C&C Server: 82.146.51.202:6667
Server Password:
Username: 5429
Nickname: [DEU|2308|XP]
Channel: #ShaDow (Password: 200500)
Channeltopic:
Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftGDIPlus “FontCachePath” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdaten
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “LS Services” = C:DOKUME~1ADMINI~1LOKALE~1Templsservs.exe
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStart”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStartAtJit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DisableConfigCache”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “CacheLocation”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DownloadCacheQuotaInKB”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “EnableLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LoggingLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “ForceLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogFailures”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogResourceBinds”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “UseLegacyIdentityFormat”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DisableMSIPeek”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32 “LatestIndex”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “NIUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “ILUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “Latest”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “index1”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “LegacyPolicyTimeStamp”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Xml,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DbgJITDebugLaunchSetting”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DbgManagedDebugger”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_CURRENT_USERSoftwareMicrosoftGDIPlus “FontCachePath”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXE “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedLow”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedHigh”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}TypeLib “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{B722BCCB-4E68-101B-A2BC-00AA00404770}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{000214E6-0000-0000-C000-000000000046}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{56F9679E-7826-4C84-81F3-532071A8BCC5}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile “ProgID”
HKEY_LOCAL_MACHINESOFTWAREClassesfile “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesMapi “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOutlookexpress “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREClassesOTFS “ShellFolder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersDefault “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.bmp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.c “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cpp “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cs “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.cxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.doc “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.dot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.emf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.eml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.err “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.gif “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.h “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.htm “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.html “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.hxx “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.idl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpeg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jpg “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.jsl “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mht “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.mhtml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.nws “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pdf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.png “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pot “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.pps “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.ppt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.rtf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.txt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.vb “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wmf “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.wrn “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xls “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xlt “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xml “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension.xsd “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecalendar “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecommunications “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypecontact “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypedocument “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeemail “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefavorite “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypefolder “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeim “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeimages “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypemusic “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypenote “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepicture “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypepresentation “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypeprogram “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypespreadsheet “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypetext “ScriptOk”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ContentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “TemplateUrl”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedTypevideo “ScriptOk”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
Enums HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSets
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsInternet
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsLocalIntranet
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a9
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db6748
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlers
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows SearchProtocolHandlersFile
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersExtension
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Desktop SearchPreviewersPerceivedType
File Changes by all processes
New Files C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempOut.exe
C:DOKUME~1ADMINI~1LOKALE~1Templsservs.exe
Opened Files c:FuDServ.exe.config
c:FuDServ.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch
C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat
C:WINDOWSassemblypubpol1.dat
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSsystem32l_intl.nls
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
C:WINDOWSsystem32GDIPFONTCACHEV1.DAT
C:WINDOWSFONTSMARLETT.TTF
C:WINDOWSFONTSROMAN.FON
C:WINDOWSFONTSSCRIPT.FON
C:WINDOWSFONTSMODERN.FON
C:WINDOWSFONTSSMALLE.FON
C:WINDOWSFONTSARIAL.TTF
C:WINDOWSFONTSARIALBD.TTF
C:WINDOWSFONTSARIALBI.TTF
C:WINDOWSFONTSARIALI.TTF
C:WINDOWSFONTSCOUR.TTF
C:WINDOWSFONTSCOURBD.TTF
C:WINDOWSFONTSCOURBI.TTF
C:WINDOWSFONTSCOURI.TTF
C:WINDOWSFONTSLUCON.TTF
C:WINDOWSFONTSL_10646.TTF
C:WINDOWSFONTSTIMES.TTF
C:WINDOWSFONTSTIMESBD.TTF
C:WINDOWSFONTSTIMESBI.TTF
C:WINDOWSFONTSTIMESI.TTF
C:WINDOWSFONTSWINGDING.TTF
C:WINDOWSFONTSSYMBOL.TTF
C:WINDOWSFONTSSYMBOLE.FON
C:WINDOWSFONTSVERDANA.TTF
C:WINDOWSFONTSVERDANAB.TTF
C:WINDOWSFONTSVERDANAI.TTF
C:WINDOWSFONTSVERDANAZ.TTF
C:WINDOWSFONTSARIBLK.TTF
C:WINDOWSFONTSCOMIC.TTF
C:WINDOWSFONTSCOMICBD.TTF
C:WINDOWSFONTSIMPACT.TTF
C:WINDOWSFONTSGEORGIA.TTF
C:WINDOWSFONTSGEORGIAB.TTF
C:WINDOWSFONTSGEORGIAZ.TTF
C:WINDOWSFONTSGEORGIAI.TTF
C:WINDOWSFONTSFRAMD.TTF
C:WINDOWSFONTSFRAMDIT.TTF
C:WINDOWSFONTSPALA.TTF
C:WINDOWSFONTSPALAB.TTF
C:WINDOWSFONTSPALABI.TTF
C:WINDOWSFONTSPALAI.TTF
C:WINDOWSFONTSTAHOMABD.TTF
C:WINDOWSFONTSTREBUC.TTF
C:WINDOWSFONTSTREBUCBD.TTF
C:WINDOWSFONTSTREBUCBI.TTF
C:WINDOWSFONTSTREBUCIT.TTF
C:WINDOWSFONTSWEBDINGS.TTF
