. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2913. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2914. Used for data: 2/264 blocks/bytes, unused: 1/3800 blocks/bytes.
2915.  
2916. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> [added <Software>] [added <Microsoft>] [added <Windows NT>] [added <CurrentVersion>] [added <Winlogon>] with 2 values.
2917. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
2918. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2919. 2 keys
2920. 5 new keys added
2921. 4 values total
2922.  
2923.  
2924. Hives that have changed:
2925. # Name
2926. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
2927. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
2928. *******************
2929.  
2930. reged version 0.1 110511, (c) Petter N Hagen
2931. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
2932. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2933. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
2934. Used for data: 17/1056 blocks/bytes, unused: 4/3008 blocks/bytes.
2935.  
2936. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows> [added <Windows>]
2937. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
2938. 1 keys
2939. 1 new keys added
2940. 2 values total
2941.  
2942.  
2943. Hives that have changed:
2944. # Name
2945. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
2946. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
2947. NTUSER: /mnt/sdb1/WINDOWS/repair/ntuser.dat
2948. *******************
2949.  
2950. reged version 0.1 110511, (c) Petter N Hagen
2951. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
2952. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2953. File size 241664 [3b000] bytes, containing 58 pages (+ 1 headerpage)
2954. Used for data: 4185/234472 blocks/bytes, unused: 127/1240 blocks/bytes.
2955.  
2956. Exporting to file '/tmp/runRead.reg'...
2957. Exporting key 'Run' with 0 subkeys and 1 values...
2958. *******************
2959.  
2960. Fichero /tmp/runRead.reg
2961. Windows Registry Editor Version 5.00
2962.  
2963. [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2964. "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
2965.  
2966. *******************
2967.  
2968. Fichero /tmp/runWrite.reg
2969. Windows Registry Editor Version 5.00
2970. [HKEY_USERSS-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
2971. "CTFMON.EXE"=
2972. *******************
2973.  
2974. reged version 0.1 110511, (c) Petter N Hagen
2975. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
2976. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2977. File size 241664 [3b000] bytes, containing 58 pages (+ 1 headerpage)
2978. Used for data: 4185/234472 blocks/bytes, unused: 127/1240 blocks/bytes.
2979.  
2980. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
2981. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
2982. 1 keys
2983. 0 new keys added
2984. 1 values total
2985.  
2986.  
2987. Hives that have changed:
2988. # Name
2989. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
2990. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
2991. *******************
2992.  
2993. reged version 0.1 110511, (c) Petter N Hagen
2994. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
2995. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
2996. File size 241664 [3b000] bytes, containing 58 pages (+ 1 headerpage)
2997. Used for data: 4184/234400 blocks/bytes, unused: 128/1312 blocks/bytes.
2998.  
2999. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3000. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> alloc_block: failed to alloc 40 bytes, trying to expand hive..
3001. add_bin: request size = 40 [28], rounded to 4096 [1000]
3002. add_bin: old buffer size = 241664 [3b000]
3003. add_bin: firs nonbin off = 241664 [3b000]
3004. add_bin: free at end = 0 [0]
3005. add_bin: new buffer size = 262144 [40000]
3006. add_bin: adjusting size field in REGF: 241664 [3b000]
3007.  
3008. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3009. 2 keys
3010. 0 new keys added
3011. 4 values total
3012.  
3013.  
3014. Hives that have changed:
3015. # Name
3016. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK WARNING: File was expanded! Experimental! Use at own risk!
3017.  
3018. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3019. *******************
3020.  
3021. reged version 0.1 110511, (c) Petter N Hagen
3022. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3023. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3024. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3025. Used for data: 4188/234584 blocks/bytes, unused: 131/5192 blocks/bytes.
3026.  
3027. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3028. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3029. 1 keys
3030. 0 new keys added
3031. 2 values total
3032.  
3033.  
3034. Hives that have changed:
3035. # Name
3036. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
3037. Modificada clave HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3038. User: S-1-5-19
3039. NTUSER: /mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT
3040. *******************
3041.  
3042. reged version 0.1 110511, (c) Petter N Hagen
3043. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3044. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3045. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3046. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3047.  
3048. Exporting to file '/tmp/runRead.reg'...
3049. Exporting key 'Run' with 0 subkeys and 1 values...
3050. *******************
3051.  
3052. Fichero /tmp/runRead.reg
3053. Windows Registry Editor Version 5.00
3054.  
3055. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3056. "CTFMON.EXE"=""
3057.  
3058. *******************
3059.  
3060. Fichero /tmp/runWrite.reg
3061. Windows Registry Editor Version 5.00
3062. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3063. "CTFMON.EXE"=
3064. *******************
3065.  
3066. reged version 0.1 110511, (c) Petter N Hagen
3067. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3068. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3069. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3070. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3071.  
3072. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3073. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3074. 1 keys
3075. 0 new keys added
3076. 1 values total
3077.  
3078.  
3079. Hives that have changed:
3080. # Name
3081. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
3082. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3083. *******************
3084.  
