Ho lanciato un programma trial che non necessita di installazione (un .exe). Essendo un trial ha un periodo di prova terminato il quale bisogna acquistare il software per poterlo utilizzare. Ora, per poter stabilire la data del primo utilizzo è evidente che tale software è andato a scrivere qualche chiave di registro. Tralasciando le solite osservazioni sulla legalità per l’utilizzo dei software, e ben intendendo che sono totalmente contro la pirateria del software, esiste un modo per capire dove sono queste chiavi? Ho provato a fare una ricerca nel registro di windows provando a mettere il nome del software ma non mi è uscito nulla che mi desse qualche spunto concreto, pertanto non ho minimamente idea di quali chiavi siano state create. Inoltre non ho pensato a fare un backup del registro prima di utilizzare tale software, pertanto non posso nemmeno cancellarlo col backup; e non posso nemmeno tornare indietro a precedenti punti di ripristino perché andrebbero perse anche le impostazioni attuali dei programmi che utilizzo. Insomma non voglio togliere la protezione del software, sia ben chiaro, però dal momento che non era stato installato (e quindi non posso utilizzare nemmeno programmi di pulizia accurata come ccleaner e simili), esiste un metodo per trovare quelle chiavi ed eliminarle per poter pulire il registro?

Non credo che si possa parlare di questi argomenti pena l'intervento punitore del mod :D restando comunque sul vago posso dirti alcune cose; primo bisogna risalire alla voce giusta, ma si può fare, poi c'è un trucchetto non so se valido per tutti i programmi che è quello di andare nella chiave di registro del programma in HKLM/Software/...altro non posso dire :D
ciao!

Come ho già spiegato la mia domanda è lecita in quanto non intendo togliere alcuna protezione di software, intendo solo pulire il mio registro; del resto, se solo mi fossi ricordato in tempo di fare una copia di backup del mio registro avrei risolto semplicemente ma anche potuto togliere molto banalmente la protezione al software nello stesso modo..

Per quanto riguarda il resto non mi hai detto praticamente nulla, e io in HKLM/Software/ non ho il nome del mio programma, ergo deve aver scritto chiavi sotto un altro nome e io vorrei capire quale..

Di solito quando faccio la pulizia manuale con regedit e inserisco i vari nomi collegati al software disinstallato, nome programma, software house ecc. trovo sempre qualcosa e spesso riesci a rimuovere praticamente tutto. Mi sembra strano che a te none esca niente.
Non è chiara una cosa, l'hai installato e poi disinstallato oppure non l'hai installato, oppure era un portable? Perchè così le cose cambiano

Ho lanciato un programma trial che non necessita di installazione (un .exe)

Era tutto in una cartella, per avviarlo bastava cliccare sul suo .exe, quindi nessuna installazione..

Quindi era un portable, questi programmi creano le varie cartelle temporanee e di dati nella stessa cartella da cui li lanci, lasciano pochissime tracce sul registro, anche se due tre chiavi avresti dovuto trovarle

Sì ma come? non sono state scritte con lo stesso nome del programma altrimenti le avrei trovate con la semplice funzione di ricerca.. non ci sono altri metodi?

Alla cieca direi di no

Ho lanciato un programma trial che non necessita di installazione (un .exe). Essendo un trial ha un periodo di prova terminato il quale bisogna acquistare il software per poterlo utilizzare. Ora, per poter stabilire la data del primo utilizzo è evidente che tale software è andato a scrivere qualche chiave di registro.

Le modalità con le quali un software tiene traccia del calendario sono diverse e non è detto che coinvolgano il registro. Se così fosse sarebbe fin troppo facile per un utente esperto risalire all'origine e modificarla/cancellarla.

In realtà spesso i programmi modificano alcuni componenti interni senza lasciar traccia visibile di questi cambiamenti, per cui alla fine se un utente vuole essere sicuro di disinstallare tutto, ma proprio tutto, deve dotarsi di un software specifico il quale si preoccuperà di risalire ad ogni singolo byte installato. Tieni presente che questo genere di software va usato prima dell'installazione e non dopo, quindi non parlo dei vari "ripulitori" che si trovano in giro.

Ciauz

Come fa ad essere usato prima dell'installazione se serve proprio a disinstallare?
Inoltre essendo quel programma un portable o comunque un eseguibile in una cartella, come fa a disinstallare se non c'è stato un setup?
Puoi essere un pò più preciso facendo qualche nome di software del genere?

Come fa ad essere usato prima dell'installazione se serve proprio a disinstallare?
I programmi che si occupano di disinstallare un prodotto al 100% (compresa la deregistrazione dei componenti e rimozione oggetti .COM) devono assistere all'installazione del programma per creare un elenco di tutte le attività che quel programma ha eseguito. Quando il programma deve essere disinstallato, il software di rimozione ha la mappa completa di tutto ciò che è stato modificato nel sistema e pertanto può rimuoverlo completamente.

Inoltre essendo quel programma un portable o comunque un eseguibile in una cartella, come fa a disinstallare se non c'è stato un setup?
In questo caso, ovvero di un eseguibile senza alcuna installazione, non ha senso usare un prodotto di rimozione, basta cancellare la cartella.

Puoi essere un pò più preciso facendo qualche nome di software del genere?
Un programma valido (come tanti altri ce ne sono) è Ashampoo Uninstaller 4.xx

Ciauz

Revo uninstaller è buono? Assolve alla funzione di assistere durante l'installazione?

