Está en la página 1de 8

Registry Report - NTUSER.

DAT

Software\Microsoft\Internet Account Manager\Accounts\00000001

Last Written Time 9/26/2003 21:59:29 UTC

Name Type Data
Account
REG_SZ mail.fakeid.com
Name
Connection
REG_DWORD 0x00000003 (3)
Type
POP3 Server REG_SZ mail.fakeid.com
POP3 User
REG_SZ ID.THEFT.DUDE
Name
01 02 6D 00 61 00 69 00 6C 00 2E 00 66 00 61 00 6B 00 65 00 69 00 64 00
POP3
REG_BINARY 2E 00 63 00 6F 00 6D 00 32 00 42 00 34 00 32 00 38 00 34 00 46 00 30 00
Password2
00 00
(ASCII String) ..m.a.i.l...f.a.k.e.i.d...c.o.m.2.B.4.2.8.4.F.0...
(UTF-16
ȁmail.fakeid.com2B4284F0
String)
POP3 Use
REG_DWORD 0x00000000 (0)
Sicily
POP3 Prompt
REG_DWORD 0x00000000 (0)
for Password
SMTP Server REG_SZ mail.fakeid.com
SMTP
Display REG_SZ fake id member
Name
SMTP Email
REG_SZ ID.THEFT.DUDE@FAKEID.COM
Address

mid File3 REG_SZ D:\Music from WV\la femme nikita .mid File1 REG_SZ D:\Music from WV\Midi\Gyrus.mp3 File6 REG_SZ D:\Music from WV\Nickelback .Main Theme (Club Version).How you remind me (Acoustic).mp3 File4 REG_SZ D:\Music from WV\01 When I'm Gone.mid File2 REG_SZ D:\Music from WV\Midi\MI 1.15.45 Software\Microsoft\Internet Explorer\Main Last Written Time 9/26/2003 23:12:13 UTC Name Type Data NoUpdateCheck REG_DWORD 0x00000001 (1) NoJITSetup REG_DWORD 0x00000001 (1) Disable Script Debugger REG_SZ yes Show_ChannelBand REG_SZ No Anchor Underline REG_SZ yes Cache_Update_Frequency REG_SZ Once_Per_Session Display Inline Images REG_SZ yes .wma Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts Last Written Time 9/26/2003 22:17:40 UTC Name Type Data hp deskjet 3820 series REG_SZ winspool.Spies (Acoustic).wma C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's File8 REG_SZ Symphony No.mp3 C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories File7 REG_SZ (Highway Blues).Software\Microsoft\MediaPlayer\Player\RecentFileList Last Written Time 9/26/2003 22:49:33 UTC Name Type Data File0 REG_SZ D:\Music from WV\Midi\Ninja Gaiden\Masked Devil.Coldplay . 9 (Scherzo).Ne00:.wma File5 REG_SZ D:\Music from WV\Copy of La Femme Nikita .

.........htm Save_Session_History_On_Exit REG_SZ no Show_FullURL REG_SZ no Show_StatusBar REG_SZ yes Show_ToolBar REG_SZ yes Show_URLinStatusBar REG_SZ yes Show_URLToolBar REG_SZ yes http://www.microsoft.microsoft....B.b..com/isapi/redir...dll? Start Page REG_SZ prd=ie&pver=6&ar=msnhome Use_DlgBox_Colors REG_SZ yes http://www..dll? Search Page REG_SZ prd=ie&ar=iesearch Use FormSuggest REG_SZ yes FullScreen REG_SZ no 2C 00 00 00 02 00 00 00 03 00 00 00 00 83 FF FF 00 83 Window_Placement REG_BINARY FF FF FF FF FF FF FF FF FF FF 42 00 00 00 42 00 00 00 62 03 00 00 9A 02 00 00 (ASCII String) .....B..... (UTF-16 . String) NotifyDownloadComplete REG_SZ no C:\Documents and Settings\ID THEFT DUDE\Desktop\JC Save Directory REG_SZ PENNY\ Software\Microsoft\Internet Explorer Last Written Time 9/26/2003 21:56:50 UTC Name Type Data (default) REG_SZ (value not set) Download Directory REG_SZ C:\Documents and Settings\ID THEFT DUDE\Desktop Software\Microsoft\Internet Explorer\TypedURLs .Do404Search REG_BINARY 01 00 00 00 (ASCII String) ......com/isapi/redir........... (UTF-16 String) Local Page REG_SZ C:\WINDOWS\System32\blank..