3085. reged version 0.1 110511, (c) Petter N Hagen
3086. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3087. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3088. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3089. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3090.  
3091. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3092. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3093. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3094. 2 keys
3095. 0 new keys added
3096. 4 values total
3097.  
3098.  
3099. Hives that have changed:
3100. # Name
3101. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
3102. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3103. *******************
3104.  
3105. reged version 0.1 110511, (c) Petter N Hagen
3106. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3107. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3108. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3109. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3110.  
3111. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3112. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3113. 1 keys
3114. 0 new keys added
3115. 2 values total
3116.  
3117.  
3118. Hives that have changed:
3119. # Name
3120. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
3121. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3122. NTUSER: /mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT
3123. *******************
3124.  
3125. reged version 0.1 110511, (c) Petter N Hagen
3126. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3127. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3128. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3129. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3130.  
3131. Exporting to file '/tmp/runRead.reg'...
3132. Exporting key 'Run' with 0 subkeys and 1 values...
3133. *******************
3134.  
3135. Fichero /tmp/runRead.reg
3136. Windows Registry Editor Version 5.00
3137.  
3138. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3139. "CTFMON.EXE"=""
3140.  
3141. *******************
3142.  
3143. Fichero /tmp/runWrite.reg
3144. Windows Registry Editor Version 5.00
3145. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3146. "CTFMON.EXE"=
3147. *******************
3148.  
3149. reged version 0.1 110511, (c) Petter N Hagen
3150. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3151. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3152. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3153. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3154.  
3155. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3156. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3157. 1 keys
3158. 0 new keys added
3159. 1 values total
3160.  
3161.  
3162. Hives that have changed:
3163. # Name
3164. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
3165. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3166. *******************
3167.  
3168. reged version 0.1 110511, (c) Petter N Hagen
3169. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3170. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3171. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3172. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3173.  
3174. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3175. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3176. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3177. 2 keys
3178. 0 new keys added
3179. 4 values total
3180.  
3181.  
3182. Hives that have changed:
3183. # Name
3184. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
3185. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3186. *******************
3187.  
3188. reged version 0.1 110511, (c) Petter N Hagen
3189. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3190. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3191. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3192. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3193.  
3194. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3195. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3196. 1 keys
3197. 0 new keys added
3198. 2 values total
3199.  
3200.  
3201. Hives that have changed:
3202. # Name
3203. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
3204. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3205. NTUSER: /mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT
3206. *******************
3207.  
3208. reged version 0.1 110511, (c) Petter N Hagen
3209. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3210. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3211. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3212. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3213.  
3214. Exporting to file '/tmp/runRead.reg'...
3215. Exporting key 'Run' with 0 subkeys and 1 values...
3216. *******************
3217.  
3218. Fichero /tmp/runRead.reg
3219. Windows Registry Editor Version 5.00
3220.  
3221. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3222. "CTFMON.EXE"=""
3223.  
3224. *******************
3225.  
3226. Fichero /tmp/runWrite.reg
3227. Windows Registry Editor Version 5.00
3228. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3229. "CTFMON.EXE"=
3230. *******************
3231.  
3232. reged version 0.1 110511, (c) Petter N Hagen
3233. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3234. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3235. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3236. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3237.  
3238. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3239. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3240. 1 keys
3241. 0 new keys added
3242. 1 values total
3243.  
3244.  
3245. Hives that have changed:
3246. # Name
3247. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
3248. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3249. *******************
3250.  
3251. reged version 0.1 110511, (c) Petter N Hagen
3252. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3253. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3254. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3255. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3256.  
3257. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3258. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3259. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3260. 2 keys
3261. 0 new keys added
3262. 4 values total
3263.  
3264.  
3265. Hives that have changed:
3266. # Name
3267. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
3268. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3269. *******************
3270.  
3271. reged version 0.1 110511, (c) Petter N Hagen
3272. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3273. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3274. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3275. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3276.  
3277. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3278. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3279. 1 keys
3280. 0 new keys added
3281. 2 values total
3282.  
3283.  
3284. Hives that have changed:
3285. # Name
3286. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
3287. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3288. NTUSER: /mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT
3289. *******************
3290.  
3291. reged version 0.1 110511, (c) Petter N Hagen
3292. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3293. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3294. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3295. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3296.  
3297. Exporting to file '/tmp/runRead.reg'...
3298. Exporting key 'Run' with 0 subkeys and 1 values...
3299. *******************
3300.  
3301. Fichero /tmp/runRead.reg
3302. Windows Registry Editor Version 5.00
3303.  
3304. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3305. "ctfmon.exe"=""
3306.  
3307. *******************
3308.  
3309. Fichero /tmp/runWrite.reg
3310. Windows Registry Editor Version 5.00
3311. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3312. "ctfmon.exe"=
3313. *******************
3314.  
3315. reged version 0.1 110511, (c) Petter N Hagen
3316. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3317. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3318. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3319. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3320.  
