electric-servers.com 217.23.7.121
C&C Server: 217.23.7.121:6667
Server Password:
Username: XP-0733
Nickname: [DEU-[L]-65709]NEW
Channel: #Cracker (Password: none)
Channeltopic:
Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftGDIPlus “FontCachePath” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdaten
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Micrososft Omg” = taskmgrr.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “Micrososft Omg” = taskmgrr.exe
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe:*:Enabled:Micrososft Omg
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfgtraceIdentifier “Guid” = 5f31090b-d990-4e91-b16d-46121d0255aa
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfgtraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxytraceIdentifier “Guid” = 5f31090b-d990-4e91-b16d-46121d0255aa
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxytraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtiltraceIdentifier “Guid” = 8aefce96-4618-42ff-a057-3536aa78233e
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtiltraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetshNapmontr “Guid” = 710adbf0-ce88-40b4-a50d-231ada6593f0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetshNapmontr “BitNames” = NAP_TRACE_BASE NAP_TRACE_NETSH
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagenttraceIdentifier “Guid” = b0278a28-76f1-4e15-b1df-14b209a12613
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagenttraceIdentifier “BitNames” = Error Unusual Info Debug
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStart”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStartAtJit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DisableConfigCache”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “CacheLocation”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DownloadCacheQuotaInKB”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “EnableLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LoggingLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “ForceLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogFailures”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogResourceBinds”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “UseLegacyIdentityFormat”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DisableMSIPeek”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32 “LatestIndex”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “NIUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “ILUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “Latest”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “index1”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “LegacyPolicyTimeStamp”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Xml,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DbgJITDebugLaunchSetting”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DbgManagedDebugger”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc11 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3a6a696d3469b77313 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftGDIPlus “FontCachePath”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsa “FIPSAlgorithmPolicy”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyDefaultsProvider TypesType 001 “Name”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”
HKEY_LOCAL_MACHINESYSTEMControlSet001Services.NETFrameworkPerformance “First Counter”
HKEY_LOCAL_MACHINESYSTEMControlSet001Services.NETFrameworkPerformance “First Help”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “EventLogLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “TotalInstanceName”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPerfProcPerformance “DisplayHeapPerfObject”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPerfProcPerformance “ProcessNameFormat”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPerfProcPerformance “ThreadNameFormat”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPSchedPerformance “First Counter”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPSchedPerformance “First Help”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesRSVPPerformance “First Counter”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesRSVPPerformance “First Help”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony “Perf1”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony “Perf2”
HKEY_PERFORMANCE_DATA “230 784”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “CurrentBuildNumber”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging Directory”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Log File Max Size”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Repository Directory”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “Enable Tracing”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “Tracing Level”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “PlumbIpsecPolicy”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ProcessID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “EnablePrivateObjectHeap”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ContextLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ObjectLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “IdentifierLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “1.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”
HKEY_LOCAL_MACHINESYSTEMControlSet001Services.NETFrameworkPerformance “First Counter”
HKEY_LOCAL_MACHINESYSTEMControlSet001Services.NETFrameworkPerformance “First Help”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “EventLogLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “TotalInstanceName”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPerfProcPerformance “DisplayHeapPerfObject”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPerfProcPerformance “ProcessNameFormat”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPerfProcPerformance “ThreadNameFormat”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPSchedPerformance “First Counter”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPSchedPerformance “First Help”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesRSVPPerformance “First Counter”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesRSVPPerformance “First Help”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony “Perf1”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony “Perf2”
