Sie sind auf Seite 1von 8

Registry Report - NTUSER.

DAT

Software\Microsoft\Internet Account Manager\Accounts\00000001

Last Written Time 9/26/2003 21:59:29 UTC

Name Type Data


Account
REG_SZ mail.fakeid.com
Name
Connection
REG_DWORD 0x00000003 (3)
Type
POP3 Server REG_SZ mail.fakeid.com
POP3 User
REG_SZ ID.THEFT.DUDE
Name
01 02 6D 00 61 00 69 00 6C 00 2E 00 66 00 61 00 6B 00 65 00 69 00 64 00
POP3
REG_BINARY 2E 00 63 00 6F 00 6D 00 32 00 42 00 34 00 32 00 38 00 34 00 46 00 30 00
Password2
00 00
(ASCII String) ..m.a.i.l...f.a.k.e.i.d...c.o.m.2.B.4.2.8.4.F.0...
(UTF-16
mail.fakeid.com2B4284F0
String)
POP3 Use
REG_DWORD 0x00000000 (0)
Sicily
POP3 Prompt
REG_DWORD 0x00000000 (0)
for Password
SMTP Server REG_SZ mail.fakeid.com
SMTP
Display REG_SZ fake id member
Name
SMTP Email
REG_SZ ID.THEFT.DUDE@FAKEID.COM
Address
Software\Microsoft\MediaPlayer\Player\RecentFileList

Last Written Time 9/26/2003 22:49:33 UTC

Name Type Data


File0 REG_SZ D:\Music from WV\Midi\Ninja Gaiden\Masked Devil.mid
File1 REG_SZ D:\Music from WV\Midi\Gyrus.mid
File2 REG_SZ D:\Music from WV\Midi\MI 1.mid
File3 REG_SZ D:\Music from WV\la femme nikita - Main Theme (Club Version).mp3
File4 REG_SZ D:\Music from WV\01 When I'm Gone.wma
File5 REG_SZ D:\Music from WV\Copy of La Femme Nikita - Coldplay - Spies (Acoustic).mp3
File6 REG_SZ D:\Music from WV\Nickelback - How you remind me (Acoustic).mp3
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories
File7 REG_SZ
(Highway Blues).wma
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's
File8 REG_SZ
Symphony No. 9 (Scherzo).wma

Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts

Last Written Time 9/26/2003 22:17:40 UTC

Name Type Data


hp deskjet 3820 series REG_SZ winspool,Ne00:,15,45

Software\Microsoft\Internet Explorer\Main

Last Written Time 9/26/2003 23:12:13 UTC

Name Type Data


NoUpdateCheck REG_DWORD 0x00000001 (1)
NoJITSetup REG_DWORD 0x00000001 (1)
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01 00 00 00
(ASCII String) ....
(UTF-16
String)
Local Page REG_SZ C:\WINDOWS\System32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
http://www.microsoft.com/isapi/redir.dll?
Start Page REG_SZ
prd=ie&pver=6&ar=msnhome
Use_DlgBox_Colors REG_SZ yes
http://www.microsoft.com/isapi/redir.dll?
Search Page REG_SZ
prd=ie&ar=iesearch
Use FormSuggest REG_SZ yes
FullScreen REG_SZ no
2C 00 00 00 02 00 00 00 03 00 00 00 00 83 FF FF 00 83
Window_Placement REG_BINARY FF FF FF FF FF FF FF FF FF FF 42 00 00 00 42 00 00 00
62 03 00 00 9A 02 00 00
(ASCII String) ,...........................B...B...b.......
(UTF-16
,
String)
NotifyDownloadComplete REG_SZ no
C:\Documents and Settings\ID THEFT DUDE\Desktop\JC
Save Directory REG_SZ
PENNY\

Software\Microsoft\Internet Explorer

Last Written Time 9/26/2003 21:56:50 UTC

Name Type Data


(default) REG_SZ (value not set)
Download Directory REG_SZ C:\Documents and Settings\ID THEFT DUDE\Desktop