3321. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3322. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3323. 1 keys
3324. 0 new keys added
3325. 1 values total
3326.  
3327.  
3328. Hives that have changed:
3329. # Name
3330. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
3331. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3332. *******************
3333.  
3334. reged version 0.1 110511, (c) Petter N Hagen
3335. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3336. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3337. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3338. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3339.  
3340. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3341. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3342. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3343. 2 keys
3344. 0 new keys added
3345. 4 values total
3346.  
3347.  
3348. Hives that have changed:
3349. # Name
3350. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
3351. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3352. *******************
3353.  
3354. reged version 0.1 110511, (c) Petter N Hagen
3355. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3356. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3357. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3358. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3359.  
3360. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3361. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3362. 1 keys
3363. 0 new keys added
3364. 2 values total
3365.  
3366.  
3367. Hives that have changed:
3368. # Name
3369. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
3370. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3371. NTUSER: /mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat
3372. *******************
3373.  
3374. reged version 0.1 110511, (c) Petter N Hagen
3375. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3376. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3377. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3378. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3379.  
3380. Exporting to file '/tmp/runRead.reg'...
3381. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
3382. *******************
3383.  
3384. Fichero /tmp/runRead.reg
3385. Windows Registry Editor Version 5.00
3386.  
3387. *******************
3388.  
3389. Fichero /tmp/runWrite.reg
3390. Windows Registry Editor Version 5.00
3391. *******************
3392.  
3393. reged version 0.1 110511, (c) Petter N Hagen
3394. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3395. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3396. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3397. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3398.  
3399.  
3400. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3401. 0 keys
3402. 0 new keys added
3403. 0 values total
3404.  
3405.  
3406. Hives that have changed:
3407. # Name
3408. None!
3409.  
3410. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3411. *******************
3412.  
3413. reged version 0.1 110511, (c) Petter N Hagen
3414. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3415. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3416. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3417. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3418.  
3419. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3420. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3421. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3422. 2 keys
3423. 0 new keys added
3424. 4 values total
3425.  
3426.  
3427. Hives that have changed:
3428. # Name
3429. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
3430. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3431. *******************
3432.  
3433. reged version 0.1 110511, (c) Petter N Hagen
3434. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3435. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3436. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3437. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3438.  
3439. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3440. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3441. 1 keys
3442. 0 new keys added
3443. 2 values total
3444.  
3445.  
3446. Hives that have changed:
3447. # Name
3448. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
3449. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3450. NTUSER: /mnt/sdb1/WINDOWS/repair/ntuser.dat
3451. *******************
3452.  
3453. reged version 0.1 110511, (c) Petter N Hagen
3454. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3455. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3456. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3457. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
3458.  
3459. Exporting to file '/tmp/runRead.reg'...
3460. Exporting key 'Run' with 0 subkeys and 1 values...
3461. *******************
3462.  
3463. Fichero /tmp/runRead.reg
3464. Windows Registry Editor Version 5.00
3465.  
3466. [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3467. "CTFMON.EXE"=""
3468.  
3469. *******************
3470.  
3471. Fichero /tmp/runWrite.reg
3472. Windows Registry Editor Version 5.00
3473. [HKEY_USERSS-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
3474. "CTFMON.EXE"=
3475. *******************
3476.  
3477. reged version 0.1 110511, (c) Petter N Hagen
3478. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3479. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3480. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3481. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
3482.  
3483. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3484. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3485. 1 keys
3486. 0 new keys added
3487. 1 values total
3488.  
3489.  
3490. Hives that have changed:
3491. # Name
3492. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
3493. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3494. *******************
3495.  
3496. reged version 0.1 110511, (c) Petter N Hagen
3497. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3498. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3499. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3500. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
3501.  
3502. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3503. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3504. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3505. 2 keys
3506. 0 new keys added
3507. 4 values total
3508.  
3509.  
3510. Hives that have changed:
3511. # Name
3512. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
3513. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3514. *******************
3515.  
3516. reged version 0.1 110511, (c) Petter N Hagen
3517. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3518. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3519. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3520. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
3521.  
3522. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3523. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3524. 1 keys
3525. 0 new keys added
3526. 2 values total
3527.  
3528.  
3529. Hives that have changed:
3530. # Name
3531. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
3532. Modificada clave HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3533. User: S-1-5-20
3534. NTUSER: /mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT
3535. *******************
3536.  
3537. reged version 0.1 110511, (c) Petter N Hagen
3538. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3539. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3540. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3541. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3542.  
3543. Exporting to file '/tmp/runRead.reg'...
3544. Exporting key 'Run' with 0 subkeys and 1 values...
3545. *******************
3546.  
3547. Fichero /tmp/runRead.reg
3548. Windows Registry Editor Version 5.00
3549.  
3550. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3551. "CTFMON.EXE"=""
3552.  
3553. *******************
3554.  
3555. Fichero /tmp/runWrite.reg
3556. Windows Registry Editor Version 5.00
3557. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3558. "CTFMON.EXE"=
3559. *******************
3560.  