Tornando al nostro caso, essendo una cartella ed essendo il programma un trial, quali tracce può aver lasciato? Secondo il mio modesto parere, proprio perché non ha un setup, non può aver lasciato tracce se non nel registro..

Revo uninstaller è buono? Assolve alla funzione di assistere durante l'installazione?
Certamente, ma solo in versione Pro

In questo caso, ovvero di un eseguibile senza alcuna installazione, non ha senso usare un prodotto di rimozione, basta cancellare la cartella.


Allora dove lascia le tracce per tenere in memoria il tempo del trial?

Controlla nella cartella in cui c'è l'exe che hai lanciato se trovi qualche file e di che egenre oppure attivi i file nascosti e vai a vedere in C/Utonti/Nome Utonto/AppData

La cartella del programma è stata già cancellata da tempo, e nel percorso che mi hai dato non c'è nulla..

p.s. guarda non per vantarmi, non sarò un guru dell'informatica ma non sono nemmeno un utonto.. :p

nome del programma?

TMPGEnc

Se è consentito posso anche allegare l'archivio del programma, sono meno di 2 Mb...

Non puoi allegarlo perchè gli allegati al massino sono di alcuni kb al massimo potresti caricarlo su siti tipo megaupload, ma basterebbe anche che tu ci dicessi cosa c'è di collegato a quel file exe nella cartella da dove l'hai lanciato o in qualche cartella temporanea di windows

Forse faccio prima a dare il link da dove l'ho scaricato, ecco qui: http://www.xdownload.it/download_281/tmpgenc.html

Con Process Monitor di Sysinternals / Microsoft, puoi vedere tutte le attività su disco di un singolo processo, su file o fra le chiavi del registro.