Software\Microsoft\Internet Explorer\TypedURLs
Last Written Time 9/26/2003 23:12:13 UTC

Name Type Data


url1 REG_SZ http://www.usair.com/
url2 REG_SZ http://yahoo.com/
url3 REG_SZ http://www.americanexpress.com/
url4 REG_SZ http://google.com/
url5 REG_SZ www.stealmycard.net
url6 REG_SZ www.lostID.com
url7 REG_SZ http://www.lasvegas.com/
url8 REG_SZ http://www.dallas.com/
url9 REG_SZ www.creditstealer.com
url10 REG_SZ http://www.fakeid.com/
url11 REG_SZ http://www.google.com
url12 REG_SZ http://www.idtheft.com/
url13 REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Last Written Time 9/26/2003 23:08:07 UTC

Name Type Data


MRU
37, 28, 29, 25, 36, 35, 34, 31, 20, 17, 2, 3, 30, 4, 19, 18, 22, 33, 32,
MRUListEx REG_BINARY ordered :
10, 27, 21, 16, 26, 23, 13, 9, 24, 12, 11, 14, 8, 6, 7, 5, 0, 1
list
Shortcut Target Name : Credit Cards
37 REG_BINARY Shortcut Name (ASCII) : Credit Cards.lnk
Shortcut Name (Unicode) : Credit Cards.lnk
Shortcut Target Name : Am Ex Logo.jpg
28 REG_BINARY Shortcut Name (ASCII) : Am Ex Logo.lnk
Shortcut Name (Unicode) : Am Ex Logo.lnk
Shortcut Target Name : Blue Template.bmp
29 REG_BINARY Shortcut Name (ASCII) : Blue Template.lnk
Shortcut Name (Unicode) : Blue Template.lnk
Shortcut Target Name : Amex Holo.jpg
25 REG_BINARY Shortcut Name (ASCII) : Amex Holo.lnk
Shortcut Name (Unicode) : Amex Holo.lnk
36 REG_BINARY Shortcut Target Name : Famous
Shortcut Name (ASCII) : Famous.lnk
Shortcut Name (Unicode) : Famous.lnk
Shortcut Target Name : This is why JCPENNY !!!.jpg
35 REG_BINARY Shortcut Name (ASCII) : This is why JCPENNY !!!.lnk
Shortcut Name (Unicode) : This is why JCPENNY !!!.lnk
Shortcut Target Name : uk id 2.jpg
34 REG_BINARY Shortcut Name (ASCII) : uk id 2.lnk
Shortcut Name (Unicode) : uk id 2.lnk
Shortcut Target Name : dreamin.jpg
31 REG_BINARY Shortcut Name (ASCII) : dreamin.lnk
Shortcut Name (Unicode) : dreamin.lnk
Shortcut Target Name : new logo.jpg
20 REG_BINARY Shortcut Name (ASCII) : new logo.lnk
Shortcut Name (Unicode) : new logo.lnk
Shortcut Target Name : watch out.jpg
17 REG_BINARY Shortcut Name (ASCII) : watch out.lnk
Shortcut Name (Unicode) : watch out.lnk
Shortcut Target Name : CCG1.gif
2 REG_BINARY Shortcut Name (ASCII) : CCG1.lnk
Shortcut Name (Unicode) : CCG1.lnk
Shortcut Target Name : JCP Stuff.txt
3 REG_BINARY Shortcut Name (ASCII) : JCP Stuff.lnk
Shortcut Name (Unicode) : JCP Stuff.lnk
Shortcut Target Name : uk id.jpg
30 REG_BINARY Shortcut Name (ASCII) : uk id.lnk
Shortcut Name (Unicode) : uk id.lnk
Shortcut Target Name : Am Ex Stuff.txt
4 REG_BINARY Shortcut Name (ASCII) : Am Ex Stuff.lnk
Shortcut Name (Unicode) : Am Ex Stuff.lnk
Shortcut Target Name : top this.jpg
19 REG_BINARY Shortcut Name (ASCII) : top this.lnk
Shortcut Name (Unicode) : top this.lnk
Shortcut Target Name : fake ids.jpg
18 REG_BINARY Shortcut Name (ASCII) : fake ids.lnk
Shortcut Name (Unicode) : fake ids.lnk
Shortcut Target Name : PREVENT THIS.jpg
22 REG_BINARY Shortcut Name (ASCII) : PREVENT THIS.lnk
Shortcut Name (Unicode) : PREVENT THIS.lnk
33 REG_BINARY Shortcut Target Name : Ninja Gaiden