3561. reged version 0.1 110511, (c) Petter N Hagen
3562. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3563. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3564. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3565. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3566.  
3567. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3568. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3569. 1 keys
3570. 0 new keys added
3571. 1 values total
3572.  
3573.  
3574. Hives that have changed:
3575. # Name
3576. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
3577. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3578. *******************
3579.  
3580. reged version 0.1 110511, (c) Petter N Hagen
3581. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3582. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3583. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3584. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3585.  
3586. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3587. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3588. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3589. 2 keys
3590. 0 new keys added
3591. 4 values total
3592.  
3593.  
3594. Hives that have changed:
3595. # Name
3596. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
3597. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3598. *******************
3599.  
3600. reged version 0.1 110511, (c) Petter N Hagen
3601. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
3602. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3603. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3604. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
3605.  
3606. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3607. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3608. 1 keys
3609. 0 new keys added
3610. 2 values total
3611.  
3612.  
3613. Hives that have changed:
3614. # Name
3615. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
3616. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3617. NTUSER: /mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT
3618. *******************
3619.  
3620. reged version 0.1 110511, (c) Petter N Hagen
3621. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3622. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3623. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3624. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3625.  
3626. Exporting to file '/tmp/runRead.reg'...
3627. Exporting key 'Run' with 0 subkeys and 1 values...
3628. *******************
3629.  
3630. Fichero /tmp/runRead.reg
3631. Windows Registry Editor Version 5.00
3632.  
3633. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3634. "CTFMON.EXE"=""
3635.  
3636. *******************
3637.  
3638. Fichero /tmp/runWrite.reg
3639. Windows Registry Editor Version 5.00
3640. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3641. "CTFMON.EXE"=
3642. *******************
3643.  
3644. reged version 0.1 110511, (c) Petter N Hagen
3645. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3646. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3647. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3648. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3649.  
3650. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3651. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3652. 1 keys
3653. 0 new keys added
3654. 1 values total
3655.  
3656.  
3657. Hives that have changed:
3658. # Name
3659. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
3660. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3661. *******************
3662.  
3663. reged version 0.1 110511, (c) Petter N Hagen
3664. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3665. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3666. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3667. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3668.  
3669. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3670. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3671. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3672. 2 keys
3673. 0 new keys added
3674. 4 values total
3675.  
3676.  
3677. Hives that have changed:
3678. # Name
3679. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
3680. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3681. *******************
3682.  
3683. reged version 0.1 110511, (c) Petter N Hagen
3684. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
3685. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3686. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
3687. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
3688.  
3689. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3690. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3691. 1 keys
3692. 0 new keys added
3693. 2 values total
3694.  
3695.  
3696. Hives that have changed:
3697. # Name
3698. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
3699. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3700. NTUSER: /mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT
3701. *******************
3702.  
3703. reged version 0.1 110511, (c) Petter N Hagen
3704. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3705. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3706. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3707. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3708.  
3709. Exporting to file '/tmp/runRead.reg'...
3710. Exporting key 'Run' with 0 subkeys and 1 values...
3711. *******************
3712.  
3713. Fichero /tmp/runRead.reg
3714. Windows Registry Editor Version 5.00
3715.  
3716. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3717. "CTFMON.EXE"=""
3718.  
3719. *******************
3720.  
3721. Fichero /tmp/runWrite.reg
3722. Windows Registry Editor Version 5.00
3723. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3724. "CTFMON.EXE"=
3725. *******************
3726.  
3727. reged version 0.1 110511, (c) Petter N Hagen
3728. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3729. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3730. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3731. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3732.  
3733. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3734. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3735. 1 keys
3736. 0 new keys added
3737. 1 values total
3738.  
3739.  
3740. Hives that have changed:
3741. # Name
3742. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
3743. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3744. *******************
3745.  
3746. reged version 0.1 110511, (c) Petter N Hagen
3747. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3748. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3749. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3750. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3751.  
3752. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3753. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3754. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3755. 2 keys
3756. 0 new keys added
3757. 4 values total
3758.  
3759.  
3760. Hives that have changed:
3761. # Name
3762. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
3763. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3764. *******************
3765.  
3766. reged version 0.1 110511, (c) Petter N Hagen
3767. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
3768. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3769. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
3770. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
3771.  
3772. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3773. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3774. 1 keys
3775. 0 new keys added
3776. 2 values total
3777.  
3778.  
3779. Hives that have changed:
3780. # Name
3781. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
3782. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3783. NTUSER: /mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT
3784. *******************
3785.  
3786. reged version 0.1 110511, (c) Petter N Hagen
3787. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3788. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3789. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3790. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3791.  
3792. Exporting to file '/tmp/runRead.reg'...
3793. Exporting key 'Run' with 0 subkeys and 1 values...
3794. *******************
3795.  
3796. Fichero /tmp/runRead.reg
3797. Windows Registry Editor Version 5.00
3798.  
3799. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3800. "ctfmon.exe"=""
3801.  