Ok ho utilizzato il programma che mi hai citato, nonostante abbia filtrato solo per nome e per attività di registro mi esce un casino di roba, più o meno qualcosa come questo: 14:43:18,5283873 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server REPARSE Desired Access: Read
14:43:18,5284389 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Desired Access: Read
14:43:18,5284821 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat NAME NOT FOUND Length: 548
14:43:18,5285059 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled SUCCESS Type: REG_DWORD, Length: 4, Data: 0
14:43:18,5285277 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
14:43:18,5285786 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option REPARSE Desired Access: Query Value, Set Value
14:43:18,5286098 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option NAME NOT FOUND Desired Access: Query Value, Set Value
14:43:18,5286392 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Srp\GP\DLL REPARSE Desired Access: Read
14:43:18,5286788 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Srp\GP\DLL NAME NOT FOUND Desired Access: Read
14:43:18,5287076 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers SUCCESS Desired Access: Query Value
14:43:18,5287458 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled NAME NOT FOUND Length: 80
14:43:18,5287639 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers SUCCESS
14:43:18,5288104 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers NAME NOT FOUND Desired Access: Query Value
14:43:18,5445841 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NAME NOT FOUND Desired Access: Enumerate Sub Keys
14:43:18,5657287 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions REPARSE Desired Access: Read
14:43:18,5657887 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions SUCCESS Desired Access: Read
14:43:18,5660825 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default) SUCCESS Type: REG_SZ, Length: 36, Data: 00060101.00060101
14:43:18,5662436 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Session Manager REPARSE Desired Access: Query Value
14:43:18,5662785 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Desired Access: Query Value
14:43:18,5663100 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NAME NOT FOUND Length: 16
14:43:18,5901603 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options SUCCESS Desired Access: Query Value, Enumerate Sub Keys
14:43:18,5902678 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions SUCCESS Desired Access: Query Value, Enumerate Sub Keys
14:43:18,5903127 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter NAME NOT FOUND Length: 544
14:43:18,5903405 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\guard32.dll NAME NOT FOUND Length: 1.024
14:43:18,5904062 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument REPARSE Desired Access: Read
14:43:18,5904444 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument NAME NOT FOUND Desired Access: Read
14:43:18,5904755 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize SUCCESS Desired Access: Read
14:43:18,5905144 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles NAME NOT FOUND Length: 20
14:43:18,5905342 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize SUCCESS
14:43:18,5906477 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Desired Access: Read
14:43:18,5906859 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\TMPGEnc NAME NOT FOUND Length: 172
14:43:18,5907090 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS
14:43:18,5907305 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility NAME NOT FOUND Desired Access: Read
14:43:18,5910491 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,5911154 TMPGEnc.exe 2760 RegOpenKey HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration NAME NOT FOUND Desired Access: Read
14:43:18,5911459 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:18,5911824 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Policies\Microsoft\MUI\Settings NAME NOT FOUND Desired Access: Read
14:43:18,5912337 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,5912722 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NAME NOT FOUND Desired Access: Read
14:43:18,5913021 TMPGEnc.exe 2760 RegOpenKey HKCU\Control Panel\Desktop\LanguageConfiguration SUCCESS Desired Access: Read
14:43:18,5913429 TMPGEnc.exe 2760 RegEnumValue HKCU\Control Panel\Desktop\LanguageConfiguration NO MORE ENTRIES Index: 0, Length: 512
14:43:18,5913784 TMPGEnc.exe 2760 RegCloseKey HKCU\Control Panel\Desktop\LanguageConfiguration SUCCESS
14:43:18,5913992 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:18,5914227 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Policies\Microsoft\MUI\Settings NAME NOT FOUND Desired Access: Read
14:43:18,5914716 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,5915108 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NAME NOT FOUND Desired Access: Read
14:43:18,5915376 TMPGEnc.exe 2760 RegOpenKey HKCU\Control Panel\Desktop SUCCESS Desired Access: Read
14:43:18,5915758 TMPGEnc.exe 2760 RegQueryValue HKCU\Control Panel\Desktop\PreferredUILanguages NAME NOT FOUND Length: 12
14:43:18,5916341 TMPGEnc.exe 2760 RegCloseKey HKCU\Control Panel\Desktop SUCCESS
14:43:18,5916555 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:18,5916803 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Policies\Microsoft\MUI\Settings NAME NOT FOUND Desired Access: Read
14:43:18,5917302 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,5917711 TMPGEnc.exe 2760 RegOpenKey HKCU\Control Panel\Desktop\MuiCached SUCCESS Desired Access: Read
14:43:18,5918110 TMPGEnc.exe 2760 RegQueryValue HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages BUFFER OVERFLOW Length: 12
14:43:18,5918471 TMPGEnc.exe 2760 RegQueryValue HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages SUCCESS Type: REG_MULTI_SZ, Length: 12, Data: it-IT
14:43:18,5918793 TMPGEnc.exe 2760 RegCloseKey HKCU\Control Panel\Desktop\MuiCached SUCCESS
14:43:18,5918987 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:18,5922452 TMPGEnc.exe 2760 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,5922934 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Desired Access: Read
14:43:18,5923396 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs SUCCESS Type: REG_DWORD, Length: 4, Data: 1
14:43:18,5923809 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs NAME NOT FOUND Length: 144
14:43:18,5924000 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SUCCESS Type: REG_SZ, Length: 66, Data: C:\Windows\system32\guard32.dll
14:43:18,5924469 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS
14:43:18,5934613 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server REPARSE Desired Access: Read
14:43:18,5935119 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Desired Access: Read
14:43:18,5935575 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat NAME NOT FOUND Length: 548
14:43:18,5935809 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled SUCCESS Type: REG_DWORD, Length: 4, Data: 0
14:43:18,5936044 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
14:43:18,5936479 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NAME NOT FOUND Desired Access: Read
14:43:18,6049429 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS Desired Access: Read
14:43:18,6050179 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap NAME NOT FOUND Length: 144
14:43:18,6050491 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Ole SUCCESS
14:43:18,6050752 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS Desired Access: Read
14:43:18,6051138 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate NAME NOT FOUND Length: 144
14:43:18,6051349 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Ole SUCCESS
14:43:18,6052310 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\OLE\Tracing NAME NOT FOUND Desired Access: Read
14:43:18,6055181 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NAME NOT FOUND Desired Access: Query Value
14:43:18,6055965 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NAME NOT FOUND Desired Access: Query Value
14:43:18,6063283 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Read
