=======================
DarkKomet? Regshot
======================

Regshot 1.8.1
Datetime:2013/1/30 13:59:00  ,  2013/1/30 14:06:23

----------------------------------
Keys deleted:1
----------------------------------
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130122

----------------------------------
Keys added:12
----------------------------------
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CAPTUREFILEMONITOR\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CAPTUREFILEMONITOR\0000\Control
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dmp
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130128
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013013020130131
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\3
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\37
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Sysinternals\Process Explorer\ProcessComments

----------------------------------
Values deleted:5
----------------------------------
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130122\CachePath: "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013012120130122\"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130122\CachePrefix: ":2013012120130122: "
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130122\CacheLimit: 0x00002000
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130122\CacheOptions: 0x0000000B
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130122\CacheRepair: 0x00000000

----------------------------------
Values added:52
----------------------------------
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CAPTUREFILEMONITOR\0000\Control\ActiveService: "CaptureFileMonitor"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CAPTUREFILEMONITOR\0000\Control\ActiveService: "CaptureFileMonitor"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\d: 70 00 72 00 6F 00 63 00 65 00 78 00 70 00 2E 00 65 00 78 00 65 00 00 00 44 00 3A 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\e: 6D 00 73 00 70 00 61 00 69 00 6E 00 74 00 2E 00 65 00 78 00 65 00 00 00 44 00 3A 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\e: "D:\Adobe-Flash_WIN.exe.bin.txt"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\f: "D:\Adobe-Flash_WIN.exe.bin2.txt"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\g: "D:\Adobe-Flash_WIN2.dmp"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\h: "D:\001.bmp"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\i: "D:\002.bmp"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt\c: "D:\Adobe-Flash_WIN.exe.bin.txt"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt\d: "D:\Adobe-Flash_WIN.exe.bin2.txt"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp\a: "D:\001.bmp"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp\MRUList: "ba"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp\b: "D:\002.bmp"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dmp\a: "D:\Adobe-Flash_WIN2.dmp"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dmp\MRUList: "a"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList\a: "mspaint.exe"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList\MRUList: "a"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dmp\OpenWithList\a: "procexp.exe"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dmp\OpenWithList\MRUList: "a"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList\c: "procexp.exe"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\9: 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 2E 00 74 00 78 00 74 00 00 00 78 00 32 00 00 00 00 00 00 00 00 00 00 00 41 64 6F 62 65 2D 46 6C 61 73 68 5F 57 49 4E 2E 65 78 65 2E 62 69 6E 2E 6C 6E 6B 00 4E 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 2A 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\10: EA 30 E0 30 FC 30 D0 30 D6 30 EB 30 20 00 C7 30 A3 30 B9 30 AF 30 20 00 28 00 44 00 3A 00 29 00 00 00 74 00 36 00 00 00 00 00 00 00 00 00 00 00 EA 30 E0 30 FC 30 D0 30 D6 30 EB 30 20 00 C7 30 A3 30 B9 30 AF 30 20 00 28 00 44 00 29 00 2E 00 6C 00 6E 00 6B 00 00 00 3E 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 EA 30 E0 30 FC 30 D0 30 D6 30 EB 30 20 00 C7 30 A3 30 B9 30 AF 30 20 00 28 00 44 00 29 00 2E 00 6C 00 6E 00 6B 00 00 00 36 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\11: 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 32 00 2E 00 74 00 78 00 74 00 00 00 7C 00 32 00 00 00 00 00 00 00 00 00 00 00 41 64 6F 62 65 2D 46 6C 61 73 68 5F 57 49 4E 2E 65 78 65 2E 62 69 6E 32 2E 6C 6E 6B 00 00 50 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 2C 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\12: 30 00 30 00 31 00 2E 00 62 00 6D 00 70 00 00 00 3C 00 32 00 00 00 00 00 00 00 00 00 00 00 30 30 31 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 30 00 30 00 31 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\13: 30 00 30 00 32 00 2E 00 62 00 6D 00 70 00 00 00 3C 00 32 00 00 00 00 00 00 00 00 00 00 00 30 30 32 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 30 00 30 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\3: 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 2E 00 74 00 78 00 74 00 00 00 78 00 32 00 00 00 00 00 00 00 00 00 00 00 41 64 6F 62 65 2D 46 6C 61 73 68 5F 57 49 4E 2E 65 78 65 2E 62 69 6E 2E 6C 6E 6B 00 4E 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 2A 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\4: 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 32 00 2E 00 74 00 78 00 74 00 00 00 7C 00 32 00 00 00 00 00 00 00 00 00 00 00 41 64 6F 62 65 2D 46 6C 61 73 68 5F 57 49 4E 2E 65 78 65 2E 62 69 6E 32 2E 6C 6E 6B 00 00 50 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 41 00 64 00 6F 00 62 00 65 00 2D 00 46 00 6C 00 61 00 73 00 68 00 5F 00 57 00 49 00 4E 00 2E 00 65 00 78 00 65 00 2E 00 62 00 69 00 6E 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 2C 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\3: EA 30 E0 30 FC 30 D0 30 D6 30 EB 30 20 00 C7 30 A3 30 B9 30 AF 30 20 00 28 00 44 00 3A 00 29 00 00 00 74 00 36 00 00 00 00 00 00 00 00 00 00 00 EA 30 E0 30 FC 30 D0 30 D6 30 EB 30 20 00 C7 30 A3 30 B9 30 AF 30 20 00 28 00 44 00 29 00 2E 00 6C 00 6E 00 6B 00 00 00 3E 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 EA 30 E0 30 FC 30 D0 30 D6 30 EB 30 20 00 C7 30 A3 30 B9 30 AF 30 20 00 28 00 44 00 29 00 2E 00 6C 00 6E 00 6B 00 00 00 36 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp\0: 30 00 30 00 31 00 2E 00 62 00 6D 00 70 00 00 00 3C 00 32 00 00 00 00 00 00 00 00 00 00 00 30 30 31 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 30 00 30 00 31 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp\MRUListEx: 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp\1: 30 00 30 00 32 00 2E 00 62 00 6D 00 70 00 00 00 3C 00 32 00 00 00 00 00 00 00 00 00 00 00 30 30 32 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 30 00 30 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\evx\デスクトップ\Nqbor-Synfu_JVA.rkr: 02 00 00 00 0E 00 00 00 A0 9A F1 DA F2 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\evx\デスクトップ\Nqbor-Synfu_JVA4.rkr: 02 00 00 00 06 00 00 00 F0 5B D9 7D F2 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\evx\デスクトップ\Nqbor-Synfu_JVA2.rkr: 02 00 00 00 07 00 00 00 30 28 58 BB F2 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130128\CachePath: "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013012120130128\"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130128\CachePrefix: ":2013012120130128: "
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130128\CacheLimit: 0x00002000
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130128\CacheOptions: 0x0000000B
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013012120130128\CacheRepair: 0x00000000
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013013020130131\CachePath: "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013013020130131\"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013013020130131\CachePrefix: ":2013013020130131: "
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013013020130131\CacheLimit: 0x00002000
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013013020130131\CacheOptions: 0x0000000B
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013013020130131\CacheRepair: 0x00000000
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\3: 58 00 31 00 00 00 00 00 47 41 48 4E 11 00 4D 59 50 49 43 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 47 41 3D 4E 46 41 00 78 14 00 00 00 4D 00 79 00 20 00 50 00 69 00 63 00 74 00 75 00 72 00 65 00 73 00 00 00 18 00 12 00 27 00 06 00 EF BE 72 00 69 00 6B 00 00 00 18 00 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\3\NodeSlot: 0x00000025
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\3\MRUListEx: FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\FolderType: "MyPictures"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\rik\デスクトップ\Adobe-Flash_WIN.exe: "Image Extract v1.3"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\rik\デスクトップ\Adobe-Flash_WIN4.exe: "Image Extract v1.3"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\rik\デスクトップ\Adobe-Flash_WIN2.exe: "Image Extract v1.3"

