ff.fjpark.com(maybe another mariposa botnet)

this bot have udp protocol wich is similar to mariposa and the net is very large

DNS Lookup
Host Name IP Address
dell-d3e62f7e26 10.1.6.2
ff.fjpark.com 98.126.180.250
208.53.183.124 208.53.183.124
74.63.78.27 74.63.78.27
208.53.183.92 208.53.183.92
UDP Connections
Remote IP Address: 98.126.180.250 Port: 9955
Send Datagram: packet(s) of size 21
Send Datagram: 7 packet(s) of size 10
Send Datagram: packet(s) of size 20
Send Datagram: 5 packet(s) of size 1
Send Datagram: 3 packet(s) of size 2
Recv Datagram: 12256 packet(s) of size 0
Recv Datagram: packet(s) of size 21
Recv Datagram: 2 packet(s) of size 10
Recv Datagram: packet(s) of size 1024
Recv Datagram: packet(s) of size 93
Recv Datagram: packet(s) of size 81
Recv Datagram: 2 packet(s) of size 79
Download URLs
http://208.53.183.124/rr.exe (208.53.183.124)
http://74.63.78.27/block.exe (74.63.78.27)
http://208.53.183.92/click.exe (208.53.183.92)

Outgoing connection to remote server: 208.53.183.124 TCP port 80
Outgoing connection to remote server: 74.63.78.27 TCP port 80
Outgoing connection to remote server: 208.53.183.92 TCP port 80DNS Lookup
Host Name IP Address
dell-d3e62f7e26 10.1.6.2
ms4all.twoplayers.net 204.45.85.218
www.nippon.to
www.nippon.to 112.78.112.208
www.cooleasy.com
www.cooleasy.com 218.5.74.190
obsoletegod.com
Download URLs
http://112.78.112.208/cgi-bin/prxjdg.cgi (www.nippon.to)
http://218.5.74.190/cgi-bin/prxjdg.cgi (www.cooleasy.com)
http://218.5.74.190/cgi-bin/prxjdg.cgi (www.cooleasy.com)
http://218.5.74.190/cgi-bin/prxjdg.cgi (www.cooleasy.com)
http://112.78.112.208/cgi-bin/prxjdg.cgi (www.nippon.to)
http://112.78.112.208/cgi-bin/prxjdg.cgi (www.nippon.to)

Outgoing connection to remote server: ms4all.twoplayers.net port 47221
Outgoing connection to remote server: www.nippon.to TCP port 80
Outgoing connection to remote server: www.cooleasy.com TCP port 80
Outgoing connection to remote server: www.nippon.to TCP port 80
Outgoing connection to remote server: www.nippon.to TCP port 80DNS Lookup
Host Name IP Address
update2.helohmar.com 91.212.127.147
mx4.hotmail.com 65.55.92.152
mx3.hotmail.com 65.54.188.72
mx1.bt.mail.yahoo.com 195.50.106.142
mailin-04.mx.aol.com 205.188.157.18
mailin-04.mx.aol.com 64.12.90.34
mailin-04.mx.aol.com 205.188.146.194
ff-mx-vip5b.prodigy.net 207.115.21.24
ff-mx-vip5b.PRODIGY.NET 207.115.21.24
mx4.comcast.net 76.96.26.14
alt4.gmail-smtp-in.l.google.com 74.125.93.27
extmail.bpbb.bigpond.com 61.9.189.122
smtp.wanadoo.fr 193.252.22.65
mx-v.av-mx.com 137.118.16.2
h.mx.mail.yahoo.com 66.94.236.34
imrcd.parcel-airstreamcomm.net 68.65.40.51
dell-d3e62f7e26 10.1.6.2
mx.netidentity.com.cust.hostedemail.com 216.40.42.4
cdptpa-smtpin02.mail.rr.com 75.180.132.244
relay.verizon.net 206.46.232.11
mx2.uleth.ca 142.66.3.49
et.jmu.edu 134.126.10.129
as-relay2.rti.it 157.28.8.115
mx.mbox.kyoto-inet.or.jp 220.156.142.32
smtp-in.sfr.fr 93.17.128.16
mx2.emailsrvr.com 72.4.117.22
noc.mx.easynet.net 212.135.6.130
mail.supereva.it 195.110.126.136
mx4.hotmail.com 65.55.37.88
mx.dca.untd.com 64.136.44.37
a.mx.mail.yahoo.com 67.195.168.31
mx2.hotmail.com 65.55.37.120
mx2.mail.eu.yahoo.com 77.238.184.241
sbcmx1.prodigy.net 207.115.21.20
gateway.insightbb.com 74.128.0.19
smtp1.u-bordeaux.fr 147.210.245.16
mail.global.frontbridge.com 65.55.88.22
smtp.aliceposta.it 82.57.200.133
smtp.tin.it 62.211.72.32
mx0.gmx.net 213.165.64.100
mx1.gmx.net 213.165.64.102
slu.edu.s7b2.psmtp.com 64.18.6.10
scc-mailrelay.att.net 204.127.208.75
mx8.communityweb.net 216.162.1.252
mailin.midco.net 24.220.0.34
in1.smtp.messagingengine.com 66.111.4.72
mx-ha01.web.de 217.72.192.149
liberomx1.libero.it 212.52.84.184
mx2.free.fr 212.27.42.59
gateway-f2.isp.att.net 207.115.11.16
mail.gti.net 199.171.27.7
csmx5.sover.net 209.198.87.210
inbound.mailwise.com 72.35.23.4
mx1.optonline.net 167.206.4.77
gallito.com.mx 200.58.114.177
mail.moranks.net 64.27.13.90
imp-3.mail.tiscali.it 213.205.33.247
fr.iowatelecom.net 69.66.0.15
mx4c35.carrierzone.com 209.235.147.41
mr.nanamail.co.il 212.143.70.30
mx1.mail.eu.yahoo.com 77.238.177.9
mail.citykom.de 195.202.32.22
b.mx.mail.yahoo.com 74.6.136.65
pyrite.goldrush.com 206.171.171.12
hrndva-smtpin02.mail.rr.com 71.74.56.244
mail-in-excite.roc2.bluetie.com 208.89.132.27
mx4.earthlink.net 209.86.93.229
gallodp.com 174.133.190.15
mxrm.virgilio.it 62.211.72.32
mx.club-internet.fr 93.17.128.7
ms12.tcnoc.com 63.209.10.225
smtp-in.neuf.fr 93.17.128.7
midmaine.com.s8b2.psmtp.com 64.18.7.14
mspool.gts.cz 193.85.2.11
mx.gallone.it 62.149.128.72
mail.pbn.com 70.183.13.227
pop.peoplescom.net 69.60.184.77
hrndva-smtpin01.mail.rr.com 71.74.56.243
aspmx4.googlemail.com 209.85.229.27
nocb.uar.navy.mil 205.56.129.195
spamlite.knology.net 69.73.24.50
mx.bellaliant.net 4.59.182.109
extmail.optusnet.com.au 211.29.133.14
.
mail.hammond.org 207.29.218.171
ib1.charter.net 216.33.127.20
mx4.mindspring.com 207.69.189.220
mail.global.mas.att.com 65.55.88.22
smtp2.consolidated.net 72.22.9.29
mail.bcclegal.com 65.122.84.67
mx.west.cox.net 68.6.19.3
mail.the-i.net 204.145.96.9
mx2c25.carrierzone.com 64.29.145.46
smtp.idcomm.com 216.98.192.5
mail.interquest.de 81.2.152.3
mail.outfitters.com 64.6.15.200
cuda.sciotowireless.net 69.43.24.9
smtpin.mx.webtv.net 209.240.204.26
sunset.net.sunsetnet.mail2.psmtp.com 64.18.4.11
smtp-pandora.telenet-ops.be 195.130.137.65
phobos.tkk.pl 194.24.244.2
ASPMX3.GOOGLEMAIL.com 72.14.213.27
mx1.uleth.ca 142.66.3.48
mx1.chariot.com.au 220.244.226.66
smtp-mx003.mac.com 17.148.17.3
liberomx2.libero.it 212.52.84.179
mx2.potsdam.edu 137.143.110.105
mx04.peoplepc.com 207.69.189.44
mail1.amc.edu 167.244.213.78
hrndva-smtpin01.mail.RR.com 71.74.56.243
server1.cnetco.com 68.177.232.4
mx.vgs.untd.com 64.136.52.37
mail1.cinergycom.net 216.135.0.38
mail.cbpu.com 66.231.32.24
mxbw.bluewin.ch 195.186.19.144
mx-c1.talktalk.net 62.24.202.3
vip-us-br-mx.terra.com 208.84.244.133
UDP Connections