14:43:18,6064237 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:18,6076694 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows\Windows Error Reporting\WMR SUCCESS Desired Access: Query Value
14:43:18,6077324 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
14:43:18,6077605 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR SUCCESS
14:43:18,6078037 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\VFW NAME NOT FOUND Desired Access: Query Value
14:43:18,6079652 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,6080148 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Borland\Locales NAME NOT FOUND Desired Access: Read, Delete, Write DAC, Write Owner
14:43:18,6080493 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Borland\Locales NAME NOT FOUND Desired Access: Read, Delete, Write DAC, Write Owner
14:43:18,6080822 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Borland\Delphi\Locales NAME NOT FOUND Desired Access: Read, Delete, Write DAC, Write Owner
14:43:18,6081391 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale REPARSE Desired Access: Read
14:43:18,6081790 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale SUCCESS Desired Access: Read
14:43:18,6082192 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\it-IT NAME NOT FOUND Length: 532
14:43:18,6082393 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale SUCCESS
14:43:18,6082631 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale REPARSE Desired Access: Read
14:43:18,6082949 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale SUCCESS Desired Access: Read
14:43:18,6083321 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\it-IT NAME NOT FOUND Length: 532
14:43:18,6083508 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale SUCCESS
14:43:18,6738490 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:18,6759688 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:18,6760030 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\VFPlugin SUCCESS Query: Cached, SubKeys: 0, Values: 1
14:43:18,6760468 TMPGEnc.exe 2760 RegEnumValue HKCU\Software\VFPlugin SUCCESS Index: 0, Name: TMPGEnc, Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:18,6760750 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:18,6760978 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:18,6761279 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\VFPlugin\TMPGEnc SUCCESS Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:18,6761527 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\VFPlugin\TMPGEnc SUCCESS Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:18,6761728 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\VFPlugin\TMPGEnc SUCCESS Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:18,6761912 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\VFPlugin\TMPGEnc SUCCESS Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:18,6762107 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\VFPlugin\TMPGEnc SUCCESS Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:18,6762294 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\VFPlugin\TMPGEnc SUCCESS Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:18,6762509 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:18,6762804 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:18,7542086 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,7542676 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7542977 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7543409 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Desired Access: Read
14:43:18,7543875 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7544321 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7544579 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7544806 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7545218 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7545463 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7545691 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7546086 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7546327 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7546522 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7546920 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7547162 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7547416 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS
14:43:18,7547966 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7548214 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7548465 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Desired Access: Read
14:43:18,7548844 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7549239 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7549480 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7549671 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7550060 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7550304 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7550519 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7550904 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7551142 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7551326 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7551705 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7551943 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7552167 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS
14:43:18,7552710 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7552958 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7553212 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Desired Access: Read
14:43:18,7553588 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7553993 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7554238 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7554425 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7554810 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7555048 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7555269 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7555675 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7555913 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7556104 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS Query: Name
14:43:18,7556502 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7556737 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7556955 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32 SUCCESS
14:43:18,7557474 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7557715 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7557943 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Desired Access: Read
14:43:18,7558315 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7558717 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7558965 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7559149 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7559544 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7559782 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7560003 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7560472 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7560710 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7560895 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS Query: Name
14:43:18,7561277 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7561508 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 62, Data: C:\Windows\system32\quartz.dll
14:43:18,7561722 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 SUCCESS
14:43:18,7562349 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7562587 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7562831 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7563109 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7563330 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32 NAME NOT FOUND Desired Access: Query Value, Enumerate Sub Keys, Read Control
14:43:18,7563551 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32 NAME NOT FOUND Desired Access: Query Value, Enumerate Sub Keys, Read Control
14:43:18,7563809 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7564034 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32 NAME NOT FOUND Desired Access: Query Value
