mt-canete.sites.uol.com.br

DNS Lookup
Host Name IP Address
0 127.0.0.1
vidaboa2009.pochta.ru
vidaboa2009.pochta.ru 194.186.88.37
mt-canete.sites.uol.com.br
mt-canete.sites.uol.com.br 200.147.33.17
UDP Connections
Remote IP Address: 127.0.0.1 Port: 1183
Send Datagram: 2451 packet(s) of size 1
Recv Datagram: 2451 packet(s) of size 1
Download URLs
http://194.186.88.37/borlndmm.dll (vidaboa2009.pochta.ru)
http://194.186.88.37/expressos.cfg (vidaboa2009.pochta.ru)
http://200.147.33.17/USB.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/USB.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/USB.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)
http://200.147.33.17/secdemo.txt (mt-canete.sites.uol.com.br)

Outgoing connection to remote server: vidaboa2009.pochta.ru TCP port 80
Outgoing connection to remote server: mt-canete.sites.uol.com.br TCP port 80
Outgoing connection to remote server: mt-canete.sites.uol.com.br TCP port 80
Outgoing connection to remote server: mt-canete.sites.uol.com.br TCP port 80DNS Lookup
Host Name IP Address
dell-d3e62f7e26 10.1.11.2
www.conam.com.br 189.14.99.162
0 127.0.0.1
www.itau.com.br
www.itau.com.br 200.196.152.40
UDP Connections
Remote IP Address: 127.0.0.1 Port: 1187
Send Datagram: 2 packet(s) of size 1
Recv Datagram: 2 packet(s) of size 1
Download URLs
http://200.196.152.40/ (www.itau.com.br)

Outgoing connection to remote server: www.conam.com.br TCP port 80
Outgoing connection to remote server: www.itau.com.br TCP port 80

Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “CheckExeSignatures” = no
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload “RunInvalidSignatures” = 00000001
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments “SaveZoneInformation” = 00000001
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations “LowRiskFileTypes” = .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “mdktask” = C:WINDOWSsystem32mdktask.com
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “mdktaskexe” = C:WINDOWSsystem32mdktask.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “mdktaskcmd” = C:WINDOWSsystem32mdktask.cmd
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “mdktaskscr” = C:WINDOWSsystem32mdktask.scr
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “memorycache” = C:WINDOWSsystem32Svshosts.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “SVchost” = C:WINDOWSsystem32SVshost.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “servicelogon” = C:WINDOWSsystem32Winlogom.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “windirupdate” = C:WINDOWSsystem32beholder.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “windowsupdate” = C:WINDOWSsystem32avthekiller.exe
HKEY_CURRENT_USERSoftwareMicrosoftGWTijqjC “LsFYbyRS” = [REG_BINARY, size: 1064 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftooqNnNRl “SNRJByRc” = [REG_BINARY, size: 1064 bytes]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “” = C:WindowsTcp_IP.exe
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesbord_007 “ImagePath” = system32driversregtoro.sys
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “EnableLUA” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftGWTijqjC “LsFYbyRS” = [REG_BINARY, size: 1064 bytes]
HKEY_CURRENT_USERSoftwareMicrosoftooqNnNRl “SNRJByRc” = [REG_BINARY, size: 1064 bytes]
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{420B2830-E718-11CF-893D-00A0C9054228}1.0 “win32”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{420B2830-E718-11CF-893D-00A0C9054228}1.0 “win32”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{1E66F26B-79EE-11D2-8710-00C04F79ED0D}Server “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “EnableInternetHREFexes”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{56F9679E-7826-4C84-81F3-532071A8BCC5}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile “ProgID”
HKEY_LOCAL_MACHINESOFTWAREClassesfile “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesMapi “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOutlookexpress “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOTFS “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ScriptOk”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXE “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedLow”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedHigh”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}TypeLib “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{B722BCCB-4E68-101B-A2BC-00AA00404770}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{000214E6-0000-0000-C000-000000000046}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}ProxyStubClsid32 “”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSecurityP3Global “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{00021401-0000-0000-C000-000000000046}InProcServer32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_INTERNET_SHELL_FOLDERS “AvastS1S.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_INTERNET_SHELL_FOLDERS “*”