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 399
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: packet(s) of size 94
Recv Datagram: packet(s) of size 500
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: packet(s) of size 94
Recv Datagram: packet(s) of size 500
Remote IP Address: 4.2.2.1 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: 2 packet(s) of size 94
Remote IP Address: 4.2.2.1 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: 2 packet(s) of size 94
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: 2 packet(s) of size 33
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: 2 packet(s) of size 33
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: packet(s) of size 33
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: 2 packet(s) of size 33
Recv Datagram: packet(s) of size 33
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 90
Recv Datagram: packet(s) of size 496
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 90
Recv Datagram: packet(s) of size 496
Remote IP Address: 4.2.2.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 90
Remote IP Address: 4.2.2.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 90
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 29
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 29
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 39
Recv Datagram: packet(s) of size 39
Recv Datagram: packet(s) of size 511
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 39
Recv Datagram: packet(s) of size 39
Recv Datagram: packet(s) of size 511
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 104
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 26
Recv Datagram: packet(s) of size 106
Recv Datagram: packet(s) of size 493
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 29
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 39
Recv Datagram: 2 packet(s) of size 39
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 39
Recv Datagram: 2 packet(s) of size 39
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 29
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 104
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 104
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 32
Recv Datagram: packet(s) of size 79
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 32
Recv Datagram: packet(s) of size 32
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 31
Recv Datagram: packet(s) of size 106
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 31
Recv Datagram: packet(s) of size 31
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 28
Recv Datagram: packet(s) of size 91
Recv Datagram: packet(s) of size 495
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 28
Recv Datagram: 2 packet(s) of size 28
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 28
Recv Datagram: 2 packet(s) of size 28
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 26
Recv Datagram: 2 packet(s) of size 26
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: 2 packet(s) of size 26
Recv Datagram: packet(s) of size 26
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 26
Recv Datagram: 2 packet(s) of size 26
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 28
Recv Datagram: packet(s) of size 91
Recv Datagram: packet(s) of size 495
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 26
Recv Datagram: packet(s) of size 106
Recv Datagram: packet(s) of size 493
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 28
Recv Datagram: packet(s) of size 103
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 28
Recv Datagram: packet(s) of size 28
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 28
Recv Datagram: 2 packet(s) of size 28
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 31
Recv Datagram: packet(s) of size 31
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: packet(s) of size 31
Recv Datagram: packet(s) of size 31
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 31
Recv Datagram: packet(s) of size 106
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 31
Recv Datagram: packet(s) of size 31
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 28
Recv Datagram: packet(s) of size 28
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: packet(s) of size 28
Recv Datagram: packet(s) of size 28
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 501
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 29
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 26
Recv Datagram: 2 packet(s) of size 26
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 26
Recv Datagram: 2 packet(s) of size 26
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 501
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 29
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: 2 packet(s) of size 29
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 501
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 39
Recv Datagram: 2 packet(s) of size 39
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 39
Recv Datagram: 2 packet(s) of size 39
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: 2 packet(s) of size 29
Recv Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 501
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: 2 packet(s) of size 28
Recv Datagram: 2 packet(s) of size 28
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 28
Recv Datagram: packet(s) of size 103
Remote IP Address: 208.67.222.222 Port: 53
Send Datagram: packet(s) of size 28
Recv Datagram: packet(s) of size 28
Remote IP Address: 66.93.87.2 Port: 53
Send Datagram: 2 packet(s) of size 28
Recv Datagram: packet(s) of size 28
Download URLs
http://91.212.127.147/spm/s_get_host.php?ver=522 (update2.helohmar.com)
http://91.212.127.147/spm/s_alive.php?id=52269948179283264783920724415449&tick=397593&ver=522&smtp=ok&sl=1&fw=0&pn=0&psr=0 (update2.helohmar.com)