14:43:18,7564255 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32 NAME NOT FOUND Desired Access: Query Value
14:43:18,7564851 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7565079 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{CB51EFC2-40D6-11D3-B265-00A0C9A3A56F}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7565314 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{CB51EFC2-40D6-11D3-B265-00A0C9A3A56F}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7565582 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7565803 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{CB51EFC2-40D6-11D3-B265-00A0C9A3A56F}\InprocServer32 NAME NOT FOUND Desired Access: Query Value, Enumerate Sub Keys, Read Control
14:43:18,7566024 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{CB51EFC2-40D6-11D3-B265-00A0C9A3A56F}\InprocServer32 NAME NOT FOUND Desired Access: Query Value, Enumerate Sub Keys, Read Control
14:43:18,7566282 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7566506 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{CB51EFC2-40D6-11D3-B265-00A0C9A3A56F}\InprocServer32 NAME NOT FOUND Desired Access: Query Value
14:43:18,7566728 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{CB51EFC2-40D6-11D3-B265-00A0C9A3A56F}\InprocServer32 NAME NOT FOUND Desired Access: Query Value
14:43:18,7567317 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7567542 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{9BC1B781-85E3-11D2-98D0-0080C84E9C39}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7567763 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{9BC1B781-85E3-11D2-98D0-0080C84E9C39}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:18,7568027 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7568249 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{9BC1B781-85E3-11D2-98D0-0080C84E9C39}\InprocServer32 NAME NOT FOUND Desired Access: Query Value, Enumerate Sub Keys, Read Control
14:43:18,7568470 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{9BC1B781-85E3-11D2-98D0-0080C84E9C39}\InprocServer32 NAME NOT FOUND Desired Access: Query Value, Enumerate Sub Keys, Read Control
14:43:18,7568718 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7568942 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{9BC1B781-85E3-11D2-98D0-0080C84E9C39}\InprocServer32 NAME NOT FOUND Desired Access: Query Value
14:43:18,7569163 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{9BC1B781-85E3-11D2-98D0-0080C84E9C39}\InprocServer32 NAME NOT FOUND Desired Access: Query Value
14:43:18,7570818 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:18,7572738 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:18,7572976 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7573217 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID SUCCESS Desired Access: Read
14:43:18,7573542 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes\CLSID SUCCESS Query: Name
14:43:18,7573780 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Read
14:43:18,7574025 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Desired Access: Read
14:43:18,7574390 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Query: Name
14:43:18,7574822 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7575067 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\AppID SUCCESS Type: REG_SZ, Length: 78, Data: {00E8B45A-48BA-C69D-0E40-00081633454C}
14:43:18,7575281 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Query: Name
14:43:18,7575663 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7575884 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\AppID SUCCESS Type: REG_SZ, Length: 78, Data: {00E8B45A-48BA-C69D-0E40-00081633454C}
14:43:18,7576082 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Query: Name
14:43:18,7576447 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7576671 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\AppID SUCCESS Type: REG_SZ, Length: 78, Data: {00E8B45A-48BA-C69D-0E40-00081633454C}
14:43:18,7576856 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Query: Name
14:43:18,7577231 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7577452 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\AppID SUCCESS Type: REG_SZ, Length: 78, Data: {00E8B45A-48BA-C69D-0E40-00081633454C}
14:43:18,7577690 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Query: Name
14:43:18,7578072 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7578300 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\AppID SUCCESS Type: REG_SZ, Length: 78, Data: {00E8B45A-48BA-C69D-0E40-00081633454C}
14:43:18,7578487 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Query: Name
14:43:18,7578862 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:18,7579090 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\AppID SUCCESS Type: REG_SZ, Length: 78, Data: {00E8B45A-48BA-C69D-0E40-00081633454C}
14:43:18,7579301 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS
14:43:18,7579482 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Classes\CLSID SUCCESS
14:43:18,7579861 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS Desired Access: All Access
14:43:18,7581881 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS Desired Access: All Access
14:43:18,7582183 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\Pegasys Inc.\TMPGEnc\2.5\VersionInfo SUCCESS Type: REG_SZ, Length: 66, Data: 00E8B45A48BAC69D0E405129166C154C
14:43:18,7582377 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\Pegasys Inc.\TMPGEnc\2.5\VersionInfo SUCCESS Type: REG_SZ, Length: 66, Data: 00E8B45A48BAC69D0E405129166C154C
14:43:18,7582581 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\Pegasys Inc.\TMPGEnc\2.5\VersionInfo SUCCESS Type: REG_SZ, Length: 66, Data: 00E8B45A48BAC69D0E405129166C154C
14:43:18,7582759 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\Pegasys Inc.\TMPGEnc\2.5\VersionInfo SUCCESS Type: REG_SZ, Length: 66, Data: 00E8B45A48BAC69D0E405129166C154C
14:43:18,7582987 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\Pegasys Inc.\TMPGEnc\2.5\VersionInfo SUCCESS Type: REG_SZ, Length: 66, Data: 00E8B45A48BAC69D0E405129166C154C
14:43:18,7583168 TMPGEnc.exe 2760 RegQueryValue HKCU\Software\Pegasys Inc.\TMPGEnc\2.5\VersionInfo SUCCESS Type: REG_SZ, Length: 66, Data: 00E8B45A48BAC69D0E405129166C154C
14:43:18,7583375 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS
14:43:18,7583550 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS
14:43:18,7584863 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:18,7586367 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:18,7586585 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:18,7586840 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,7587268 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Classes\CLSID SUCCESS
14:43:18,7587607 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:18,7587918 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\Classes\CLSID ACCESS DENIED Desired Access: All Access
14:43:20,7785098 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\Classes\CLSID ACCESS DENIED Desired Access: All Access
14:43:20,7786760 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Classes SUCCESS
14:43:20,7787176 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:20,7787514 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:20,7787886 TMPGEnc.exe 2760 RegOpenKey HKCR SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:20,7788392 TMPGEnc.exe 2760 RegCreateKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Desired Access: All Access
14:43:20,7790157 TMPGEnc.exe 2760 RegCloseKey HKCR SUCCESS
14:43:20,7790402 TMPGEnc.exe 2760 RegCloseKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS
14:43:20,7790670 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:20,7790965 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: All Access
14:43:20,7791233 TMPGEnc.exe 2760 RegOpenKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Desired Access: All Access
14:43:20,7791678 TMPGEnc.exe 2760 RegQueryKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS Query: Name
14:43:20,7792647 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:20,7793012 TMPGEnc.exe 2760 RegSetValue HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\AppID SUCCESS Type: REG_SZ, Length: 78, Data: {00E8B45A-48BA-C69D-0E40-00081633454C}