HKEY_LOCAL_MACHINESOFTWAREClassesHTTP “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{5067A26B-1337-4436-8AFE-EE169C2DA79F}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “ButtonText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “MenuText”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{77BF5300-1474-4EC7-9980-D32B190E9B07}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Default Visible”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{e2e2dd38-d088-4134-82b7-f2ba38496583}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “ButtonText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{FB5F1910-F110-11d2-BB9E-00C04F795683}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Default Visible”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesRatings “Key”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “No3DBorder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer “No3DBorder”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “UrlEncoding”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternational “AcceptLanguage”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “ProxyEnable”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsICWCONN1.EXE “Path”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURL Compatibility~/CONNWIZ.HTM “Compatibility Flags”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURL Compatibility~/CWIZINTR.HTM “Compatibility Flags”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerApplication Compatibility “AvastS1S.exe”
HKEY_CURRENT_USERControl PanelInternational “NumShape”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUrl History “DaysToKeep”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “SmartDithering”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “RtfConverterFlags”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “UseClearType”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Page_Transitions”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Use_DlgBox_Colors”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Anchor Underline”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “CSS_Compat”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Expand Alt Text”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Display Inline Images”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Display Inline Videos”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Play_Background_Sounds”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Play_Animations”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Print_Background”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Use Stylesheets”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “SmoothScroll”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “XMLHTTP”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Show image placeholders”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Disable Script Debugger”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “DisableScriptDebuggerIE”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Move System Caret”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Force Offscreen Composition”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Enable AutoImageResize”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “UseThemes”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “UseHR”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Q300829”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Disable_Local_Machine_Navigate”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Cleanup HTCs”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Q331869”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “AlwaysAllowExecCommand”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternational “Default_CodePage”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternational “AutoDetect”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts “Default_IEFontSize”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts “Default_IEFontSizePrivate”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Anchor Color”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Anchor Color Visited”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Anchor Color Hover”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Always Use My Colors”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Always Use My Font Size”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Always Use My Font Face”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “Use Anchor Hover Color”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSettings “MiscFlags”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies “Allow Programmatic Cut_Copy_Paste”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “DisableCachingOfSSLPages”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlNlsCodePage “950”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEFontSize”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEFontSizePrivate”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEPropFontName”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternationalScripts3 “IEFixedFontName”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “PopupMgr”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}InprocServer32 “”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “BlockUserInit”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “UseTimerMethod”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “UseHooks”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “AllowHTTPS”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “BlockControls”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “IEHardenWarnOnNav”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings “IEHardenWarnOnNav”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “EnableLUA”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_CURRENT_USERSoftwareMicrosoftGWTijqjC “LsFYbyRS”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_CURRENT_USERSoftwareMicrosoftooqNnNRl “SNRJByRc”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
Enums HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkPolicyAppPatch
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkPolicy
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlers
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedType
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURL Compatibility

