DNS Lookup
Host Name IP Address
yaritsme.no-ip.biz 173.244.219.84
api.ipinfodb.com 67.212.74.82
Download URLs
http://67.212.74.82/v2/ip_query_country.php?key=86c9c734428c1230cba1356dcf99dc882bc229bf93fbd6491db4e8776d6d9a88&timezone=off (api.ipinfodb.com)
Outgoing connection to remote server: yaritsme.no-ip.biz port 3080
Outgoing connection to remote server: api.ipinfodb.com TCP port 80
Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerrun “Svihostupdater” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Svihostupdater” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Svihostupdater” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{07BEBD2D-20CE-D8EA-DC3A-FA94EDDECCCC} “StubPath” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
HKEY_CURRENT_USERSoftwareMicrosoftActive SetupInstalled Components{07BEBD2D-20CE-D8EA-DC3A-FA94EDDECCCC} “StubPath” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsSrvIDID “SUJM2ARJW6” = bhiffa
HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsINSTALLDATE “SUJM2ARJW6” = November 21, 2010
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfile “DoNotAllowExceptions” = [REG_DWORD, value: 00000000]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfile “DoNotAllowExceptions” = [REG_DWORD, value: 00000000]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:svihost32.exe” = c:svihost32.exe:*:Enabled:Windows Messanger
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe” = C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe:*:Enabled:Windows Messanger
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsSrvIDID “SUJM2ARJW6”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}1.0 “win32”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “ProductName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdvanced INF Setup “AdvpackLogFile”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfile “DoNotAllowExceptions”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfile “DoNotAllowExceptions”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:svihost32.exe”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe”
Enums HKEY_LOCAL_MACHINESYSTEMControlSet001ControlMediaResourcesmsvideo
File Changes by all processes
New Files c:svihost32.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
DeviceRasAcd
C:Dokumente und EinstellungenAdministratorAnwendungsdatendata.dat
Opened Files C:WINDOWSRegistrationR000000000007.clb
c:svihost32.exe
c:svihost32.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWSsystem32de-DEwshom.ocx.mui
C:WINDOWSsystem32wshom.ocx
C:WINDOWSsystem32MSVBVM60.DLL
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
Deleted Files
Chronological Order Get File Attributes: C:WINDOWSsystem32.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSHelp.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Find File: c:svihost32.exe
Create/Open File: c:svihost32.exe (OPEN_ALWAYS)
Open File: c:svihost32.exe (OPEN_EXISTING)
Create File: C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
Open File: c:svihost32.exe (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe (OPEN_EXISTING)
Set File Time: C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe Flags: (FILE_ATTRIBUTE_HIDDEN SECURITY_ANONYMOUS)
Set File Attributes: c:svihost32.exe Flags: (FILE_ATTRIBUTE_HIDDEN SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32cmd.exe
Get File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatensvihost.exe Flags: (SECURITY_ANONYMOUS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: C:WINDOWSsystem32de-DEwshom.ocx.mui (OPEN_EXISTING)
Open File: C:WINDOWSsystem32wshom.ocx (OPEN_EXISTING)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32MSVBVM60.DLL (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatendata.dat
Create/Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatendata.dat (OPEN_ALWAYS)
Get File Attributes: C: Flags: (SECURITY_ANONYMOUS)
Find File: C:
Find File: c:REG.*
Find File: c:REG
Find File: C:WINDOWSsystem32REG.*
Find File: C:WINDOWSsystem32reg.COM
Find File: C:WINDOWSsystem32reg.EXE
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32reg.exe
Get File Attributes: C: Flags: (SECURITY_ANONYMOUS)
Find File: C:
Find File: c:REG.*
Find File: c:REG
Find File: C:WINDOWSsystem32REG.*
Find File: C:WINDOWSsystem32reg.COM
Find File: C:WINDOWSsystem32reg.EXE
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32reg.exe
Get File Attributes: C: Flags: (SECURITY_ANONYMOUS)
Find File: C:
Find File: c:REG.*
Find File: c:REG
Find File: C:WINDOWSsystem32REG.*
Find File: C:WINDOWSsystem32reg.COM
Find File: C:WINDOWSsystem32reg.EXE
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32reg.exe
Get File Attributes: C: Flags: (SECURITY_ANONYMOUS)
Find File: C:
Find File: c:REG.*
Find File: c:REG
Find File: C:WINDOWSsystem32REG.*
Find File: C:WINDOWSsystem32reg.COM
Find File: C:WINDOWSsystem32reg.EXE
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32reg.exe