lnk Shortcut Target Name : Am Ex Logo.lnk Shortcut Target Name : Blue Template. 14.com/ url3 REG_SZ http://www.fakeid. 12.lnk Shortcut Name (Unicode) : Credit Cards. 0.net url6 REG_SZ www.com/ url5 REG_SZ www.com/ url11 REG_SZ http://www.idtheft. 36.jpg 25 REG_BINARY Shortcut Name (ASCII) : Amex Holo. 30.stealmycard.lostID. 9.com/ url4 REG_SZ http://google. 23. 4. 33. 2. 28. 16.com url12 REG_SZ http://www.com url7 REG_SZ http://www.google.com/ url8 REG_SZ http://www.bmp 29 REG_BINARY Shortcut Name (ASCII) : Blue Template. 34. 35. MRUListEx REG_BINARY ordered : 10. 7.americanexpress.com url10 REG_SZ http://www. 3. 1 list Shortcut Target Name : Credit Cards 37 REG_BINARY Shortcut Name (ASCII) : Credit Cards.lnk Shortcut Target Name : Amex Holo.lnk Shortcut Name (Unicode) : Blue Template.lasvegas. 18. 11. 25.com/isapi/redir.microsoft.creditstealer.com/ url13 REG_SZ http://www. 27.lnk . 32. 5.dll?prd=ie&pver=6&ar=msnhome Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Last Written Time 9/26/2003 23:08:07 UTC Name Type Data MRU 37.lnk Shortcut Name (Unicode) : Amex Holo. 13. 17. 20. 22.com/ url2 REG_SZ http://yahoo. 24.jpg 28 REG_BINARY Shortcut Name (ASCII) : Am Ex Logo. 26.Last Written Time 9/26/2003 23:12:13 UTC Name Type Data url1 REG_SZ http://www. 8. 29. 21.dallas. 6.usair. 31. 19.lnk Shortcut Name (Unicode) : Am Ex Logo.com/ url9 REG_SZ www.

lnk Shortcut Target Name : top this.txt 3 REG_BINARY Shortcut Name (ASCII) : JCP Stuff.lnk Shortcut Name (Unicode) : CCG1.jpg 18 REG_BINARY Shortcut Name (ASCII) : fake ids.lnk Shortcut Name (Unicode) : PREVENT THIS.lnk Shortcut Name (Unicode) : watch out.jpg 19 REG_BINARY Shortcut Name (ASCII) : top this.lnk Shortcut Target Name : Am Ex Stuff.jpg 17 REG_BINARY Shortcut Name (ASCII) : watch out.lnk Shortcut Target Name : JCP Stuff.gif 2 REG_BINARY Shortcut Name (ASCII) : CCG1.jpg 31 REG_BINARY Shortcut Name (ASCII) : dreamin.lnk Shortcut Name (Unicode) : top this.lnk Shortcut Name (Unicode) : Am Ex Stuff.lnk Shortcut Name (Unicode) : uk id 2.lnk Shortcut Name (Unicode) : This is why JCPENNY !!!.lnk Shortcut Target Name : fake ids.jpg 35 REG_BINARY Shortcut Name (ASCII) : This is why JCPENNY !!!.lnk Shortcut Name (Unicode) : dreamin.36 REG_BINARY Shortcut Target Name : Famous Shortcut Name (ASCII) : Famous.lnk Shortcut Target Name : watch out.lnk Shortcut Target Name : PREVENT THIS.lnk Shortcut Target Name : uk id.jpg 34 REG_BINARY Shortcut Name (ASCII) : uk id 2.jpg 30 REG_BINARY Shortcut Name (ASCII) : uk id.lnk 33 REG_BINARY Shortcut Target Name : Ninja Gaiden Shortcut Name (ASCII) : Ninja Gaiden.jpg 20 REG_BINARY Shortcut Name (ASCII) : new logo.lnk Shortcut Name (Unicode) : uk id.lnk Shortcut Name (Unicode) : fake ids.lnk Shortcut Target Name : uk id 2.lnk Shortcut Name (Unicode) : JCP Stuff.lnk .jpg 22 REG_BINARY Shortcut Name (ASCII) : PREVENT THIS.lnk Shortcut Target Name : new logo.lnk Shortcut Target Name : This is why JCPENNY !!!.lnk Shortcut Target Name : CCG1.lnk Shortcut Name (Unicode) : new logo.lnk Shortcut Target Name : dreamin.lnk Shortcut Name (Unicode) : Famous.txt 4 REG_BINARY Shortcut Name (ASCII) : Am Ex Stuff.

