bozoo.no-ip.biz 94.120.148.91
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963
Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "mstwain32" = C:\WINDOWS\mstwain32.exe
Reads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared "CUAS"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Language Hotkey"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Layout Hotkey"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF "EnableAnchorContext"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM "Ime File"
HKEY_CURRENT_USER\Software\Microsoft\CTF "Disable Thread Input Manager"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting "Default Impersonation Level"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Logging Directory"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Logging"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Log File Max Size"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Repository Directory"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting "Default Namespace"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "ProcessID"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "EnablePrivateObjectHeap"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "ContextLimit"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "ObjectLimit"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "IdentifierLimit"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0 "win32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared "CUAS"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Language Hotkey"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Layout Hotkey"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF "EnableAnchorContext"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM "Ime File"
HKEY_CURRENT_USER\Software\Microsoft\CTF "Disable Thread Input Manager"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Logging"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Logging Directory"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Log File Max Size"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCompatibility "DisableAppCompat"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5}\InprocServer32 ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\ProtocolHandlers\File\0 "ProgID"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mapi "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Outlookexpress "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OTFS "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video "ScriptOk"
HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter "Installed"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared "CUAS"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Language Hotkey"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Layout Hotkey"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF "EnableAnchorContext"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM "Ime File"
HKEY_CURRENT_USER\Software\Microsoft\CTF "Disable Thread Input Manager"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting "Default Impersonation Level"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Logging Directory"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Logging"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Log File Max Size"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "Repository Directory"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting "Default Namespace"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "ProcessID"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "EnablePrivateObjectHeap"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "ContextLimit"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "ObjectLimit"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM "IdentifierLimit"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0 "win32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared "CUAS"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Language Hotkey"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Layout Hotkey"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF "EnableAnchorContext"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM "Ime File"
HKEY_CURRENT_USER\Software\Microsoft\CTF "Disable Thread Input Manager"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService "DefaultAuthLevel"
Enums HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\ProtocolHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\ProtocolHandlers\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType
File Changes by all processes
New Files c:\tripeks.exe
C:\WINDOWS\mstwain32.exe
C:\WINDOWS\mstwain32.exe
C:\WINDOWS\ntdtcstp.dll
C:\WINDOWS\cmsetac.dll
\Device\RasAcd
Opened Files C:\WINDOWS\Registration\R000000000007.clb
\\.\PIPE\lsarpc
C:\WINDOWS\system32\wbem\wbemdisp.TLB
\\.\PIPE\lsarpc
C:\WINDOWS\VMPipe32.dll
C:\WINDOWS\mstwain32.exe
\\.\PIPE\wkssvc
C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\WINDOWS\Registration\R000000000007.clb
C:\WINDOWS\AppPatch\sysmain.sdb
C:\WINDOWS\AppPatch\systest.sdb
\Device\NamedPipe\ShimViewer
C:\WINDOWS\
C:\WINDOWS\Registration\R000000000007.clb
\\.\PIPE\lsarpc
C:\WINDOWS\system32\wbem\wbemdisp.TLB
\\.\PIPE\lsarpc
C:\WINDOWS\VMPipe32.dll
Deleted Files
Chronological Order Create/Open File: c:\tripeks.exe (OPEN_ALWAYS)
Find File: c:\tripeks.exe
Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\Registration\R000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\system32\WBEM\Logs\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Open File: C:\WINDOWS\system32\wbem\wbemdisp.TLB (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\system32\.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\Help\.HLP Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Open File: C:\WINDOWS\VMPipe32.dll (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\mstwain32.exe Flags: (SECURITY_ANONYMOUS)
Copy File: c:\tripeks.exe to C:\WINDOWS\mstwain32.exe
Find File: C:\WINDOWS\*.*
Open File: C:\WINDOWS\mstwain32.exe (OPEN_EXISTING)
Set File Time: C:\WINDOWS\mstwain32.exe
Open File: \\.\PIPE\wkssvc (OPEN_EXISTING)
Get File Attributes: c:\ Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\ Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\desktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini Flags: (SECURITY_ANONYMOUS)
Open File: C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\Registration\R000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\mstwain32.exe:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\AppPatch\sysmain.sdb (OPEN_EXISTING)
Open File: C:\WINDOWS\AppPatch\systest.sdb (OPEN_EXISTING)
Open File: \Device\NamedPipe\ShimViewer (OPEN_EXISTING)
Open File: C:\WINDOWS\ ()
Find File: C:\WINDOWS\mstwain32.exe
Create/Open File: C:\WINDOWS\mstwain32.exe (OPEN_ALWAYS)
Find File: C:\WINDOWS\mstwain32.exe
Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\Registration\R000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\system32\WBEM\Logs\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Open File: C:\WINDOWS\system32\wbem\wbemdisp.TLB (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\system32\.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\Help\.HLP Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Open File: C:\WINDOWS\VMPipe32.dll (OPEN_EXISTING)
Create File: C:\WINDOWS\ntdtcstp.dll
Create File: C:\WINDOWS\cmsetac.dll
Create/Open File: \Device\RasAcd (OPEN_ALWAYS)
Hackforums.net Investigation
We are working to get Hackforums.net shut down. We feel strongly that it a website which has an undue influence on young people as well as promoting illegal computer activities such as hacking, virus spreading, manipulation of online financial services etc.
I'm not certain of what your criteria if for judging a site to be 'positive for malware'. I know that is not an easy threat to withstand and I don't blame this site for exercising caution and withdrawing the 'positive' for malware decision.
Hackforums.net - "Infecting one another with malware."
We are reporting this site for illegal activitie and it should be closed as soon as posible!
Legal internet law will clean all illegal activities and we will help realise it!
[IT Security Team]
We are working to get Hackforums.net shut down. We feel strongly that it a website which has an undue influence on young people as well as promoting illegal computer activities such as hacking, virus spreading, manipulation of online financial services etc.
I'm not certain of what your criteria if for judging a site to be 'positive for malware'. I know that is not an easy threat to withstand and I don't blame this site for exercising caution and withdrawing the 'positive' for malware decision.
Hackforums.net - "Infecting one another with malware."
We are reporting this site for illegal activitie and it should be closed as soon as posible!
Legal internet law will clean all illegal activities and we will help realise it!
[IT Security Team]