3802. *******************
3803.  
3804. Fichero /tmp/runWrite.reg
3805. Windows Registry Editor Version 5.00
3806. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3807. "ctfmon.exe"=
3808. *******************
3809.  
3810. reged version 0.1 110511, (c) Petter N Hagen
3811. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3812. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3813. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3814. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3815.  
3816. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3817. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3818. 1 keys
3819. 0 new keys added
3820. 1 values total
3821.  
3822.  
3823. Hives that have changed:
3824. # Name
3825. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
3826. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3827. *******************
3828.  
3829. reged version 0.1 110511, (c) Petter N Hagen
3830. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3831. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3832. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3833. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3834.  
3835. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3836. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3837. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3838. 2 keys
3839. 0 new keys added
3840. 4 values total
3841.  
3842.  
3843. Hives that have changed:
3844. # Name
3845. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
3846. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3847. *******************
3848.  
3849. reged version 0.1 110511, (c) Petter N Hagen
3850. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
3851. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3852. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
3853. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
3854.  
3855. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3856. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3857. 1 keys
3858. 0 new keys added
3859. 2 values total
3860.  
3861.  
3862. Hives that have changed:
3863. # Name
3864. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
3865. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3866. NTUSER: /mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat
3867. *******************
3868.  
3869. reged version 0.1 110511, (c) Petter N Hagen
3870. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3871. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3872. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3873. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3874.  
3875. Exporting to file '/tmp/runRead.reg'...
3876. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
3877. *******************
3878.  
3879. Fichero /tmp/runRead.reg
3880. Windows Registry Editor Version 5.00
3881.  
3882. *******************
3883.  
3884. Fichero /tmp/runWrite.reg
3885. Windows Registry Editor Version 5.00
3886. *******************
3887.  
3888. reged version 0.1 110511, (c) Petter N Hagen
3889. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3890. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3891. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3892. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3893.  
3894.  
3895. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3896. 0 keys
3897. 0 new keys added
3898. 0 values total
3899.  
3900.  
3901. Hives that have changed:
3902. # Name
3903. None!
3904.  
3905. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3906. *******************
3907.  
3908. reged version 0.1 110511, (c) Petter N Hagen
3909. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3910. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3911. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3912. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3913.  
3914. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3915. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3916. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3917. 2 keys
3918. 0 new keys added
3919. 4 values total
3920.  
3921.  
3922. Hives that have changed:
3923. # Name
3924. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
3925. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
3926. *******************
3927.  
3928. reged version 0.1 110511, (c) Petter N Hagen
3929. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
3930. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3931. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
3932. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
3933.  
3934. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
3935. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
3936. 1 keys
3937. 0 new keys added
3938. 2 values total
3939.  
3940.  
3941. Hives that have changed:
3942. # Name
3943. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
3944. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
3945. NTUSER: /mnt/sdb1/WINDOWS/repair/ntuser.dat
3946. *******************
3947.  
3948. reged version 0.1 110511, (c) Petter N Hagen
3949. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3950. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3951. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3952. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
3953.  
3954. Exporting to file '/tmp/runRead.reg'...
3955. Exporting key 'Run' with 0 subkeys and 1 values...
3956. *******************
3957.  
3958. Fichero /tmp/runRead.reg
3959. Windows Registry Editor Version 5.00
3960.  
3961. [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3962. "CTFMON.EXE"=""
3963.  
3964. *******************
3965.  
3966. Fichero /tmp/runWrite.reg
3967. Windows Registry Editor Version 5.00
3968. [HKEY_USERSS-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
3969. "CTFMON.EXE"=
3970. *******************
3971.  
3972. reged version 0.1 110511, (c) Petter N Hagen
3973. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3974. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3975. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3976. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
3977.  
3978. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
3979. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
3980. 1 keys
3981. 0 new keys added
3982. 1 values total
3983.  
3984.  
3985. Hives that have changed:
3986. # Name
3987. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
3988. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
3989. *******************
3990.  
3991. reged version 0.1 110511, (c) Petter N Hagen
3992. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
3993. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
3994. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
3995. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
3996.  
3997. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
3998. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
3999. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4000. 2 keys
4001. 0 new keys added
4002. 4 values total
4003.  
4004.  
4005. Hives that have changed:
4006. # Name
4007. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
4008. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
4009. *******************
4010.  
4011. reged version 0.1 110511, (c) Petter N Hagen
4012. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
4013. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4014. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4015. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
4016.  
4017. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
4018. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4019. 1 keys
4020. 0 new keys added
4021. 2 values total
4022.  
4023.  
4024. Hives that have changed:
4025. # Name
4026. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
4027. Modificada clave HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
4028. User: S-1-5-21-606747145-746137067-682003330-1003
4029. NTUSER: /mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT
4030. *******************
4031.  
4032. reged version 0.1 110511, (c) Petter N Hagen
4033. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
4034. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4035. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4036. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
4037.  
4038. Exporting to file '/tmp/runRead.reg'...
4039. Exporting key 'Run' with 0 subkeys and 1 values...
4040. *******************
4041.  