lnk Shortcut Name (Unicode) : Masked Devil.lnk Shortcut Name (Unicode) : chase template.lnk Shortcut Name : Copy of La Femme Nikita .htm 12 REG_BINARY Shortcut Name (ASCII) : Jc Penny Credit Cards Application.gif 10 REG_BINARY Shortcut Name (ASCII) : chase template.Coldplay .lnk Shortcut Target Name : JC PENNY 23 REG_BINARY Shortcut Name (ASCII) : JC PENNY.Coldplay .mid 26 REG_BINARY Shortcut Name (ASCII) : MI 1.mp3 24 REG_BINARY Shortcut Name (ASCII) : la femme nikita .Main Theme (Club Version).lnk Shortcut Target Name : Music from WV 9 REG_BINARY Shortcut Name (ASCII) : Music from WV.lnk Shortcut Target Name : Midi 27 REG_BINARY Shortcut Name (ASCII) : Midi.mp3 Shortcut Name Copy of La Femme Nikita .lnk Shortcut Name (Unicode) : Gyrus.lnk Shortcut Name (Unicode) : Gold Template.Coldplay .wma 11 REG_BINARY Shortcut Name (ASCII) : 01 When I'm Gone.lnk Shortcut Name (Unicode) : Jc Penny Credit Cards Application.htm 13 REG_BINARY Shortcut Name (ASCII) : JCPenney.Main Theme (Club Version).Spies : (ASCII) (Acoustic).lnk Shortcut Name (Unicode) : MI 1.lnk Shortcut Target Name : Gold Template.lnk Shortcut Target Name : la femme nikita .Spies Shortcut Target Name : (Acoustic).mid 32 REG_BINARY Shortcut Name (ASCII) : Masked Devil.lnk Shortcut Target Name : Masked Devil.mid 21 REG_BINARY Shortcut Name (ASCII) : Gyrus.lnk Shortcut Target Name : JCPenney.lnk Shortcut Name (Unicode) : Music from WV.lnk Shortcut Name (Unicode) : la femme nikita .lnk Shortcut Target Name : Jc Penny Credit Cards Application.lnk Shortcut Target Name : Gyrus.lnk Shortcut Target Name : 01 When I'm Gone.lnk Shortcut Name (Unicode) : JC PENNY.lnk Shortcut Name (Unicode) : JCPenney.lnk Shortcut Target Name : chase template. Shortcut Name (Unicode) : Ninja Gaiden.Main Theme (Club Version).lnk Shortcut Name (Unicode) : Midi.bmp 16 REG_BINARY Shortcut Name (ASCII) : Gold Template.lnk Shortcut Name (Unicode) : 01 When I'm Gone.lnk 14 REG_BINARY Copy of La Femme Nikita .Spies .lnk Shortcut Target Name : MI 1.