http://91.212.127.147/spm/s_task.php?id=52269948179283264783920724415449 (update2.helohmar.com)

SMTP: 65.55.92.152:25
Outgoing connection to remote server: update2.helohmar.com TCP port 80
Outgoing connection to remote server: update2.helohmar.com TCP port 80
Outgoing connection to remote server: update2.helohmar.com TCP port 80
SMTP: 66.94.236.34:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 195.50.106.142:25
SMTP: 205.188.157.18:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 64.12.90.34:25
SMTP: 205.188.146.194:25
SMTP: 64.12.90.34:25
SMTP: 205.188.146.194:25
SMTP: 66.94.236.34:25
SMTP: 81.2.152.3:25
SMTP: 207.115.21.24:25
SMTP: 207.115.21.24:25
SMTP: 207.115.21.20:25
SMTP: 66.94.236.34:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 76.96.26.14:25
SMTP: 93.17.128.7:25
SMTP: 74.125.93.27:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 61.9.189.122:25
SMTP: 61.9.189.122:25
SMTP: 66.94.236.34:25
SMTP: 134.126.10.129:25
Username / Password: /
SMTP: 72.4.117.22:25
Username / Password: /
SMTP: 193.252.22.65:25
Username / Password: /
SMTP: 209.235.147.41:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 207.115.21.24:25
SMTP: 205.188.146.194:25
SMTP: 207.115.21.20:25
SMTP: 75.180.132.244:25
SMTP: 66.94.236.34:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.55.37.120:25
SMTP: 167.244.213.78:25
Username / Password: /
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 204.127.208.75:25
SMTP: 137.118.16.2:25
Username / Password: /
SMTP: 205.188.146.194:25
SMTP: 66.94.236.34:25
SMTP: 76.96.26.14:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 68.65.40.51:25
Username / Password: /
SMTP: 205.188.146.194:25
SMTP: 76.96.26.14:25
SMTP: 217.72.192.149:25
SMTP: 212.27.42.59:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 205.188.146.194:25
SMTP: 216.40.42.4:25
SMTP: 157.28.8.115:25
SMTP: 205.188.146.194:25
SMTP: 72.4.117.22:25
Username / Password: /
SMTP: 205.188.146.194:25
SMTP: 74.125.93.27:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 65.55.37.88:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 205.188.146.194:25
SMTP: 72.35.23.4:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 206.46.232.11:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 195.110.126.136:25
SMTP: 65.54.188.72:25
SMTP: 75.180.132.244:25
SMTP: 66.94.236.34:25
SMTP: 200.58.114.177:25
Username / Password: /
SMTP: 174.133.190.15:25
Username / Password: /
SMTP: 206.46.232.11:25
SMTP: 205.188.146.194:25
SMTP: 142.66.3.49:25
SMTP: 205.188.146.194:25
SMTP: 65.55.37.120:25
SMTP: 207.115.11.16:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 65.54.188.72:25
SMTP: 71.74.56.244:25
SMTP: 65.54.188.72:25
SMTP: 206.46.232.11:25
SMTP: 205.188.146.194:25
SMTP: 217.72.192.149:25
SMTP: 212.52.84.184:25
SMTP: 220.156.142.32:25
Username / Password: /
SMTP: 147.210.245.16:25
Username / Password: /
SMTP: 68.6.19.3:25
SMTP: 205.188.146.194:25
SMTP: 209.198.87.210:25
Username / Password: /
SMTP: 209.240.204.26:25
Username / Password: /
SMTP: 205.188.146.194:25
SMTP: 207.115.21.20:25
SMTP: 65.54.188.72:25
SMTP: 4.59.182.109:25
Username / Password: /
SMTP: 207.115.11.16:25
SMTP: 93.17.128.16:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 205.56.129.195:25
Username / Password: /
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 217.72.192.149:25
SMTP: 207.115.11.16:25
SMTP: 212.135.6.130:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 64.6.15.200:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 66.94.236.34:25
SMTP: 167.206.4.77:25
Username / Password: /
SMTP: 195.202.32.22:25
Username / Password: /
SMTP: 205.188.146.194:25
SMTP: 64.136.44.37:25
SMTP: 62.211.72.32:25
Username / Password: /
SMTP: 204.127.208.75:25
SMTP: 24.220.0.34:25
SMTP: 66.94.236.34:25
SMTP: 76.96.26.14:25
SMTP: 220.244.226.66:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 69.60.184.77:25
SMTP: 207.69.189.220:25
SMTP: 205.188.146.194:25
SMTP: 67.195.168.31:25
SMTP: 77.238.184.241:25
SMTP: 206.46.232.11:25
SMTP: 65.55.88.22:25
Username / Password: /
SMTP: 65.55.37.120:25
SMTP: 207.115.21.20:25
SMTP: 65.54.188.72:25
SMTP: 205.188.146.194:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 199.171.27.7:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 67.195.168.31:25
SMTP: 77.238.184.241:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 74.128.0.19:25
Username / Password: /
SMTP: 68.177.232.4:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
Username / Password: /
SMTP: 82.57.200.133:25
Username / Password: /
SMTP: 82.57.200.133:25
Username / Password: /
SMTP: 62.211.72.32:25
Username / Password: /
SMTP: 65.55.37.120:25
SMTP: 66.94.236.34:25
SMTP: 207.115.21.20:25
SMTP: 65.54.188.72:25
SMTP: 213.165.64.100:25
SMTP: 213.165.64.102:25
SMTP: 65.54.188.72:25
SMTP: 64.18.6.10:25
Username / Password: /
SMTP: 65.54.188.72:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 66.94.236.34:25
SMTP: 217.72.192.149:25
SMTP: 216.162.1.252:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 64.6.15.200:25
Username / Password: /
SMTP: 17.148.17.3:25
Username / Password: /
SMTP: 66.111.4.72:25
Username / Password: /
SMTP: 75.180.132.244:25
SMTP: 213.205.33.247:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 207.115.21.20:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 69.43.24.9:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 193.252.22.65:25
Username / Password: /
SMTP: 72.35.23.4:25
SMTP: 64.27.13.90:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 77.238.177.9:25
SMTP: 71.74.56.244:25
SMTP: 65.54.188.72:25
SMTP: 204.145.96.9:25
SMTP: 212.52.84.184:25
SMTP: 193.252.22.65:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 207.115.21.20:25
SMTP: 212.52.84.184:25
SMTP: 65.54.188.72:25
SMTP: 193.252.22.65:25
Username / Password: /
SMTP: 195.202.32.22:25
Username / Password: /
SMTP: 69.66.0.15:25
SMTP: 209.235.147.41:25
Username / Password: /
SMTP: 212.143.70.30:25
Username / Password: /
SMTP: 209.86.93.229:25
