API tools faq
paste
Advertisement
unixfreaxjp

DFIR - TcpAdaptorService.exe - Reg

unixfreaxjp
Jan 31st, 2013
179
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.33 KB | None | 0 0
raw download clone embed print report
  1. ==================================================
  2. Regshot 1.8.1 - TcpAdaptorService.exe
  3. Datetime:2013/1/31 10:48:22 , 2013/1/31 11:00:39
  4. ==================================================
  5.  
  6. ----------------------------------
  7. Keys added:
  8. ----------------------------------
  9. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX
  10. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000
  11. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\Control
  12. HKLM\SYSTEM\ControlSet001\Services\Retalix
  13. HKLM\SYSTEM\ControlSet001\Services\Retalix\Security
  14. HKLM\SYSTEM\ControlSet001\Services\Retalix\Enum
  15. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX
  16. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000
  17. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\Control
  18. HKLM\SYSTEM\CurrentControlSet\Services\Retalix
  19. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Security
  20. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Enum
  21. HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll
  22. HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithList
  23. HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
  24. HKU\S-1-5-21-1214440339-926492609-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013013120130201
  25.  
  26. ----------------------------------
  27. Values added:
  28. ----------------------------------
  29. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\Control\*NewlyCreated*: 0x00000000
  30. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\Control\ActiveService: "Retalix"
  31. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\Service: "Retalix"
  32. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\Legacy: 0x00000001
  33. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\ConfigFlags: 0x00000000
  34. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\Class: "LegacyDriver"
  35. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
  36. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\0000\DeviceDesc: "Retalix"
  37. HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RETALIX\NextInstance: 0x00000001
  38. HKLM\SYSTEM\ControlSet001\Services\Retalix\Enum\0: "Root\LEGACY_RETALIX\0000"
  39. HKLM\SYSTEM\ControlSet001\Services\Retalix\Enum\Count: 0x00000001
  40. HKLM\SYSTEM\ControlSet001\Services\Retalix\Enum\NextInstance: 0x00000001
  41. HKLM\SYSTEM\ControlSet001\Services\Retalix\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
  42. HKLM\SYSTEM\ControlSet001\Services\Retalix\Type: 0x00000110
  43. HKLM\SYSTEM\ControlSet001\Services\Retalix\Start: 0x00000002
  44. HKLM\SYSTEM\ControlSet001\Services\Retalix\ErrorControl: 0x00000000
  45. HKLM\SYSTEM\ControlSet001\Services\Retalix\ImagePath: "C:\Documents and Settings\rik\%DESKTOP%\TcpAdaptorService.exe"
  46. HKLM\SYSTEM\ControlSet001\Services\Retalix\DisplayName: "Retalix"
  47. HKLM\SYSTEM\ControlSet001\Services\Retalix\ObjectName: "LocalSystem"
  48. HKLM\SYSTEM\ControlSet001\Services\Retalix\FailureActions: FF FF FF FF 01 00 00 00 01 00 00 00 03 00 00 00 49 00 70 00 01 00 00 00 C0 D4 01 00 01 00 00 00 C0 D4 01 00 01 00 00 00 C0 D4 01 00
  49. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\Control\*NewlyCreated*: 0x00000000
  50. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\Control\ActiveService: "Retalix"
  51. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\Service: "Retalix"
  52. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\Legacy: 0x00000001
  53. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\ConfigFlags: 0x00000000
  54. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\Class: "LegacyDriver"
  55. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
  56. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\0000\DeviceDesc: "Retalix"
  57. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RETALIX\NextInstance: 0x00000001
  58. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Enum\0: "Root\LEGACY_RETALIX\0000"
  59. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Enum\Count: 0x00000001
  60. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Enum\NextInstance: 0x00000001
  61. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
  62. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Type: 0x00000110
  63. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\Start: 0x00000002
  64. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\ErrorControl: 0x00000000
  65. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\ImagePath: "C:\Documents and Settings\rik\%DESKTOP%\TcpAdaptorService.exe"
  66. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\DisplayName: "Retalix"
  67. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\ObjectName: "LocalSystem"
  68. HKLM\SYSTEM\CurrentControlSet\Services\Retalix\FailureActions: FF FF FF FF 01 00 00 00 01 00 00 00 03 00 00 00 49 00 70 00 01 00 00 00 C0 D4 01 00 01 00 00 00 C0 D4 01 00 01 00 00 00 C0 D4 01 00 70 00 41 00 64 00 61 00 70 00 74 00 6F 00 72 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 2E 00 65 00 78 00 65 00 2E 00 6D 00 65 00 6D 00 2E 00 6C 00 6E 00 6B 00 00 00 2C 00 00 00
  69.  
  70.  
  71. ----------------------------------
  72. Values modified:
  73. ----------------------------------
  74. HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: A2 32 C5 95 75 28 0F 6F 79 24 20 46 93 B3 F5 34 7A 91 9B BD B1 8C 75 AB C9 EB DE 13 42 0A EC 45 D2 AA 6C 07 95 0D F4 EA FC 01 B4 2D 31 EB 72 83 EA 83 C7 0F F0 9E D0 06 EF 9E 5E 92 AB 8F 04 87 C5 41 DC 55 7A 30 F1 49 36 CE 04 41 3B 4D D5 E8
  75. HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: C2 C9 27 2C EA 3D D3 20 FA F6 BC A0 7D C6 E2 98 D6 03 BE 02 0E 4A CC 80 C1 8D B9 F0 94 FE B9 13 DA 44 30 C7 4A 46 CF 9A AD 49 77 30 15 5E 3E 06 72 9D 10 06 72 93 D8 F2 65 F2 74 87 6F B4 0B 1B 64 C4 D1 9D 69 BE B4 7A FA 77 A9 73 D3 75 B5 A3
  76. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x0000000F
  77. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x00000038
  78. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x00000004
  79. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x00000006
  80. HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent\: 0x0000000E
  81. HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent\: 0x0000000F
  82. HKLM\SYSTEM\CurrentControlSet\Control\ServiceCurrent\: 0x0000000E
  83. HKLM\SYSTEM\CurrentControlSet\Control\ServiceCurrent\: 0x0000000F
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!