Shortcut Name (ASCII) : Ninja Gaiden.lnk
Shortcut Name (Unicode) : Ninja Gaiden.lnk
Shortcut Target Name : Masked Devil.mid
32 REG_BINARY Shortcut Name (ASCII) : Masked Devil.lnk
Shortcut Name (Unicode) : Masked Devil.lnk
Shortcut Target Name : chase template.gif
10 REG_BINARY Shortcut Name (ASCII) : chase template.lnk
Shortcut Name (Unicode) : chase template.lnk
Shortcut Target Name : Midi
27 REG_BINARY Shortcut Name (ASCII) : Midi.lnk
Shortcut Name (Unicode) : Midi.lnk
Shortcut Target Name : Gyrus.mid
21 REG_BINARY Shortcut Name (ASCII) : Gyrus.lnk
Shortcut Name (Unicode) : Gyrus.lnk
Shortcut Target Name : Gold Template.bmp
16 REG_BINARY Shortcut Name (ASCII) : Gold Template.lnk
Shortcut Name (Unicode) : Gold Template.lnk
Shortcut Target Name : MI 1.mid
26 REG_BINARY Shortcut Name (ASCII) : MI 1.lnk
Shortcut Name (Unicode) : MI 1.lnk
Shortcut Target Name : JC PENNY
23 REG_BINARY Shortcut Name (ASCII) : JC PENNY.lnk
Shortcut Name (Unicode) : JC PENNY.lnk
Shortcut Target Name : JCPenney.htm
13 REG_BINARY Shortcut Name (ASCII) : JCPenney.lnk
Shortcut Name (Unicode) : JCPenney.lnk
Shortcut Target Name : Music from WV
9 REG_BINARY Shortcut Name (ASCII) : Music from WV.lnk
Shortcut Name (Unicode) : Music from WV.lnk
Shortcut Target Name : la femme nikita - Main Theme (Club Version).mp3
24 REG_BINARY Shortcut Name (ASCII) : la femme nikita - Main Theme (Club Version).lnk
Shortcut Name (Unicode) : la femme nikita - Main Theme (Club Version).lnk
Shortcut Target Name : Jc Penny Credit Cards Application.htm
12 REG_BINARY Shortcut Name (ASCII) : Jc Penny Credit Cards Application.lnk
Shortcut Name (Unicode) : Jc Penny Credit Cards Application.lnk
Shortcut Target Name : 01 When I'm Gone.wma
11 REG_BINARY Shortcut Name (ASCII) : 01 When I'm Gone.lnk
Shortcut Name (Unicode) : 01 When I'm Gone.lnk
14 REG_BINARY Copy of La Femme Nikita - Coldplay - Spies
Shortcut Target Name :
(Acoustic).mp3
Shortcut Name Copy of La Femme Nikita - Coldplay - Spies
:
(ASCII) (Acoustic).lnk
Shortcut Name : Copy of La Femme Nikita - Coldplay - Spies
(Unicode) (Acoustic).lnk
Shortcut Target Name : Nickelback - How you remind me (Acoustic).mp3
8 REG_BINARY Shortcut Name (ASCII) : Nickelback - How you remind me (Acoustic).lnk
Shortcut Name (Unicode) : Nickelback - How you remind me (Acoustic).lnk
Shortcut Target Name : Sample Music
6 REG_BINARY Shortcut Name (ASCII) : Sample Music.lnk
Shortcut Name (Unicode) : Sample Music.lnk
Shortcut Target Name : New Stories (Highway Blues).wma
7 REG_BINARY Shortcut Name (ASCII) : New Stories (Highway Blues).lnk
Shortcut Name (Unicode) : New Stories (Highway Blues).lnk
Shortcut Target Name : Beethoven's Symphony No. 9 (Scherzo).wma
5 REG_BINARY Shortcut Name (ASCII) : Beethoven's Symphony No. 9 (Scherzo).lnk
Shortcut Name (Unicode) : Beethoven's Symphony No. 9 (Scherzo).lnk
Shortcut Target Name : CCG2.gif
0 REG_BINARY Shortcut Name (ASCII) : CCG2.lnk
Shortcut Name (Unicode) : CCG2.lnk
Shortcut Target Name : CCG3.gif
1 REG_BINARY Shortcut Name (ASCII) : CCG3.lnk
Shortcut Name (Unicode) : CCG3.lnk

Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Last Written Time 9/26/2003 22:14:03 UTC


Class Name Shell

Name Type Data


MRUList REG_SZ edcba
e REG_SZ regedit\1
d REG_SZ msconfig\1
c REG_SZ command\1
b REG_SZ netstat\1
a REG_SZ www.timetogo.com\1

Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Last Written Time 9/26/2003 22:49:18 UTC


Class Name Shell
Name Type Data
MRUList REG_SZ cab
50 00 73 00 70 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 6F 00
63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00
c REG_BINARY 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 49 00 44 00 20 00 54 00 48 00
45 00 46 00 54 00 20 00 44 00 55 00 44 00 45 00 5C 00 44 00 65 00 73 00 6B 00
74 00 6F 00 70 00 00 00
P.s.p...e.x.e...C.:.\.D.o.c.u.m.e.n.t.s. .a.n.d. .S.e.t.t.i.n.g.s.\.I.D. .T.H.E.F.T.
(ASCII String)
.D.U.D.E.\.D.e.s.k.t.o.p...
(UTF-16
Psp.exe
String)
49 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 2E 00 45 00 58 00 45 00 00 00
43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20
a REG_BINARY 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C
00 49 00 44 00 20 00 54 00 48 00 45 00 46 00 54 00 20 00 44 00 55 00 44 00 45
00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00
I.E.X.P.L.O.R.E...E.X.E...C.:.\.D.o.c.u.m.e.n.t.s. .a.n.d. .S.e.t.t.i.n.g.s.\.I.D.
(ASCII String)
.T.H.E.F.T. .D.U.D.E.\.D.e.s.k.t.o.p...
(UTF-16
IEXPLORE.EXE
String)
77 00 6D 00 70 00 6C 00 61 00 79 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00
44 00 3A 00 5C 00 4D 00 75 00 73 00 69 00 63 00 20 00 66 00 72 00 6F 00 6D
b REG_BINARY
00 20 00 57 00 56 00 5C 00 4D 00 69 00 64 00 69 00 5C 00 4E 00 69 00 6E 00
6A 00 61 00 20 00 47 00 61 00 69 00 64 00 65 00 6E 00 00 00
w.m.p.l.a.y.e.r...e.x.e...D.:.\.M.u.s.i.c. .f.r.o.m. .W.V.\.M.i.d.i.\.N.i.n.j.a.
(ASCII String)
.G.a.i.d.e.n...
(UTF-16
wmplayer.exe
String)

Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Last Written Time 9/26/2003 22:43:34 UTC


Class Name Shell

Name Type Data


(default) REG_TYPE_SZ (value not set)