14:43:20,7795236 TMPGEnc.exe 2760 RegCloseKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70} SUCCESS
14:43:20,7796081 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:20,7796389 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:20,7796704 TMPGEnc.exe 2760 RegOpenKey HKCR SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:20,7797150 TMPGEnc.exe 2760 RegCreateKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 SUCCESS Desired Access: All Access
14:43:20,7798949 TMPGEnc.exe 2760 RegCloseKey HKCR SUCCESS
14:43:20,7799153 TMPGEnc.exe 2760 RegCloseKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 SUCCESS
14:43:20,7799367 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:20,7799632 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 NAME NOT FOUND Desired Access: All Access
14:43:20,7799907 TMPGEnc.exe 2760 RegOpenKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 SUCCESS Desired Access: All Access
14:43:20,7800319 TMPGEnc.exe 2760 RegQueryKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 SUCCESS Query: Name
14:43:20,7800781 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:20,7801110 TMPGEnc.exe 2760 RegSetValue HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32\ThreadingModel SUCCESS Type: REG_SZ, Length: 10, Data: Both
14:43:20,7802560 TMPGEnc.exe 2760 RegCloseKey HKCR\{1ABF72A3-8502-4EC4-A42A-BCE3755E0C70}\InprocServer32 SUCCESS
14:43:20,7803163 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS Desired Access: All Access
14:43:20,7804390 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS Desired Access: All Access
14:43:20,7805545 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS
14:43:20,7805713 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS Desired Access: All Access
14:43:20,7805954 TMPGEnc.exe 2760 RegSetValue HKCU\Software\Pegasys Inc.\TMPGEnc\2.5\VersionInfo SUCCESS Type: REG_SZ, Length: 66, Data: 00E8B45A48BAC69D0E405129166C154C
14:43:20,7807020 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS
14:43:20,7807147 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Pegasys Inc.\TMPGEnc\2.5 SUCCESS
14:43:20,7849920 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NAME NOT FOUND Desired Access: Enumerate Sub Keys
14:43:20,7871624 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Locale REPARSE Desired Access: Read
14:43:20,7871996 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Locale SUCCESS Desired Access: Read
14:43:20,7872341 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts REPARSE Desired Access: Read
14:43:20,7872555 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts SUCCESS Desired Access: Read
14:43:20,7872807 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Language Groups REPARSE Desired Access: Read
14:43:20,7872991 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\Language Groups SUCCESS Desired Access: Read
14:43:20,7873239 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\Locale\00000410 SUCCESS Type: REG_SZ, Length: 4, Data: 1
14:43:20,7873436 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1 SUCCESS Type: REG_SZ, Length: 4, Data: 1
14:43:20,7876549 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0 SUCCESS Desired Access: Query Value
14:43:20,7877192 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable NAME NOT FOUND Length: 144
14:43:20,7877437 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath SUCCESS Type: REG_SZ, Length: 66, Data: C:\Windows\Fonts\staticcache.dat
14:43:20,7877721 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0 SUCCESS
14:43:20,7888566 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Desired Access: Query Value
14:43:20,7889481 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 NAME NOT FOUND Length: 144
14:43:20,7889746 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2 SUCCESS Type: REG_SZ, Length: 24, Data: SimSun-ExtB
14:43:20,7889984 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2 SUCCESS Type: REG_SZ, Length: 24, Data: SimSun-ExtB
14:43:20,7890238 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3 NAME NOT FOUND Length: 144
14:43:20,7890469 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4 NAME NOT FOUND Length: 144
14:43:20,7890674 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5 NAME NOT FOUND Length: 144
14:43:20,7890885 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6 NAME NOT FOUND Length: 144
14:43:20,7891089 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7 NAME NOT FOUND Length: 144
14:43:20,7891304 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8 NAME NOT FOUND Length: 144
14:43:20,7891528 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9 NAME NOT FOUND Length: 144
14:43:20,7891763 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10 NAME NOT FOUND Length: 144
14:43:20,7891977 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11 NAME NOT FOUND Length: 144
14:43:20,7892212 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12 NAME NOT FOUND Length: 144
14:43:20,7892443 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13 NAME NOT FOUND Length: 144
14:43:20,7892671 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14 NAME NOT FOUND Length: 144
14:43:20,7892898 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15 NAME NOT FOUND Length: 144
14:43:20,7893126 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16 NAME NOT FOUND Length: 144
14:43:20,7893857 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS
14:43:20,7894409 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Desired Access: Query Value, Enumerate Sub Keys
14:43:20,7894989 TMPGEnc.exe 2760 RegQueryKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Query: Cached, SubKeys: 4, Values: 1
14:43:20,7895284 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Index: 0, Name: MingLiU
14:43:20,7895528 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Index: 1, Name: MingLiU_HKSCS
14:43:20,7895723 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Index: 2, Name: PMingLiU
14:43:20,7895900 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Index: 3, Name: SimSun
14:43:20,7900313 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif NAME NOT FOUND Desired Access: Query Value
14:43:20,7900638 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS
14:43:20,7936516 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide SUCCESS Desired Access: Read
14:43:20,7937049 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest NAME NOT FOUND Length: 20
14:43:20,7937237 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide SUCCESS
14:43:20,7947934 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NAME NOT FOUND Desired Access: Enumerate Sub Keys
14:43:20,8002330 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide SUCCESS Desired Access: Read
14:43:20,8002766 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest NAME NOT FOUND Length: 20
14:43:20,8002940 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide SUCCESS
14:43:20,8009798 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Desired Access: Query Value, Enumerate Sub Keys
14:43:20,8010418 TMPGEnc.exe 2760 RegQueryKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Query: Cached, SubKeys: 0, Values: 40
14:43:20,8011095 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 0, Length: 220
14:43:20,8011286 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 0, Name: MS PGothic MC, Type: REG_MULTI_SZ, Length: 216, Data: C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim
14:43:20,8012036 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 1, Length: 220
14:43:20,8012190 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 1, Name: Segoe Media Center, Type: REG_MULTI_SZ, Length: 394, Data: tahoma.ttf, MEIRYO.TTC,Meiryo,128,85, MSJH.TTF,128,96, mingliub.ttc,PMingLiU-ExtB, MSYH.TTF,128,96, simsunb.ttf, C:\Windows\ehome\malgunmc.ttf,128,96, C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic
14:43:20,8012917 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 2, Length: 220
14:43:20,8013168 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 2, Name: Segoe Media Center Semibold, Type: REG_MULTI_SZ, Length: 394, Data: tahoma.ttf, MEIRYO.TTC,Meiryo,128,85, MSJH.TTF,128,96, mingliub.ttc,PMingLiU-ExtB, MSYH.TTF,128,96, simsunb.ttf, C:\Windows\ehome\malgunmc.ttf,128,96, C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic
14:43:20,8013745 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 3, Length: 220
14:43:20,8013905 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 3, Name: Segoe Media Center Light, Type: REG_MULTI_SZ, Length: 394, Data: tahoma.ttf, MEIRYO.TTC,Meiryo,128,85, MSJH.TTF,128,96, mingliub.ttc,PMingLiU-ExtB, MSYH.TTF,128,96, simsunb.ttf, C:\Windows\ehome\malgunmc.ttf,128,96, C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic
14:43:20,8014462 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 4, Length: 220
14:43:20,8014612 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 4, Name: Lucida Sans Unicode, Type: REG_MULTI_SZ, Length: 164, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim
14:43:20,8015179 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 5, Length: 220
14:43:20,8015329 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 5, Name: Microsoft Sans Serif, Type: REG_MULTI_SZ, Length: 164, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim
14:43:20,8015882 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 6, Name: Tahoma, Type: REG_MULTI_SZ, Length: 164, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim
14:43:20,8016539 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 7, Length: 220
14:43:20,8016686 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 7, Name: Segoe UI, Type: REG_MULTI_SZ, Length: 430, Data: TAHOMA.TTF, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF, MALGUN.TTF,128,96, MALGUN.TTF, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim
14:43:20,8018371 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 8, Length: 220
14:43:20,8018640 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 8, Name: MingLiU, Type: REG_MULTI_SZ, Length: 186, Data: MICROSS.TTF,40,48, MICROSS.TTF, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe
14:43:20,8019685 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 9, Name: PMingLiU, Type: REG_MULTI_SZ, Length: 182, Data: MICROSS.TTF,40,48, MICROSS.TTF, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang
14:43:20,8020673 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 10, Length: 220
14:43:20,8020918 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 10, Name: MingLiU_HKSCS, Type: REG_MULTI_SZ, Length: 226, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe
14:43:20,8021822 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 11, Length: 220
14:43:20,8022080 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 11, Name: MingLiU-ExtB, Type: REG_MULTI_SZ, Length: 226, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe
14:43:20,8023075 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 12, Length: 220
14:43:20,8023333 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 12, Name: PMingLiU-ExtB, Type: REG_MULTI_SZ, Length: 224, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang
14:43:20,8024332 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 13, Length: 220
14:43:20,8024586 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 13, Name: MingLiU_HKSCS-ExtB, Type: REG_MULTI_SZ, Length: 278, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,MingLiU_HKSCS, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe
14:43:20,8025585 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 14, Length: 220
14:43:20,8025853 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 14, Name: Microsoft JhengHei, Type: REG_MULTI_SZ, Length: 298, Data: SEGOEUI.TTF,114,78, SEGOEUI.TTF, MINGLIU.TTC,MingLiU, MSYH.TTF,128,96, MSYH.TTF, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MALGUN.TTF,128,96, MALGUN.TTF
14:43:20,8026982 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 15, Length: 220
14:43:20,8027280 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 15, Name: Microsoft JhengHei Bold, Type: REG_MULTI_SZ, Length: 342, Data: SEGOEUIB.TTF,114,78, SEGOEUIB.TTF, MINGLIU.TTC,MingLiU, MSYHBD.TTF,128,96, MSYHBD.TTF, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MALGUNBD.TTF,128,96, MALGUNBD.TTF
14:43:20,8028205 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 16, Length: 220
14:43:20,8028419 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 16, Name: SimSun, Type: REG_MULTI_SZ, Length: 192, Data: MICROSS.TTF,108,122, MICROSS.TTF, MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang
14:43:20,8029260 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 17, Length: 220
14:43:20,8029508 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 17, Name: SimSun-ExtB, Type: REG_MULTI_SZ, Length: 228, Data: MICROSS.TTF,108,122, MICROSS.TTF, SIMSUN.TTC,SimSun, MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang
14:43:20,8030624 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 18, Name: NSimSun, Type: REG_MULTI_SZ, Length: 132, Data: MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe
14:43:20,8031481 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 19, Length: 220
14:43:20,8031726 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 19, Name: Microsoft YaHei, Type: REG_MULTI_SZ, Length: 294, Data: SEGOEUI.TTF,120,80, SEGOEUI.TTF, SIMSUN.TTC,SimSun, MSJH.TTF,128,96, MSJH.TTF, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MALGUN.TTF,128,96, MALGUN.TTF
14:43:20,8032637 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 20, Length: 220
14:43:20,8032875 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 20, Name: Microsoft YaHei Bold, Type: REG_MULTI_SZ, Length: 338, Data: SEGOEUIB.TTF,120,80, SEGOEUIB.TTF, SIMSUN.TTC,SimSun, MSJHBD.TTF,128,96, MSJHBD.TTF, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MALGUNBD.TTF,128,96, MALGUNBD.TTF
14:43:20,8033783 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 21, Length: 220
14:43:20,8034031 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 21, Name: Meiryo, Type: REG_MULTI_SZ, Length: 274, Data: SEGOEUI.TTF,133,83, SEGOEUI.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF, MALGUN.TTF,128,96, MALGUN.TTF
14:43:20,8034872 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 22, Length: 220
14:43:20,8035103 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 22, Name: Meiryo Bold, Type: REG_MULTI_SZ, Length: 302, Data: SEGOEUIB.TTF,133,83, SEGOEUIB.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJHBD.TTF,128,96, MSJHBD.TTF, MSYHBD.TTF,128,96, MSYHBD.TTF, MALGUNBD.TTF,128,96, MALGUNBD.TTF
14:43:20,8035746 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 23, Length: 220
14:43:20,8035904 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 23, Name: Meiryo UI, Type: REG_MULTI_SZ, Length: 274, Data: SEGOEUI.TTF,133,83, SEGOEUI.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF, MALGUN.TTF,128,96, MALGUN.TTF
14:43:20,8036473 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 24, Length: 220
14:43:20,8036624 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 24, Name: Meiryo UI Bold, Type: REG_MULTI_SZ, Length: 302, Data: SEGOEUIB.TTF,133,83, SEGOEUIB.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJHBD.TTF,128,96, MSJHBD.TTF, MSYHBD.TTF,128,96, MSYHBD.TTF, MALGUNBD.TTF,128,96, MALGUNBD.TTF
14:43:20,8037173 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 25, Name: MS Gothic, Type: REG_MULTI_SZ, Length: 116, Data: MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,GulimChe
14:43:20,8037756 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 26, Name: MS PGothic, Type: REG_MULTI_SZ, Length: 112, Data: MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim
14:43:20,8038286 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 27, Name: MS UI Gothic, Type: REG_MULTI_SZ, Length: 176, Data: MICROSS.TTF,128,142, MICROSS.TTF, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim
14:43:20,8038835 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 28, Name: MS Mincho, Type: REG_MULTI_SZ, Length: 114, Data: MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, BATANG.TTC,Batang
14:43:20,8040182 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 29, Name: MS PMincho, Type: REG_MULTI_SZ, Length: 116, Data: MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, BATANG.TTC,Batang