----------------------------------
Values modified:19
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 52 A9 7B 0D E4 A4 78 32 3F 42 ED 0B EC 13 8D D6 68 79 29 C4 A3 B9 09 2A BA EC FD B0 AA 31 05 6D 85 51 75 A6 89 3D 5A 7F 46 94 A3 68 6A 1A BE 34 E6 48 65 E8 70 BB A1 77 58 84 47 89 38 CE 60 E9 A7 9B DE 0C 77 E9 00 27 1F D2 DA 1B A0 70 3A FA
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 8B E1 D6 F0 CF 17 22 1D 31 C2 F2 04 62 A3 E0 70 8A 29 B0 93 ED 8B 55 32 D2 74 4C 53 00 63 36 4E 76 92 6B FF 46 F4 BB B8 FD 78 4E 8D 3A 91 75 46 B2 BA B7 76 A4 4D 09 10 F8 49 4C 0B CE E6 34 38 DD 49 E9 31 16 4B CF A9 4D 33 72 D9 1F D5 6B 7B
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x00000011
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x0000001F
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\Error Count: 0x00000006
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\Error Count: 0x000000BE
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\Error Count: 0x00000006
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\Error Count: 0x000000BE
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "acb"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "edacb"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "dcba"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "ihgfedcba"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt\MRUList: "ba"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt\MRUList: "dcba"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList\MRUList: "ab"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList\MRUList: "cab"
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx: 08 00 00 00 02 00 00 00 04 00 00 00 07 00 00 00 06 00 00 00 05 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx: 0A 00 00 00 0D 00 00 00 0C 00 00 00 0B 00 00 00 09 00 00 00 08 00 00 00 02 00 00 00 04 00 00 00 07 00 00 00 06 00 00 00 05 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\MRUListEx: 00 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\MRUListEx: 04 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\MRUListEx: 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\MRUListEx: 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 02 00 00 00 5C 00 00 00 A0 73 50 B3 F1 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 02 00 00 00 69 00 00 00 B0 50 EF DA F2 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 9B 00 00 00 50 6D 6F B3 F1 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 A8 00 00 00 A0 9A F1 DA F2 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\evx\デスクトップ\PncgherONG.rkr: 02 00 00 00 0E 00 00 00 A0 7C 59 C6 BF F7 CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\evx\デスクトップ\PncgherONG.rkr: 02 00 00 00 0F 00 00 00 00 F3 9E 61 F2 FE CD 01
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\MRUListEx: 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\MRUListEx: 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Sysinternals\Process Explorer\Windowplacement: 2C 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 95 01 00 00 FE FF FF FF ED 03 00 00 F2 01 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Sysinternals\Process Explorer\Windowplacement: 2C 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF AE 00 00 00 73 00 00 00 BF 03 00 00 AA 02 00 00
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Sysinternals\Process Explorer\SymbolWarningShown: 0x00000000
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Sysinternals\Process Explorer\SymbolWarningShown: 0x00000001
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Sysinternals\Process Explorer\DefaultProcPropPage: 0x00000004
HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Sysinternals\Process Explorer\DefaultProcPropPage: 0x00000006

----------------------------------
Total changes:89
----------------------------------