4042. Fichero /tmp/runRead.reg
4043. Windows Registry Editor Version 5.00
4044.  
4045. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4046. "CTFMON.EXE"=""
4047.  
4048. *******************
4049.  
4050. Fichero /tmp/runWrite.reg
4051. Windows Registry Editor Version 5.00
4052. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4053. "CTFMON.EXE"=
4054. *******************
4055.  
4056. reged version 0.1 110511, (c) Petter N Hagen
4057. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
4058. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4059. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4060. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
4061.  
4062. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
4063. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
4064. 1 keys
4065. 0 new keys added
4066. 1 values total
4067.  
4068.  
4069. Hives that have changed:
4070. # Name
4071. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
4072. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
4073. *******************
4074.  
4075. reged version 0.1 110511, (c) Petter N Hagen
4076. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
4077. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4078. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4079. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
4080.  
4081. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
4082. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
4083. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4084. 2 keys
4085. 0 new keys added
4086. 4 values total
4087.  
4088.  
4089. Hives that have changed:
4090. # Name
4091. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
4092. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
4093. *******************
4094.  
4095. reged version 0.1 110511, (c) Petter N Hagen
4096. Hive </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> name (from header): <ettings\Default User\NtUser.dat>
4097. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4098. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4099. Used for data: 4194/234976 blocks/bytes, unused: 129/4800 blocks/bytes.
4100.  
4101. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
4102. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4103. 1 keys
4104. 0 new keys added
4105. 2 values total
4106.  
4107.  
4108. Hives that have changed:
4109. # Name
4110. 0 </mnt/sdb1/Documents and Settings/Default User/NTUSER.DAT> - OK
4111. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
4112. NTUSER: /mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT
4113. *******************
4114.  
4115. reged version 0.1 110511, (c) Petter N Hagen
4116. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
4117. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4118. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
4119. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
4120.  
4121. Exporting to file '/tmp/runRead.reg'...
4122. Exporting key 'Run' with 0 subkeys and 1 values...
4123. *******************
4124.  
4125. Fichero /tmp/runRead.reg
4126. Windows Registry Editor Version 5.00
4127.  
4128. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4129. "CTFMON.EXE"=""
4130.  
4131. *******************
4132.  
4133. Fichero /tmp/runWrite.reg
4134. Windows Registry Editor Version 5.00
4135. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4136. "CTFMON.EXE"=
4137. *******************
4138.  
4139. reged version 0.1 110511, (c) Petter N Hagen
4140. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
4141. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4142. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
4143. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
4144.  
4145. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
4146. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
4147. 1 keys
4148. 0 new keys added
4149. 1 values total
4150.  
4151.  
4152. Hives that have changed:
4153. # Name
4154. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
4155. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
4156. *******************
4157.  
4158. reged version 0.1 110511, (c) Petter N Hagen
4159. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
4160. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4161. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
4162. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
4163.  
4164. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
4165. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
4166. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4167. 2 keys
4168. 0 new keys added
4169. 4 values total
4170.  
4171.  
4172. Hives that have changed:
4173. # Name
4174. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
4175. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
4176. *******************
4177.  
4178. reged version 0.1 110511, (c) Petter N Hagen
4179. Hive </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> name (from header): <ettings\LocalService\ntuser.dat>
4180. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4181. File size 262144 [40000] bytes, containing 58 pages (+ 1 headerpage)
4182. Used for data: 4167/230808 blocks/bytes, unused: 142/4904 blocks/bytes.
4183.  
4184. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
4185. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4186. 1 keys
4187. 0 new keys added
4188. 2 values total
4189.  
4190.  
4191. Hives that have changed:
4192. # Name
4193. 0 </mnt/sdb1/Documents and Settings/LocalService/NTUSER.DAT> - OK
4194. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
4195. NTUSER: /mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT
4196. *******************
4197.  
4198. reged version 0.1 110511, (c) Petter N Hagen
4199. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
4200. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4201. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
4202. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
4203.  
4204. Exporting to file '/tmp/runRead.reg'...
4205. Exporting key 'Run' with 0 subkeys and 1 values...
4206. *******************
4207.  
4208. Fichero /tmp/runRead.reg
4209. Windows Registry Editor Version 5.00
4210.  
4211. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4212. "CTFMON.EXE"=""
4213.  
4214. *******************
4215.  
4216. Fichero /tmp/runWrite.reg
4217. Windows Registry Editor Version 5.00
4218. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4219. "CTFMON.EXE"=
4220. *******************
4221.  
4222. reged version 0.1 110511, (c) Petter N Hagen
4223. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
4224. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4225. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
4226. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
4227.  
4228. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
4229. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
4230. 1 keys
4231. 0 new keys added
4232. 1 values total
4233.  
4234.  
4235. Hives that have changed:
4236. # Name
4237. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
4238. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
4239. *******************
4240.  