File Changes by all processes
New Files c:windowssystem32mdktask.exe
C:WINDOWSsystem32showbol2010.log
DeviceTcp
DeviceIp
DeviceIp
C:WINDOWSsystem32atualizado.log
DeviceRasAcd
C:WindowsTcp_IP.exe
C:WINDOWSsystem32driversregtoro.sys
DeviceRasAcd
C:WINDOWSUSB.log
DeviceTcp
DeviceIp
DeviceIp
Opened Files C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSsystem32de-DEwshom.ocx.mui
C:WINDOWSsystem32scrrun.dll
c:apresentacao.exe
c:apresentacao.exe
c:windowssystem32mdktask.exe
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
c:windowssystem32
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSsystem32de-DEwshom.ocx.mui
C:WINDOWSsystem32scrrun.dll
.PIPEROUTER
.PIPElsarpc
c:autoexec.bat
.Ip
c:windowssystem32mdktask.exe.config
c:windowssystem32mdktask.exe
.PIPEwkssvc
C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
c:license.nss
c:license.nss
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WindowsSystem32
C:WINDOWSRegistrationR000000000007.clb
C:ProgrammeInternet ExplorerIEXPLORE.EXE
.PIPElsarpc
C:WINDOWSsystem32xpsp3res.dll
C:WINDOWSsystem32de-DEieframe.dll.mui
c:autoexec.bat
.PIPEROUTER
.Ip
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5OTWL3NW1itau_com_br[1].htm
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSSystem32
c:license.nss
c:license.nss
Deleted Files C:WINDOWSsystem32jviewj.exe
Chronological Order Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:WINDOWSsystem32de-DEwshom.ocx.mui (OPEN_EXISTING)
Open File: C:WINDOWSsystem32scrrun.dll (OPEN_EXISTING)
Find File: c:windowssystem32mdktask.exe
Open File: c:apresentacao.exe (OPEN_EXISTING)
Create File: c:windowssystem32mdktask.exe
Open File: c:apresentacao.exe (OPEN_EXISTING)
Open File: c:windowssystem32mdktask.exe (OPEN_EXISTING)
Set File Time: C:WINDOWSsystem32mdktask.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: c:windowssystem32 ()
Find File: C:WINDOWSsystem32mdktask.exe
Get File Attributes: C:WINDOWSsystem32.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSHelp.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:WINDOWSsystem32de-DEwshom.ocx.mui (OPEN_EXISTING)
Open File: C:WINDOWSsystem32scrrun.dll (OPEN_EXISTING)
Find File: c:windowssystem32mdktask.exe
Get File Attributes: C:WINDOWSsystem32showbol2010.log Flags: (SECURITY_ANONYMOUS)
Create File: C:WINDOWSsystem32showbol2010.log
Open File: .PIPEROUTER (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Get File Attributes: C:WINDOWSsystem32atualizado.log Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSsystem32Winlogom.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:WINDOWSsystem32atualizado.log
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Get File Attributes: c:windowssystem32mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: c:windowssystem32mdktask.exe.config (OPEN_EXISTING)
Open File: c:windowssystem32mdktask.exe (OPEN_EXISTING)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727 Flags: (SECURITY_ANONYMOUS)
Find File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
Find File: C:WINDOWSsystem32AvastS1S.exe
Find File: C:WINDOWSsystem32jviewj.exe
Delete File: C:WINDOWSsystem32jviewj.exe
Open File: .PIPEwkssvc (OPEN_EXISTING)
Get File Attributes: c: Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSsystem32jviewj.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorEigene Dateiendesktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAll UsersDokumentedesktop.ini Flags: (SECURITY_ANONYMOUS)
Open File: C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Get File Attributes: C:WINDOWSsystem32AvastS1S.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSsystem32avthekiller.exe Flags: (SECURITY_ANONYMOUS)
Open File: c:license.nss (OPEN_EXISTING)
Get File Attributes: C:Arquivos de programasAVGAVG9 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAlwil SoftwareAvast4 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAlwil SoftwareAvast5 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAlwil Software Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasKaspersky LabKaspersky Anti-Virus 2009 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasKaspersky Lab Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasKaspersky LabKaspersky Anti-Virus 2009 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasCOMODO Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasCOMODOCOMODO Internet Security Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasAVG7 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAVGAVG8 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAVG Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasAVGAVG8 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasSpyware Terminator Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasSpyware Terminator Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAvira Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasAvira Flags: (SECURITY_ANONYMOUS)
Open File: c:license.nss (OPEN_EXISTING)
Copy File: C:WINDOWSsystem32AvastS1S.exe to C:WindowsTcp_IP.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WindowsSystem32 ()
Find File: C:WINDOWSsystem32cmd.exe
Create File: C:WINDOWSsystem32driversregtoro.sys
Find File: C:WINDOWSUSB.log
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Create File: C:WINDOWSUSB.log
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:ProgrammeInternet ExplorerIEXPLORE.EXE (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: C:ProgrammeSkypeToolbarsInternet Explorerfavicon.ico Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32xpsp3res.dll (OPEN_EXISTING)
Get File Attributes: C:ProgrammeMessengermsmsgs.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32de-DEieframe.dll.mui (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Open File: .PIPEROUTER (OPEN_EXISTING)
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemporary Internet FilesContent.IE5OTWL3NW1itau_com_br[1].htm (OPEN_EXISTING)
Get File Attributes: C: Flags: (SECURITY_ANONYMOUS)
Find File: C:
Find File: C:WINDOWSSystem32reg.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSSystem32 ()
Find File: C:WINDOWSsystem32reg.exe
Open File: c:license.nss (OPEN_EXISTING)
Get File Attributes: C:Arquivos de programasAVGAVG9 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAlwil SoftwareAvast4 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAlwil SoftwareAvast5 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAlwil Software Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasKaspersky LabKaspersky Anti-Virus 2009 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasKaspersky Lab Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasKaspersky LabKaspersky Anti-Virus 2009 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasCOMODO Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasCOMODOCOMODO Internet Security Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasAVG7 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAVGAVG8 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAVG Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasAVGAVG8 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasSpyware Terminator Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasSpyware Terminator Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de programasAvira Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Arquivos de programasAvira Flags: (SECURITY_ANONYMOUS)
Open File: c:license.nss (OPEN_EXISTING)

Categories: Uncategorized