SMTP: 77.238.177.9:25
SMTP: 65.55.88.22:25
Username / Password: /
SMTP: 207.115.11.16:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 207.115.11.16:25
SMTP: 76.96.26.14:25
SMTP: 66.94.236.34:25
SMTP: 62.149.128.72:25
Username / Password: /
SMTP: 74.6.136.65:25
SMTP: 72.14.213.27:25
Username / Password: /
SMTP: 74.125.93.27:25
Username / Password: /
SMTP: 206.171.171.12:25
Username / Password: /
SMTP: 76.96.26.14:25
SMTP: 207.115.11.16:25
SMTP: 208.89.132.27:25
Username / Password: /
SMTP: 17.148.17.3:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 65.54.188.72:25
SMTP: 76.96.26.14:25
SMTP: 71.74.56.243:25
SMTP: 205.188.146.194:25
SMTP: 65.54.188.72:25
SMTP: 64.18.7.14:25
Username / Password: /
SMTP: 211.29.133.14:25
Username / Password: /
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 207.115.21.20:25
SMTP: 76.96.26.14:25
SMTP: 66.94.236.34:25
SMTP: 66.94.236.34:25
SMTP: 174.133.190.15:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 66.94.236.34:25
SMTP: 65.54.188.72:25
SMTP: 62.211.72.32:25
Username / Password: /
SMTP: 209.86.93.229:25
SMTP: 65.54.188.72:25
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 65.54.188.72:25
SMTP: 66.94.236.34:25
SMTP: 66.94.236.34:25
SMTP: 66.94.236.34:25
SMTP: 208.84.244.133:25
Username / Password: /
SMTP: 63.209.10.225:25
Username / Password: /
SMTP: 70.183.13.227:25
Username / Password: /
SMTP: 216.98.192.5:25
Username / Password: /
SMTP: 63.209.10.225:25
Username / Password: /
SMTP: 71.74.56.243:25
SMTP: 66.231.32.24:25
Username / Password: /
SMTP: 66.94.236.34:25
SMTP: 137.143.110.105:25
SMTP: 66.94.236.34:25
SMTP: 66.94.236.34:25
SMTP: 93.17.128.7:25
SMTP: 193.85.2.11:25
Username / Password: /
SMTP: 209.85.229.27:25
Username / Password: /
SMTP: 207.29.218.171:25
Username / Password: /
SMTP: 216.33.127.20:25
SMTP: 216.98.192.5:25
Username / Password: /
SMTP: 69.73.24.50:25
Username / Password: /
SMTP: 216.33.127.20:25
SMTP: 71.74.56.243:25
SMTP: 216.33.127.20:25
SMTP: 72.22.9.29:25
Username / Password: /
SMTP: 65.122.84.67:25
Username / Password: /
SMTP: 64.29.145.46:25
Username / Password: /
SMTP: 216.98.192.5:25
Username / Password: /
SMTP: 64.18.4.11:25
Username / Password: /
SMTP: 195.130.137.65:25
SMTP: 212.52.84.179:25
SMTP: 216.135.0.38:25
SMTP: 211.29.133.14:25
Username / Password: /
SMTP: 194.24.244.2:25
Username / Password: /
SMTP: 142.66.3.48:25
SMTP: 207.69.189.44:25
SMTP: 71.74.56.243:25
SMTP: 195.186.19.144:25
Username / Password: /
SMTP: 64.136.52.37:25
SMTP: 62.24.202.3:25DNS Lookup
Host Name IP Address
0 127.0.0.1
block.cddir.net
block.hostswiss.com
block.teoc.biz
UDP Connections
Remote IP Address: 127.0.0.1 Port: 1064

Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Microsoft Driver Setup” = C:WINDOWScfdrive32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun “Microsoft Driver Setup” = C:WINDOWScfdrive32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “MSODESNV7” = C:WINDOWSsystem32msvmiode.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetup “ridt100413” = 1
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetup “id” = 52269948179283264783920724415449
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetup “host” = 91.212.127.147
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “9972” = C:WINDOWSsystem32syscache.exe
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfile “EnableFirewall”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetup “ridt100413”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetup “id”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetup “host”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{420B2830-E718-11CF-893D-00A0C9054228}1.0 “win32”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{56F9679E-7826-4C84-81F3-532071A8BCC5}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile “ProgID”
HKEY_LOCAL_MACHINESOFTWAREClassesfile “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesMapi “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOutlookexpress “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOTFS “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustCertificate{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$DLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustCertificate{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$Function”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustFinalPolicy{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$DLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustFinalPolicy{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$Function”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustInitialization{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$DLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustInitialization{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$Function”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustMessage{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$DLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustMessage{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$Function”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustSignature{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$DLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustSignature{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$Function”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustCertCheck{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$DLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustCertCheck{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$Function”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustCleanup{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$DLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyProvidersTrustCleanup{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} “$Function”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing “State”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSecurity “Safety Warning Level”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXE “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedLow”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedHigh”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}TypeLib “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{B722BCCB-4E68-101B-A2BC-00AA00404770}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{000214E6-0000-0000-C000-000000000046}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}ProxyStubClsid32 “”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSecurityP3Global “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{00021401-0000-0000-C000-000000000046}InProcServer32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}1.1 “win32”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_INTERNET_SHELL_FOLDERS “syscache.