HKEY_PERFORMANCE_DATA “230 784”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Sink Transmit Buffer Size”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “DefaultRpcStackSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “EnableObjectValidation”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Log File Max Size”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C}InprocServer32 “ThreadingModel”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C}InprocServer32 “Synchronization”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C} “”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C} “AppId”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionHotFixKB956572 “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOMSecuredHostProviders “ROOTCIMV2:__Win32Provider.Name=”CIMWin32″”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging Directory”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “ProductName”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlProductOptions “ProductSuite”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “ProductId”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “RegisteredOwner”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “RegisteredOrganization”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “Plus! ProductId”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “CurrentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “InstallDate”
HKEY_LOCAL_MACHINESYSTEMSetup “SystemPartition”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPriorityControl “Win32PrioritySeparation”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerMemory Management “LargeSystemCache”
HKEY_LOCAL_MACHINEHARDWAREDESCRIPTIONSystemCentralProcessor “ProcessorNameString”
HKEY_LOCAL_MACHINEHARDWAREDESCRIPTIONSystemCentralProcessor “Identifier”
“Counter”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “EventLogLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “TotalInstanceName”
HKEY_PERFORMANCE_DATA “238”
Enums HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSets
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsInternet
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsLocalIntranet
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a9
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db6748
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI432ba5983d75b7fc
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkPolicyAppPatch
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkPolicy
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkPolicyAppPatch
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkPolicy
File Changes by all processes
New Files C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe
DeviceTcp
DeviceIp
DeviceIp
DeviceGpc
DeviceTcp6
C:WINDOWStaskmgrr.exe
DeviceTcp
DeviceIp
DeviceIp
DeviceGpc
DeviceTcp6
DeviceRasAcd
infNEW.txt
Opened Files c:Crypted1.exe.config
c:Crypted1.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch
C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat
C:WINDOWSassemblypubpol1.dat
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSsystem32l_intl.nls
C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
C:WINDOWSsystem32GDIPFONTCACHEV1.DAT
C:WINDOWSFONTSMARLETT.TTF
C:WINDOWSFONTSROMAN.FON
C:WINDOWSFONTSSCRIPT.FON
C:WINDOWSFONTSMODERN.FON
C:WINDOWSFONTSSMALLE.FON
C:WINDOWSFONTSARIAL.TTF
C:WINDOWSFONTSARIALBD.TTF
C:WINDOWSFONTSARIALBI.TTF
C:WINDOWSFONTSARIALI.TTF
C:WINDOWSFONTSCOUR.TTF
C:WINDOWSFONTSCOURBD.TTF
C:WINDOWSFONTSCOURBI.TTF
C:WINDOWSFONTSCOURI.TTF
C:WINDOWSFONTSLUCON.TTF
C:WINDOWSFONTSL_10646.TTF
C:WINDOWSFONTSTIMES.TTF
C:WINDOWSFONTSTIMESBD.TTF
C:WINDOWSFONTSTIMESBI.TTF
C:WINDOWSFONTSTIMESI.TTF
C:WINDOWSFONTSWINGDING.TTF
C:WINDOWSFONTSSYMBOL.TTF
C:WINDOWSFONTSSYMBOLE.FON
C:WINDOWSFONTSVERDANA.TTF
C:WINDOWSFONTSVERDANAB.TTF
C:WINDOWSFONTSVERDANAI.TTF
C:WINDOWSFONTSVERDANAZ.TTF
C:WINDOWSFONTSARIBLK.TTF
C:WINDOWSFONTSCOMIC.TTF
C:WINDOWSFONTSCOMICBD.TTF
C:WINDOWSFONTSIMPACT.TTF
C:WINDOWSFONTSGEORGIA.TTF
C:WINDOWSFONTSGEORGIAB.TTF
C:WINDOWSFONTSGEORGIAZ.TTF
C:WINDOWSFONTSGEORGIAI.TTF
C:WINDOWSFONTSFRAMD.TTF
C:WINDOWSFONTSFRAMDIT.TTF
C:WINDOWSFONTSPALA.TTF
C:WINDOWSFONTSPALAB.TTF
C:WINDOWSFONTSPALABI.TTF
C:WINDOWSFONTSPALAI.TTF
C:WINDOWSFONTSTAHOMABD.TTF
C:WINDOWSFONTSTREBUC.TTF
C:WINDOWSFONTSTREBUCBD.TTF
C:WINDOWSFONTSTREBUCBI.TTF
C:WINDOWSFONTSTREBUCIT.TTF
C:WINDOWSFONTSWEBDINGS.TTF
C:WINDOWSFONTSESTRE.TTF
C:WINDOWSFONTSGAUTAMI.TTF
C:WINDOWSFONTSLATHA.TTF
C:WINDOWSFONTSMANGAL.TTF
C:WINDOWSFONTSMVBOLI.TTF
C:WINDOWSFONTSRAAVI.TTF
C:WINDOWSFONTSSHRUTI.TTF
C:WINDOWSFONTSTUNGA.TTF
C:WINDOWSFONTSSYLFAEN.TTF
C:WINDOWSFONTSWST_CZEC.FON
C:WINDOWSFONTSWST_ENGL.FON
C:WINDOWSFONTSWST_FREN.FON
C:WINDOWSFONTSWST_GERM.FON
C:WINDOWSFONTSWST_ITAL.FON
C:WINDOWSFONTSWST_SPAN.FON
C:WINDOWSFONTSWST_SWED.FON
C:WINDOWSFONTSCOURE.FON
C:WINDOWSFONTSSSERIFE.FON
C:WINDOWSFONTSSERIFE.FON
C:WINDOWSFONTSTAHOMA.TTF
C:WINDOWSFONTSMICROSS.TTF
C:WINDOWSFONTSGLOBALMONOSPACE.COMPOSITEFONT
C:WINDOWSFONTSGLOBALSANSSERIF.COMPOSITEFONT
C:WINDOWSFONTSGLOBALSERIF.COMPOSITEFONT
C:WINDOWSFONTSGLOBALUSERINTERFACE.COMPOSITEFONT
c:Crypted1.exe
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemp
.PIPElsarpc
.Ip
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe.config
C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe
.PIPEEVENTLOG
.PIPEROUTER
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWS
C:WINDOWSRegistrationR000000000007.clb
.PIPElsarpc
1.exe
.Ip
C:WINDOWStaskmgrr.exe.config
C:WINDOWStaskmgrr.exe
.PIPEEVENTLOG
.PIPEROUTER
.PIPElsarpc
c:autoexec.bat
infNEW.txt
.PIPElsarpc
.pipePIPE_EVENTROOT/CIMV2PROVIDERSUBSYSTEM
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSREPAIRSETUP.LOG
.PIPEwkssvc
.PIPEsrvsvc
Deleted Files C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.604.1062468
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.604.1062468
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.604.1062703
Chronological Order Get File Attributes: C:WINDOWSsystem32mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: c:Crypted1.exe.config (OPEN_EXISTING)
Open File: c:Crypted1.exe (OPEN_EXISTING)
Find File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727fusion.localgac Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.INI
Get File Attributes: c:Crypted1.config Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:Crypted1.exe Flags: (SECURITY_ANONYMOUS)
Find File: c:Crypted1.INI
Open File: C:WINDOWSassemblypubpol1.dat (OPEN_EXISTING)
Get File Attributes: C:WINDOWSassemblyGACPublisherPolicy.tme Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.INI
Get File Attributes: C:WINDOWSGlobalizationde-de.nlp Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32l_intl.nls (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_MSILSystem.Runtime.Remoting2.0.0.0__b77a5c561934e089System.Runtime.Remoting.INI
Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT (OPEN_EXISTING)
Open File: C:WINDOWSsystem32GDIPFONTCACHEV1.DAT (OPEN_EXISTING)
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdatenGDIPFONTCACHEV1.DAT
Open File: C:WINDOWSFONTSMARLETT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSROMAN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSCRIPT.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMODERN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSMALLE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIAL.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIALBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIALBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIALI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOUR.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSLUCON.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSL_10646.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMES.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMESBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMESBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTIMESI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWINGDING.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSYMBOL.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSYMBOLE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANAB.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANAI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSVERDANAZ.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSARIBLK.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOMIC.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOMICBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSIMPACT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIAB.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIAZ.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGEORGIAI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSFRAMD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSFRAMDIT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALAB.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALABI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSPALAI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTAHOMABD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUC.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUCBD.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUCBI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTREBUCIT.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWEBDINGS.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSESTRE.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGAUTAMI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSLATHA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMANGAL.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMVBOLI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSRAAVI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSHRUTI.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTUNGA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSYLFAEN.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_CZEC.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_ENGL.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_FREN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_GERM.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_ITAL.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_SPAN.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSWST_SWED.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSCOURE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSSERIFE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSSERIFE.FON (OPEN_EXISTING)
Open File: C:WINDOWSFONTSTAHOMA.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSMICROSS.TTF (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALMONOSPACE.COMPOSITEFONT (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALSANSSERIF.COMPOSITEFONT (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALSERIF.COMPOSITEFONT (OPEN_EXISTING)
Open File: C:WINDOWSFONTSGLOBALUSERINTERFACE.COMPOSITEFONT (OPEN_EXISTING)
Open File: c:Crypted1.exe (OPEN_EXISTING)
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp (OPEN_EXISTING)
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp (OPEN_EXISTING)
Get File Attributes: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemp ()
Find File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe
Open File: .PIPElsarpc (OPEN_EXISTING)
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.604.1062468
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.604.1062468
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.604.1062703
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe.config (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe (OPEN_EXISTING)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727 Flags: (SECURITY_ANONYMOUS)
Find File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
Create/Open File: DeviceGpc (OPEN_ALWAYS)
Create/Open File: DeviceTcp6 (OPEN_ALWAYS)
Open File: .PIPEEVENTLOG (OPEN_EXISTING)
Open File: .PIPEROUTER (OPEN_EXISTING)
Get File Attributes: C:WINDOWStaskmgrr.exe Flags: (SECURITY_ANONYMOUS)
Copy File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe to C:WINDOWStaskmgrr.exe
Set File Attributes: C:WINDOWStaskmgrr.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32netsh.exe
Open File: C:WINDOWS ()
Find File: C:WINDOWStaskmgrr.exe
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32WBEMLogs Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: 1.exe (OPEN_EXISTING)
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWStaskmgrr.exe.config (OPEN_EXISTING)
Open File: C:WINDOWStaskmgrr.exe (OPEN_EXISTING)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727 Flags: (SECURITY_ANONYMOUS)
Find File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
Create/Open File: DeviceGpc (OPEN_ALWAYS)
Create/Open File: DeviceTcp6 (OPEN_ALWAYS)
Open File: .PIPEEVENTLOG (OPEN_EXISTING)
Open File: .PIPEROUTER (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Open File: infNEW.txt (OPEN_EXISTING)
Create File: infNEW.txt
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: .pipePIPE_EVENTROOT/CIMV2PROVIDERSUBSYSTEM (OPEN_EXISTING)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32WBEMLogs Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSREPAIRSETUP.LOG ()
Open File: .PIPEwkssvc (OPEN_EXISTING)
Open File: .PIPEsrvsvc (OPEN_EXISTING)