deli.byinter.net 93.190.138.202
* C&C Server: 93.190.138.202:6667
* Server Password:
* Username: ryatoaj
* Nickname: [DEU|XP|516568]
* Channel: #!x!# (Password: cih4n1313)
* Channeltopic: :
* C&C Server: 93.190.138.202:6667
* Server Password:
* Username: XP-4392
* Nickname: [00|DEU|636610]
* Channel: #x# (Password: hacimackackac)
* Channeltopic: :.msn.stop|.msn.msg þu resme bi bakarmýsýn (yemekteyim) http://www.facebookbul.co.cc/images.php?=resim166-jpeg?=
* C&C Server: 93.190.138.202:6667
* Server Password:
* Username: aLeyna_yarak-istiyor
* Nickname: sevgi
* Channel: #X (Password: s1k1k)
* Channeltopic: :FFF
Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Services" = WINRAR2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run "Windows Services" = WINRAR2.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\IMBOT.EXE" = C:\WINDOWS\IMBOT.EXE:*:Enabled:Windows Services
Reads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared "CUAS"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Language Hotkey"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Layout Hotkey"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF "EnableAnchorContext"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM "Ime File"
HKEY_CURRENT_USER\Software\Microsoft\CTF "Disable Thread Input Manager"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0 "win32"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 "win32"
HKEY_CURRENT_USER\Software\Microsoft\Visual Basic\6.0 "AllowUnsafeObjectPassing"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography "MachineGuid"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared "CUAS"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Language Hotkey"
HKEY_CURRENT_USER\Keyboard Layout\Toggle "Layout Hotkey"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF "EnableAnchorContext"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCompatibility "DisableAppCompat"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5}\InprocServer32 ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\ProtocolHandlers\File\0 "ProgID"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mapi "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Outlookexpress "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OTFS "ShellFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Default "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.bmp "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.c "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cs "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cxx "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.doc "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.dot "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.emf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.eml "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.err "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.gif "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.h "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.htm "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.html "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.hxx "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.idl "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpeg "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jpg "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.jsl "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mht "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.mhtml "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.nws "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pdf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.png "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pot "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.pps "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.ppt "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.rtf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.txt "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.vb "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wmf "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.wrn "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xls "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xlt "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xml "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.xsd "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\calendar "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\communications "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\contact "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\document "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\email "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\favorite "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\folder "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\im "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\images "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\music "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\note "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\picture "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\presentation "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\program "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\spreadsheet "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\text "ScriptOk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video "ContentType"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video "TemplateUrl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType\video "ScriptOk"
HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter "Installed"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework "InstallRoot"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework "CLRLoadLogDir"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework "OnlyUseLatestCLR"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework\Performance "First Counter"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework\Performance "First Help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib "EventLogLevel"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib "TotalInstanceName"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance "DisplayHeapPerfObject"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance "ProcessNameFormat"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance "ThreadNameFormat"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Performance "First Counter"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Performance "First Help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService "10"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders "SecurityProviders"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Name"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Comment"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Capabilities"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "RpcId"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Version"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Type"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "TokenSize"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Name"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Comment"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Capabilities"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "RpcId"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Version"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Type"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "TokenSize"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Name"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Comment"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Capabilities"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "RpcId"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Version"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Type"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "TokenSize"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Performance "First Counter"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Performance "First Help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony "Perf1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony "Perf2"
HKEY_PERFORMANCE_DATA "230 784"
HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter "Installed"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework "InstallRoot"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework "CLRLoadLogDir"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework "OnlyUseLatestCLR"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework\Performance "First Counter"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework\Performance "First Help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib "EventLogLevel"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib "TotalInstanceName"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance "DisplayHeapPerfObject"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance "ProcessNameFormat"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance "ThreadNameFormat"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Performance "First Counter"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Performance "First Help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService "10"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders "SecurityProviders"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Name"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Comment"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Capabilities"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "RpcId"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Version"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "Type"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll "TokenSize"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Name"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Comment"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Capabilities"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "RpcId"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Version"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "Type"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll "TokenSize"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Name"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Comment"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Capabilities"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "RpcId"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Version"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "Type"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll "TokenSize"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Performance "First Counter"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Performance "First Help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony "Perf1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony "Perf2"
HKEY_PERFORMANCE_DATA "230 784"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService "DefaultAuthLevel"
Enums HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\ProtocolHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\ProtocolHandlers\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy
File Changes by all processes
New Files c:\images000123jpg.exe
C:\WINDOWS\CIMBOT.EXE
C:\WINDOWS\IMBOT.EXE
\Device\Tcp
\Device\Ip
\Device\Ip
\Device\Gpc
\Device\Tcp6
C:\WINDOWS\WINRAR2.exe
\Device\Tcp
\Device\Ip
\Device\Ip
\Device\Gpc
\Device\Tcp6
\Device\RasAcd
Opened Files C:\WINDOWS\Registration\R000000000007.clb
C:\WINDOWS\system32\de-DE\wshom.ocx.mui
C:\WINDOWS\system32\wshom.ocx
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\CIMBOT.EXE
\\.\PIPE\wkssvc
\\.\PIPE\lsarpc
C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\WINDOWS\Registration\R000000000007.clb
C:\WINDOWS\AppPatch\sysmain.sdb
C:\WINDOWS\AppPatch\systest.sdb
\Device\NamedPipe\ShimViewer
C:\WINDOWS\
C:\WINDOWS\IMBOT.EXE.config
C:\WINDOWS\IMBOT.EXE
\\.\Ip
\\.\PIPE\EVENTLOG
\\.\PIPE\ROUTER
C:\WINDOWS\AppPatch\sysmain.sdb
C:\WINDOWS\AppPatch\systest.sdb
\Device\NamedPipe\ShimViewer
C:\WINDOWS\
C:\WINDOWS\WINRAR2.exe.config
C:\WINDOWS\WINRAR2.exe
\\.\Ip
\\.\PIPE\EVENTLOG
\\.\PIPE\ROUTER
C:\WINDOWS\WINRAR2.exe
Deleted Files C:\WINDOWS\CIMBOT.EXE
Chronological Order Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\Registration\R000000000007.clb (OPEN_EXISTING)
Open File: C:\WINDOWS\system32\de-DE\wshom.ocx.mui (OPEN_EXISTING)
Open File: C:\WINDOWS\system32\wshom.ocx (OPEN_EXISTING)
Open File: C:\WINDOWS\system32\stdole2.tlb (OPEN_EXISTING)
Create/Open File: c:\images000123jpg.exe (OPEN_ALWAYS)
Get File Attributes: C:\WINDOWS\system32\.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\Help\.HLP Flags: (SECURITY_ANONYMOUS)
Create File: C:\WINDOWS\CIMBOT.EXE
Open File: C:\WINDOWS\CIMBOT.EXE (OPEN_EXISTING)
Create File: C:\WINDOWS\IMBOT.EXE
Delete File: C:\WINDOWS\CIMBOT.EXE
Open File: \\.\PIPE\wkssvc (OPEN_EXISTING)
Get File Attributes: c:\ Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\IMBOT.EXE Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\WINDOWS\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Get File Attributes: C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\desktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini Flags: (SECURITY_ANONYMOUS)
Open File: C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\Registration Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\Registration\R000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\IMBOT.EXE:Zone.Identifier Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\AppPatch\sysmain.sdb (OPEN_EXISTING)
Open File: C:\WINDOWS\AppPatch\systest.sdb (OPEN_EXISTING)
Open File: \Device\NamedPipe\ShimViewer (OPEN_EXISTING)
Open File: C:\WINDOWS\ ()
Find File: C:\WINDOWS\IMBOT.EXE
Get File Attributes: C:\WINDOWS\system32\mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\IMBOT.EXE.config (OPEN_EXISTING)
Open File: C:\WINDOWS\IMBOT.EXE (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 Flags: (SECURITY_ANONYMOUS)
Find File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Create/Open File: \Device\Tcp (OPEN_ALWAYS)
Create/Open File: \Device\Ip (OPEN_ALWAYS)
Create/Open File: \Device\Ip (OPEN_ALWAYS)
Open File: \\.\Ip (OPEN_EXISTING)
Create/Open File: \Device\Gpc (OPEN_ALWAYS)
Create/Open File: \Device\Tcp6 (OPEN_ALWAYS)
Open File: \\.\PIPE\EVENTLOG (OPEN_EXISTING)
Open File: \\.\PIPE\ROUTER (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\WINRAR2.exe Flags: (SECURITY_ANONYMOUS)
Copy File: C:\WINDOWS\IMBOT.EXE to C:\WINDOWS\WINRAR2.exe
Set File Attributes: C:\WINDOWS\WINRAR2.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\AppPatch\sysmain.sdb (OPEN_EXISTING)
Open File: C:\WINDOWS\AppPatch\systest.sdb (OPEN_EXISTING)
Open File: \Device\NamedPipe\ShimViewer (OPEN_EXISTING)
Open File: C:\WINDOWS\ ()
Find File: C:\WINDOWS\WINRAR2.exe
Get File Attributes: C:\WINDOWS\system32\mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: C:\WINDOWS\WINRAR2.exe.config (OPEN_EXISTING)
Open File: C:\WINDOWS\WINRAR2.exe (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 Flags: (SECURITY_ANONYMOUS)
Find File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Create/Open File: \Device\Tcp (OPEN_ALWAYS)
Create/Open File: \Device\Ip (OPEN_ALWAYS)
Create/Open File: \Device\Ip (OPEN_ALWAYS)
Open File: \\.\Ip (OPEN_EXISTING)
Create/Open File: \Device\Gpc (OPEN_ALWAYS)
Create/Open File: \Device\Tcp6 (OPEN_ALWAYS)
Open File: \\.\PIPE\EVENTLOG (OPEN_EXISTING)
Open File: \\.\PIPE\ROUTER (OPEN_EXISTING)
Create/Open File: \Device\RasAcd (OPEN_ALWAYS)
Open File: C:\WINDOWS\WINRAR2.exe (OPEN_EXISTING)
Hackforums.net Investigation
We are working to get Hackforums.net shut down. We feel strongly that it a website which has an undue influence on young people as well as promoting illegal computer activities such as hacking, virus spreading, manipulation of online financial services etc.
I'm not certain of what your criteria if for judging a site to be 'positive for malware'. I know that is not an easy threat to withstand and I don't blame this site for exercising caution and withdrawing the 'positive' for malware decision.
Hackforums.net - "Infecting one another with malware."
We are reporting this site for illegal activitie and it should be closed as soon as posible!
Legal internet law will clean all illegal activities and we will help realise it!
[IT Security Team]
We are working to get Hackforums.net shut down. We feel strongly that it a website which has an undue influence on young people as well as promoting illegal computer activities such as hacking, virus spreading, manipulation of online financial services etc.
I'm not certain of what your criteria if for judging a site to be 'positive for malware'. I know that is not an easy threat to withstand and I don't blame this site for exercising caution and withdrawing the 'positive' for malware decision.
Hackforums.net - "Infecting one another with malware."
We are reporting this site for illegal activitie and it should be closed as soon as posible!
Legal internet law will clean all illegal activities and we will help realise it!
[IT Security Team]