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_INTERNET_SHELL_FOLDERS “*”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{5067A26B-1337-4436-8AFE-EE169C2DA79F}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “ButtonText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “MenuText”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{77BF5300-1474-4EC7-9980-D32B190E9B07}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Default Visible”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{e2e2dd38-d088-4134-82b7-f2ba38496583}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “ButtonText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{FB5F1910-F110-11d2-BB9E-00C04F795683}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Default Visible”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsICWCONN1.EXE “Path”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURL Compatibility~/CONNWIZ.HTM “Compatibility Flags”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURL Compatibility~/CWIZINTR.HTM “Compatibility Flags”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerApplication Compatibility “syscache.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesRatings “Key”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “No3DBorder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer “No3DBorder”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “UrlEncoding”
HKEY_CURRENT_USERControl PanelInternational “NumShape”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “ProxyEnable”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “SmartDithering”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “RtfConverterFlags”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “UseClearType”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Page_Transitions”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Use_DlgBox_Colors”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Anchor Underline”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “CSS_Compat”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Expand Alt Text”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Display Inline Images”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Display Inline Videos”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Play_Background_Sounds”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Play_Animations”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Print_Background”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Use Stylesheets”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “SmoothScroll”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “XMLHTTP”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Show image placeholders”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Disable Script Debugger”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “DisableScriptDebuggerIE”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Move System Caret”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Force Offscreen Composition”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Enable AutoImageResize”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “UseThemes”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “UseHR”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Q300829”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Disable_Local_Machine_Navigate”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Cleanup HTCs”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Q331869”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “AlwaysAllowExecCommand”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternational “Default_CodePage”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternational “AutoDetect”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts “Default_IEFontSize”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts “Default_IEFontSizePrivate”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Anchor Color”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Anchor Color Visited”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Anchor Color Hover”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Always Use My Colors”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Always Use My Font Size”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Always Use My Font Face”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Use Anchor Hover Color”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “MiscFlags”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies “Allow Programmatic Cut_Copy_Paste”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “DisableCachingOfSSLPages”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlNlsCodePage “950”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEFontSize”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEFontSizePrivate”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEPropFontName”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEFixedFontName”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “PopupMgr”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}InprocServer32 “”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “IEHardenWarnOnNav”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings “IEHardenWarnOnNav”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}LanguageProfilex00000000{63800dac-e7ca-4df9-9a5c-20765055488d} “Enable”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryItem{5130A009-5540-4FCF-97EB-AAD33FC0EE09} “Description”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryItem{7AE86BB7-262C-431E-9111-C974B6B7CAC3} “Description”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryItem{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04} “Description”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUrl History “DaysToKeep”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCOM3 “COM+Enabled”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer “UseMMX”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/atom+xml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/cdf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/fractals “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/futuresplash “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/hta “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/mac-binhex40 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/pdf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/pkcs10 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/pkcs7-mime “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/pkcs7-signature “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/pkix-cert “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/pkix-crl “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/postscript “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/rss+xml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/set-payment-initiation “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/set-registration-initiation “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.adobe.edn “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.adobe.pdx “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.adobe.rmf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.adobe.xdp+xml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.adobe.xfd+xml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.adobe.xfdf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.fdf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.ms-pki.certstore “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.ms-pki.pko “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.ms-pki.seccat “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.ms-pki.stl “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.ms-wpl “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/vnd.ms-xpsdocument “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-cdf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-complus “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-compress “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-compressed “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-ebx “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-gzip “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-informationCard “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-internet-signup “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-iphone “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-jtx+xps “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-latex “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-mix-transfer “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-mplayer2 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-ms-application “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-ms-wmd “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-ms-wmz “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-ms-xbap “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-pkcs12 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-pkcs7-certificates “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-pkcs7-certreqresp “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-shockwave-flash “Image Filter CLSID”
HKEY_CURRENT_USERMimeDatabaseContent Typeapplication/x-skype “Image Filter CLSID”
HKEY_CURRENT_USERMimeDatabaseContent Typeapplication/x-sparc “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-stuffit “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-tar “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-troff-man “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-x509-ca-cert “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/x-zip-compressed “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/xaml+xml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/xml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/aiff “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/basic “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/mid “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/midi “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/mp3 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/mpeg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/mpegurl “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/mpg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/wav “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-aiff “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-background “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-mid “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-midi “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-mp3 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-mpeg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-mpegurl “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-mpg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-ms-wax “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-ms-wma “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeaudio/x-wav “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/bmp “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/gif “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/jpeg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/pjpeg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/png “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/tiff “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/x-icon “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/x-jg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/x-png “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/x-wmf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typemessage/rfc822 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typemidi/mid “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typemodel/vnd.dwfx+xps “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/css “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/h323 “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/html “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/iuls “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/plain “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/scriptlet “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/webviewhtml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/x-component “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/x-scriptlet “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typetext/xml “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/avi “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/mpeg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/mpg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/msvideo “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-mpeg “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-mpeg2a “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-ms-asf “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-ms-asf-plugin “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-ms-wm “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-ms-wmv “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-ms-wmx “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-ms-wvx “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typevideo/x-msvideo “Image Filter CLSID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerFeed Discovery “Enabled”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/bmpBits “0”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/gifBits “0”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/jpegBits “0”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/pjpegBits “0”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/pngBits “0”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/x-pngBits “0”
HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeimage/x-wmfBits “0”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
Enums HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlers
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedType
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyOIDEncodingType 0CryptSIPDllIsMyFileType2
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyOID
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURL Compatibility
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}LanguageProfile
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}LanguageProfilex00000000
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryCategory{B95F181B-EA4C-4AF1-8056-7C321ABBB091}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}CategoryCategory{B95F181B-EA4C-4AF1-8056-7C321ABBB091}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryCategory{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USERMimeDatabaseContent Type

File Changes by all processes
New Files DeviceRasAcd
C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe
.pipewzrjvekyfaiinx
C:DOKUME~1ADMINI~1LOKALE~1Temp446.exe
C:DOKUME~1ADMINI~1LOKALE~1Temp40744.exe
C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe
DeviceTcp
DeviceIp
DeviceIp
C:WINDOWScfdrive32.exe
C:WINDOWSsystem32msvmiode.exe
DeviceTcp
DeviceIp
DeviceIp
DeviceRasAcd
%windir%/logfile32.log
DeviceRasAcd
DeviceTcp
DeviceIp
DeviceIp
DeviceTcp6
DeviceNetBT_Tcpip_{5D19E473-BE30-416B-B5C7-D8A091C41D2F}
C:DOKUME~1ADMINI~1LOKALE~1Temp49989.tmp
C:WINDOWSsystem32syscache.exe
C:WINDOWS9972.bat
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5HLENIMB8navcancl[1]
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5GGLLB926ErrorPageTemplate[1]
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5UJ8NADMerrorPageStrings[1]
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5HLENIMB8httpErrorPagesScripts[1]
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5UJ8NADMbackground_gradient[1]
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5UJ8NADMinfo_48[1]
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5HLENIMB8bullet[1]
C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenMicrosoftInternet ExplorerMSIMGSIZ.DAT
DeviceRasAcd
DeviceTcp
DeviceIp
DeviceIp
C:WINDOWSsystem32driversetchosts
Opened Files c:bbf.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe
.PIPElsarpc
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
.Ip
C:WINDOWSRegistrationR000000000007.clb
.PIPElsarpc
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWS
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
.Ip
%windir%/logfile32.log
.PIPElsarpc
.PIPEROUTER
c:autoexec.bat
.Ip
.PIPElsarpc
C:DOKUME~1ADMINI~1LOKALE~1Temp49989.tmp
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSsystem32scrrun.dll
C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe
C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe
C:WINDOWSsystem32syscache.exe
.PIPEwkssvc
.PIPElsarpc
C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll
C:WINDOWSsystem32de-DEwshext.dll.mui