4241. reged version 0.1 110511, (c) Petter N Hagen
4242. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
4243. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4244. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
4245. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
4246.  
4247. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
4248. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
4249. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4250. 2 keys
4251. 0 new keys added
4252. 4 values total
4253.  
4254.  
4255. Hives that have changed:
4256. # Name
4257. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
4258. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
4259. *******************
4260.  
4261. reged version 0.1 110511, (c) Petter N Hagen
4262. Hive </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> name (from header): <tings\NetworkService\ntuser.dat>
4263. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4264. File size 303104 [4a000] bytes, containing 57 pages (+ 1 headerpage)
4265. Used for data: 4135/295336 blocks/bytes, unused: 140/1848 blocks/bytes.
4266.  
4267. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
4268. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4269. 1 keys
4270. 0 new keys added
4271. 2 values total
4272.  
4273.  
4274. Hives that have changed:
4275. # Name
4276. 0 </mnt/sdb1/Documents and Settings/NetworkService/NTUSER.DAT> - OK
4277. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
4278. NTUSER: /mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT
4279. *******************
4280.  
4281. reged version 0.1 110511, (c) Petter N Hagen
4282. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
4283. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4284. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
4285. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
4286.  
4287. Exporting to file '/tmp/runRead.reg'...
4288. Exporting key 'Run' with 0 subkeys and 1 values...
4289. *******************
4290.  
4291. Fichero /tmp/runRead.reg
4292. Windows Registry Editor Version 5.00
4293.  
4294. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4295. "ctfmon.exe"=""
4296.  
4297. *******************
4298.  
4299. Fichero /tmp/runWrite.reg
4300. Windows Registry Editor Version 5.00
4301. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4302. "ctfmon.exe"=
4303. *******************
4304.  
4305. reged version 0.1 110511, (c) Petter N Hagen
4306. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
4307. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4308. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
4309. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
4310.  
4311. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
4312. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
4313. 1 keys
4314. 0 new keys added
4315. 1 values total
4316.  
4317.  
4318. Hives that have changed:
4319. # Name
4320. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
4321. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
4322. *******************
4323.  
4324. reged version 0.1 110511, (c) Petter N Hagen
4325. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
4326. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4327. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
4328. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
4329.  
4330. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
4331. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
4332. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4333. 2 keys
4334. 0 new keys added
4335. 4 values total
4336.  
4337.  
4338. Hives that have changed:
4339. # Name
4340. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
4341. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
4342. *******************
4343.  
4344. reged version 0.1 110511, (c) Petter N Hagen
4345. Hive </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> name (from header): <d Settings\vinagreta\ntuser.dat>
4346. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4347. File size 5767168 [580000] bytes, containing 1210 pages (+ 1 headerpage)
4348. Used for data: 103929/5499896 blocks/bytes, unused: 8510/134344 blocks/bytes.
4349.  
4350. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
4351. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4352. 1 keys
4353. 0 new keys added
4354. 2 values total
4355.  
4356.  
4357. Hives that have changed:
4358. # Name
4359. 0 </mnt/sdb1/Documents and Settings/vinagreta/NTUSER.DAT> - OK
4360. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
4361. NTUSER: /mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat
4362. *******************
4363.  
4364. reged version 0.1 110511, (c) Petter N Hagen
4365. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
4366. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4367. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
4368. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
4369.  
4370. Exporting to file '/tmp/runRead.reg'...
4371. export_subkey: Key 'Software\Microsoft\Windows\CurrentVersion\Run' not found!
4372. *******************
4373.  
4374. Fichero /tmp/runRead.reg
4375. Windows Registry Editor Version 5.00
4376.  
4377. *******************
4378.  
4379. Fichero /tmp/runWrite.reg
4380. Windows Registry Editor Version 5.00
4381. *******************
4382.  
4383. reged version 0.1 110511, (c) Petter N Hagen
4384. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
4385. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4386. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
4387. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
4388.  
4389.  
4390. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
4391. 0 keys
4392. 0 new keys added
4393. 0 values total
4394.  
4395.  
4396. Hives that have changed:
4397. # Name
4398. None!
4399.  
4400. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
4401. *******************
4402.  
4403. reged version 0.1 110511, (c) Petter N Hagen
4404. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
4405. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4406. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
4407. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
4408.  
4409. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
4410. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
4411. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4412. 2 keys
4413. 0 new keys added
4414. 4 values total
4415.  
4416.  
4417. Hives that have changed:
4418. # Name
4419. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
4420. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
4421. *******************
4422.  
4423. reged version 0.1 110511, (c) Petter N Hagen
4424. Hive </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> name (from header): <em32\config\SYSTEM~1\NtUser.dat>
4425. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4426. File size 262144 [40000] bytes, containing 1 pages (+ 1 headerpage)
4427. Used for data: 21/1240 blocks/bytes, unused: 5/2824 blocks/bytes.
4428.  
4429. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
4430. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4431. 1 keys
4432. 0 new keys added
4433. 2 values total
4434.  
4435.  