lnk Shortcut Name (Unicode) : CCG2.How you remind me (Acoustic).How you remind me (Acoustic). 9 (Scherzo).mp3 8 REG_BINARY Shortcut Name (ASCII) : Nickelback . 9 (Scherzo).lnk Shortcut Target Name : CCG2.gif 1 REG_BINARY Shortcut Name (ASCII) : CCG3.wma 7 REG_BINARY Shortcut Name (ASCII) : New Stories (Highway Blues).lnk Shortcut Target Name : Nickelback .lnk Shortcut Name (Unicode) : CCG3.lnk Shortcut Name (Unicode) : Sample Music.wma 5 REG_BINARY Shortcut Name (ASCII) : Beethoven's Symphony No.com\1 Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Last Written Time 9/26/2003 22:49:18 UTC Class Name Shell .lnk Shortcut Target Name : New Stories (Highway Blues).lnk Shortcut Name (Unicode) : Beethoven's Symphony No.timetogo. (Unicode) (Acoustic). 9 (Scherzo).gif 0 REG_BINARY Shortcut Name (ASCII) : CCG2.lnk Shortcut Target Name : Beethoven's Symphony No.lnk Shortcut Target Name : Sample Music 6 REG_BINARY Shortcut Name (ASCII) : Sample Music.lnk Shortcut Name (Unicode) : New Stories (Highway Blues).lnk Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Last Written Time 9/26/2003 22:14:03 UTC Class Name Shell Name Type Data MRUList REG_SZ edcba e REG_SZ regedit\1 d REG_SZ msconfig\1 c REG_SZ command\1 b REG_SZ netstat\1 a REG_SZ www.How you remind me (Acoustic).lnk Shortcut Name (Unicode) : Nickelback .lnk Shortcut Target Name : CCG3.

E.n.a.u.D.e.t.p. (UTF-16 IEXPLORE.U.e.D..H.e..:.F.E.t. (UTF-16 Psp.e.\.\.i.p.s.D..n.t.T. .I.d.D. (ASCII String) .j.s.s. .d.exe String) Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Last Written Time 9/26/2003 22:43:34 UTC Class Name Shell Name Type Data (default) REG_TYPE_SZ (value not set) . .p.a.D..e.P.M.c.m.D.s.e.n.E.c.k.I.k.i.a.D.i.U.d.H.n.x. (ASCII String) .l.\.D.s.exe String) 49 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 2E 00 45 00 58 00 45 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 a REG_BINARY 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 49 00 44 00 20 00 54 00 48 00 45 00 46 00 54 00 20 00 44 00 55 00 44 00 45 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00 I.s.y.e. .e.n.E.t.s.C...\.i.E.T.x.u.r.O..X.\.t.:..m.s. .W.a.D.e.R.o.i.N.:.m.d. (UTF-16 wmplayer..C.t.E.o.EXE String) 77 00 6D 00 70 00 6C 00 61 00 79 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 44 00 3A 00 5C 00 4D 00 75 00 73 00 69 00 63 00 20 00 66 00 72 00 6F 00 6D b REG_BINARY 00 20 00 57 00 56 00 5C 00 4D 00 69 00 64 00 69 00 5C 00 4E 00 69 00 6E 00 6A 00 61 00 20 00 47 00 61 00 69 00 64 00 65 00 6E 00 00 00 w.D.r. .e.\.\.p.g.L..V.M..\.o.m. .S.u.e.o.Name Type Data MRUList REG_SZ cab 50 00 73 00 70 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 c REG_BINARY 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 49 00 44 00 20 00 54 00 48 00 45 00 46 00 54 00 20 00 44 00 55 00 44 00 45 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00 P..n.f.G.T.e.i.g.F.X.\.t..E.E.D.n.n..T..t. (ASCII String) .c.o.a....i.S. .