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWS
C:WINDOWS9972.bat
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWSRegistrationR000000000007.clb
C:ProgrammeInternet ExplorerIEXPLORE.EXE
.PIPElsarpc
C:WINDOWSsystem32ieframe.dll
C:WINDOWSsystem32xpsp3res.dll
C:WINDOWSsystem32de-DEieframe.dll.mui
c:autoexec.bat
.PIPEROUTER
.Ip
Deleted Files C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe
C:DOKUME~1ADMINI~1LOKALE~1Temp49989.tmp
C:WINDOWS9972.bat
Chronological Order Open File: c:bbf.exe (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe
Copy File: c:bbf.exe to C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenltzqai.exe (OPEN_EXISTING)
Create NamedPipe: .pipewzrjvekyfaiinx
Open File: .PIPElsarpc (OPEN_EXISTING)
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temp446.exe
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temp40744.exe
Get File Attributes: c:cwsandboxcwsandbox.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp40744.exe
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp446.exe
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp40744.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp446.exe
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Get File Attributes: C:WINDOWScfdrive32.exe Flags: (SECURITY_ANONYMOUS)
Copy File: C:DOKUME~1ADMINI~1LOKALE~1Temp40744.exe to C:WINDOWScfdrive32.exe
Set File Attributes: C:WINDOWScfdrive32.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWS ()
Find File: C:WINDOWScfdrive32.exe
Copy File: C:DOKUME~1ADMINI~1LOKALE~1Temp446.exe to C:WINDOWSsystem32msvmiode.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32msvmiode.exe
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: %windir%/logfile32.log (OPEN_EXISTING)
Create File: %windir%/logfile32.log
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: .PIPEROUTER (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Create/Open File: DeviceTcp6 (OPEN_ALWAYS)
Create/Open File: DeviceNetBT_Tcpip_{5D19E473-BE30-416B-B5C7-D8A091C41D2F} (OPEN_ALWAYS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temp49989.tmp Flags: (SECURITY_ANONYMOUS)
Create File: C:DOKUME~1ADMINI~1LOKALE~1Temp49989.tmp
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp49989.tmp (OPEN_EXISTING)
Delete File: C:DOKUME~1ADMINI~1LOKALE~1Temp49989.tmp
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:WINDOWSsystem32scrrun.dll (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32syscache.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe (OPEN_EXISTING)
Create File: C:WINDOWSsystem32syscache.exe
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp9972.exe (OPEN_EXISTING)
Open File: C:WINDOWSsystem32syscache.exe (OPEN_EXISTING)
Set File Time: C:WINDOWSsystem32syscache.exe
Create File: C:WINDOWS9972.bat
Open File: .PIPEwkssvc (OPEN_EXISTING)
Get File Attributes: 0 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministrator Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWS9972.bat Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: C:Dokumente und EinstellungenAdministratorEigene Dateiendesktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAll UsersDokumentedesktop.ini Flags: (SECURITY_ANONYMOUS)
Open File: C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll (OPEN_EXISTING)
Get File Attributes: C:WINDOWS9972.bat:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32de-DEwshext.dll.mui (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWS ()
Find File: C:WINDOWS9972.bat
Get File Attributes: C:WINDOWSsystem32.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSHelp.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministrator Flags: (SECURITY_ANONYMOUS)
Find File: C:Dokumente und Einstellungen
Find File: C:Dokumente und EinstellungenAdministrator
Get File Attributes: “C:WINDOWS9972.bat” Flags: (SECURITY_ANONYMOUS)
Find File: C:WINDOWS9972.bat
Open File: C:WINDOWS9972.bat (OPEN_EXISTING)
Get File Attributes: C:WINDOWS9972.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Find File: C:WINDOWS9972.exe
Find File: C:WINDOWSsystem32syscache.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Get File Attributes: C:WINDOWS9972.bat Flags: (SECURITY_ANONYMOUS)
Delete File: C:WINDOWS9972.bat
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:ProgrammeInternet ExplorerIEXPLORE.EXE (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:WINDOWSsystem32ieframe.dll (OPEN_EXISTING)
Get File Attributes: C:ProgrammeSkypeToolbarsInternet Explorerfavicon.ico Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32xpsp3res.dll (OPEN_EXISTING)
Get File Attributes: C:ProgrammeMessengermsmsgs.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32de-DEieframe.dll.mui (OPEN_EXISTING)
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5HLENIMB8navcancl[1]
Get File Attributes: C:WINDOWSsystem32ieframe.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSsystem32ieframe.dll:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5GGLLB926ErrorPageTemplate[1]
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5UJ8NADMerrorPageStrings[1]
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5HLENIMB8httpErrorPagesScripts[1]
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5UJ8NADMbackground_gradient[1]
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5UJ8NADMinfo_48[1]
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5HLENIMB8bullet[1]
Get File Attributes: C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenMicrosoft Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenMicrosoftInternet Explorer Flags: (SECURITY_ANONYMOUS)
Create/Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenMicrosoftInternet ExplorerMSIMGSIZ.DAT (OPEN_ALWAYS)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: .PIPEROUTER (OPEN_EXISTING)
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Create File: C:WINDOWSsystem32driversetchosts

Categories: Uncategorized