C:WINDOWSFONTSESTRE.TTF
C:WINDOWSFONTSGAUTAMI.TTF
C:WINDOWSFONTSLATHA.TTF
C:WINDOWSFONTSMANGAL.TTF
C:WINDOWSFONTSMVBOLI.TTF
C:WINDOWSFONTSRAAVI.TTF
C:WINDOWSFONTSSHRUTI.TTF
C:WINDOWSFONTSTUNGA.TTF
C:WINDOWSFONTSSYLFAEN.TTF
C:WINDOWSFONTSWST_CZEC.FON
C:WINDOWSFONTSWST_ENGL.FON
C:WINDOWSFONTSWST_FREN.FON
C:WINDOWSFONTSWST_GERM.FON
C:WINDOWSFONTSWST_ITAL.FON
C:WINDOWSFONTSWST_SPAN.FON
C:WINDOWSFONTSWST_SWED.FON
C:WINDOWSFONTSCOURE.FON
C:WINDOWSFONTSSSERIFE.FON
C:WINDOWSFONTSSERIFE.FON
C:WINDOWSFONTSTAHOMA.TTF
C:WINDOWSFONTSMICROSS.TTF
C:WINDOWSFONTSGLOBALMONOSPACE.COMPOSITEFONT
C:WINDOWSFONTSGLOBALSANSSERIF.COMPOSITEFONT
C:WINDOWSFONTSGLOBALSERIF.COMPOSITEFONT
C:WINDOWSFONTSGLOBALUSERINTERFACE.COMPOSITEFONT
c:FuDServ.exe
.PIPEwkssvc
C:WINDOWSsystem32ieframe.dll
C:WINDOWSRegistrationR000000000007.clb
C:ProgrammeInternet ExplorerIEXPLORE.EXE
C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll
.PIPElsarpc
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemp
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:DOKUME~1ADMINI~1LOKALE~1Temp
Deleted Files C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.216.2379359
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.216.2379375
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.216.2379562
Chronological Order Get File Attributes: C:WINDOWSsystem32mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: c:FuDServ.exe.config (OPEN_EXISTING)
Open File: c:FuDServ.exe (OPEN_EXISTING)
Find File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727fusion.localgac Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.INI
Get File Attributes: c:FuDServ.config Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:FuDServ.exe Flags: (SECURITY_ANONYMOUS)
Find File: c:FuDServ.INI
Open File: C:WINDOWSassemblypubpol1.dat (OPEN_EXISTING)
Get File Attributes: C:WINDOWSassemblyGACPublisherPolicy.tme Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.INI
Get File Attributes: C:WINDOWSGlobalizationde-de.nlp Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32l_intl.nls (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_MSILSystem.Runtime.Remoting2.0.0.0__b77a5c561934e089System.Runtime.Remoting.INI
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp (OPEN_EXISTING)
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp (OPEN_EXISTING)
Get File Attributes: C:WINDOWSGlobalizationen.nlp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:de-DEtheEND.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:de-DEtheEND.resourcestheEND.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:de-DEtheEND.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:de-DEtheEND.resourcestheEND.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSGlobalizationde.nlp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:detheEND.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:detheEND.resourcestheEND.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:detheEND.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:detheEND.resourcestheEND.resources.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT (OPEN_EXISTING)
Open File: C:WINDOWSsystem32GDIPFONTCACHEV1.DAT (OPEN_EXISTING)
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
Open File: C:WINDOWSFONTSMARLETT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSROMAN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSCRIPT.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMODERN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSMALLE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIAL.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIALBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIALBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIALI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOUR.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSLUCON.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSL_10646.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMES.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMESBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMESBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMESI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWINGDING.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSYMBOL.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSYMBOLE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANAB.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANAI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANAZ.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIBLK.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOMIC.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOMICBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSIMPACT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIAB.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIAZ.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIAI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSFRAMD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSFRAMDIT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALAB.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALABI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALAI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTAHOMABD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUC.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUCBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUCBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUCIT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWEBDINGS.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSESTRE.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGAUTAMI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSLATHA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMANGAL.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMVBOLI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSRAAVI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSHRUTI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTUNGA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSYLFAEN.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_CZEC.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_ENGL.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_FREN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_GERM.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_ITAL.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_SPAN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_SWED.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSSERIFE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSERIFE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTAHOMA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMICROSS.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALMONOSPACE.COMPOSITEFONT (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALSANSSERIF.COMPOSITEFONT (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALSERIF.COMPOSITEFONT (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALUSERINTERFACE.COMPOSITEFONT (OPEN_EXISTING)
Open File: c:FuDServ.exe (OPEN_EXISTING)
Get File Attributes: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempOut.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempOut.exe
Open File: .PIPEwkssvc (OPEN_EXISTING)
Get File Attributes: c: Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempOut.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32ieframe.dll (OPEN_EXISTING)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:ProgrammeInternet ExplorerIEXPLORE.EXE (OPEN_EXISTING)
Open File: C:ProgrammeWindows Desktop SearchMSNLNamespaceMgr.dll (OPEN_EXISTING)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempOut.exe:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemp ()
Find File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempOut.exe
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.216.2379359
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.216.2379375
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.216.2379562
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Templsservs.exe Flags: (SECURITY_ANONYMOUS)
Copy File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempOut.exe to C:DOKUME~1ADMINI~1LOKALE~1Templsservs.exe
Set File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Templsservs.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:DOKUME~1ADMINI~1LOKALE~1Temp ()
Find File: C:DOKUME~1ADMINI~1LOKALE~1Templsservs.exe