4436. Hives that have changed:
4437. # Name
4438. 0 </mnt/sdb1/WINDOWS/system32/config/systemprofile/NtUser.dat> - OK
4439. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
4440. NTUSER: /mnt/sdb1/WINDOWS/repair/ntuser.dat
4441. *******************
4442.  
4443. reged version 0.1 110511, (c) Petter N Hagen
4444. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
4445. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4446. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4447. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
4448.  
4449. Exporting to file '/tmp/runRead.reg'...
4450. Exporting key 'Run' with 0 subkeys and 1 values...
4451. *******************
4452.  
4453. Fichero /tmp/runRead.reg
4454. Windows Registry Editor Version 5.00
4455.  
4456. [HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4457. "CTFMON.EXE"=""
4458.  
4459. *******************
4460.  
4461. Fichero /tmp/runWrite.reg
4462. Windows Registry Editor Version 5.00
4463. [HKEY_USERSS-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
4464. "CTFMON.EXE"=
4465. *******************
4466.  
4467. reged version 0.1 110511, (c) Petter N Hagen
4468. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
4469. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4470. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4471. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
4472.  
4473. --- Import KEY <\Software\Microsoft\Windows\CurrentVersion\Run>
4474. END OF IMPORT, file </tmp/runWrite.reg>, operation SUCCEEDED!
4475. 1 keys
4476. 0 new keys added
4477. 1 values total
4478.  
4479.  
4480. Hives that have changed:
4481. # Name
4482. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
4483. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | Todos los valores a vacio
4484. *******************
4485.  
4486. reged version 0.1 110511, (c) Petter N Hagen
4487. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
4488. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4489. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4490. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
4491.  
4492. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon> with 2 values.
4493. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
4494. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4495. 2 keys
4496. 0 new keys added
4497. 4 values total
4498.  
4499.  
4500. Hives that have changed:
4501. # Name
4502. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
4503. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell | Userinit
4504. *******************
4505.  
4506. reged version 0.1 110511, (c) Petter N Hagen
4507. Hive </mnt/sdb1/WINDOWS/repair/ntuser.dat> name (from header): <>
4508. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4509. File size 262144 [40000] bytes, containing 59 pages (+ 1 headerpage)
4510. Used for data: 4189/234624 blocks/bytes, unused: 132/5152 blocks/bytes.
4511.  
4512. --- Import KEY <\Software\Microsoft\Windows NT\CurrentVersion\Windows>
4513. END OF IMPORT, file </tmp/user.reg>, operation SUCCEEDED!
4514. 1 keys
4515. 0 new keys added
4516. 2 values total
4517.  
4518.  
4519. Hives that have changed:
4520. # Name
4521. 0 </mnt/sdb1/WINDOWS/repair/ntuser.dat> - OK
4522. Modificada clave HKEY_USERS\S-1-5-21-606747145-746137067-682003330-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load
4523. Done!!
4524.  
4525.  
4526. Looking for in: /mnt/sdb1/WINDOWS/system32/config/system
4527. Found!!
4528. Applying system disinfection!!
4529. *******************
4530.  
4531. reged version 0.1 110511, (c) Petter N Hagen
4532. Hive <./mnt/sdb1/WINDOWS/system32/config/system> name (from header): <SYSTEM>
4533. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4534. File size 6291456 [600000] bytes, containing 1402 pages (+ 1 headerpage)
4535. Used for data: 101720/5970168 blocks/bytes, unused: 2030/22472 blocks/bytes.
4536.  
4537. Exporting to file '/tmp/runRead.reg'...
4538. Exporting key 'Select' with 0 subkeys and 4 values...
4539. *******************
4540.  
4541. reged version 0.1 110511, (c) Petter N Hagen
4542. Hive <./mnt/sdb1/WINDOWS/system32/config/system> name (from header): <SYSTEM>
4543. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
4544. File size 6291456 [600000] bytes, containing 1402 pages (+ 1 headerpage)
4545. Used for data: 101720/5970168 blocks/bytes, unused: 2030/22472 blocks/bytes.
4546.  
4547. --- Import KEY <\ControlSet001\Control\SafeBoot>
4548. END OF IMPORT, file </root/policeSafeBoot.reg>, operation SUCCEEDED!
4549. 1 keys
4550. 0 new keys added
4551. 0 values total
4552.  
4553.  
4554. Hives that have changed:
4555. # Name
4556. None!
4557.  
4558. Modificadas claves HKLM\SYSTEM\ControlSet001\Control\SafeBoot | AlternateShell
4559. Done!!
4560.  
4561.  
4562. Looking for in: /mnt/sdb5/WINDOWS/system32/config/software
4563. Looking for in: /mnt/sdb5/WINDOWS/system32/config/system
4564. Looking for in: /mnt/sdc1/WINDOWS/system32/config/software
4565. Looking for in: /mnt/sdc1/WINDOWS/system32/config/system
4566. Done!!
4567.  
4568.  
4569. Thank you for trust in PANDA SECURITY.
4570. bye!!