14:43:20,8041361 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 30, Name: Batang, Type: REG_MULTI_SZ, Length: 128, Data: MSMINCHO.TTC,MS PMincho, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun
14:43:20,8042256 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 31, Name: BatangChe, Type: REG_MULTI_SZ, Length: 124, Data: MSMINCHO.TTC,MS Mincho, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun
14:43:20,8042822 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 32, Name: Dotum, Type: REG_MULTI_SZ, Length: 132, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun
14:43:20,8043355 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 33, Name: DotumChe, Type: REG_MULTI_SZ, Length: 124, Data: MSGOTHIC.TTC,MS Gothic, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun
14:43:20,8043891 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 34, Length: 220
14:43:20,8044062 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 34, Name: Gulim, Type: REG_MULTI_SZ, Length: 196, Data: MICROSS.TTF,128,140, MICROSS.TTF, MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun
14:43:20,8044615 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 35, Name: GulimChe, Type: REG_MULTI_SZ, Length: 124, Data: MSGOTHIC.TTC,MS Gothic, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun
14:43:20,8045154 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 36, Name: Gungsuh, Type: REG_MULTI_SZ, Length: 128, Data: MSMINCHO.TTC,MS PMincho, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun
14:43:20,8045700 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 37, Name: GungsuhChe, Type: REG_MULTI_SZ, Length: 124, Data: MSMINCHO.TTC,MS Mincho, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun
14:43:20,8046253 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 38, Length: 220
14:43:20,8046407 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 38, Name: Malgun Gothic, Type: REG_MULTI_SZ, Length: 282, Data: SEGOEUI.TTF,130,81, SEGOEUI.TTF, GULIM.TTC,Gulim, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF
14:43:20,8046966 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink BUFFER OVERFLOW Index: 39, Length: 220
14:43:20,8047117 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Index: 39, Name: Malgun Gothic Bold, Type: REG_MULTI_SZ, Length: 326, Data: SEGOEUIB.TTF,130,81, SEGOEUIB.TTF, GULIM.TTC,Gulim, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MSJHBD.TTF,128,96, MSJHBD.TTF, MSYHBD.TTF,128,96, MSYHBD.TTF
14:43:20,8047690 TMPGEnc.exe 2760 RegEnumValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink NO MORE ENTRIES Index: 40, Length: 220
14:43:20,8047858 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS
14:43:20,8057111 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Desired Access: Query Value, Enumerate Sub Keys
14:43:20,8057661 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI NAME NOT FOUND Desired Access: Query Value
14:43:20,8057872 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS
14:43:20,8243252 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\Compatibility\TMPGEnc.exe NAME NOT FOUND Desired Access: Read
14:43:20,8330273 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436} SUCCESS Desired Access: Read
14:43:20,8330953 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
14:43:20,8331238 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436} SUCCESS
14:43:20,8366179 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Desired Access: Read
14:43:20,8366792 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 0, Name: {0000897b-83df-4b96-be07-0fb58b01c4a4}
14:43:20,8367154 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8367485 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 1, Name: {03B5835F-F03C-411B-9CE2-AA23E1171E36}
14:43:20,8367794 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8368112 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 2, Name: {07EB03D6-B001-41DF-9192-BF9B841EE71F}
14:43:20,8368393 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8368685 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 3, Name: {3697C5FA-60DD-4B56-92D4-74A569205C16}
14:43:20,8368973 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Desired Access: Read
14:43:20,8369392 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Index: 0, Name: {BCE90E01-6153-4AE5-B702-9D71D3A6A195}
14:43:20,8369636 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NO MORE ENTRIES Index: 1, Length: 288
14:43:20,8369857 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS
14:43:20,8370089 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 4, Name: {531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}
14:43:20,8370397 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8370702 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 5, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}
14:43:20,8370983 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Desired Access: Read
14:43:20,8371472 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Index: 0, Name: {246ECB87-C2F2-4ABE-905B-C8B38ADD2C43}
14:43:20,8371801 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Index: 1, Name: {34745C63-B2F0-4784-8B67-5E12C8701A31}
14:43:20,8372018 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Index: 2, Name: {5130A009-5540-4FCF-97EB-AAD33FC0EE09}
14:43:20,8372256 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Index: 3, Name: {7AE86BB7-262C-431E-9111-C974B6B7CAC3}
14:43:20,8372494 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Index: 4, Name: {B5A73CD1-8355-426B-A161-259808F26B14}
14:43:20,8372729 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS Index: 5, Name: {C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04}
14:43:20,8372967 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NO MORE ENTRIES Index: 6, Length: 288
14:43:20,8373188 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} SUCCESS
14:43:20,8373399 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 6, Name: {81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}
14:43:20,8373707 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8374029 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 7, Name: {8613E14C-D0C0-4161-AC0F-1DD2563286BC}
14:43:20,8374313 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8374595 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 8, Name: {A028AE76-01B1-46C2-99C4-ACD9858AE02F}
14:43:20,8374883 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8375168 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 9, Name: {AE6BE008-07FB-400D-8BEB-337A64F7051F}
14:43:20,8375459 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8375747 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 10, Name: {C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}
14:43:20,8376032 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8376324 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 11, Name: {DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}
14:43:20,8376608 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8376893 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 12, Name: {E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}
14:43:20,8377181 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8377476 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 13, Name: {F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}
14:43:20,8377761 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8378049 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 14, Name: {F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}
14:43:20,8378340 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
14:43:20,8378635 TMPGEnc.exe 2760 RegEnumKey HKLM\SOFTWARE\Microsoft\CTF\TIP NO MORE ENTRIES Index: 15, Length: 288
14:43:20,8378873 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS
14:43:20,8379573 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Read
14:43:20,8379985 TMPGEnc.exe 2760 RegOpenKey HKCU\Keyboard Layout\Toggle SUCCESS Desired Access: Read
14:43:20,8380334 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:20,8380558 TMPGEnc.exe 2760 RegQueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey NAME NOT FOUND Length: 144
14:43:20,8380783 TMPGEnc.exe 2760 RegQueryValue HKCU\Keyboard Layout\Toggle\Hotkey NAME NOT FOUND Length: 144
14:43:20,8380987 TMPGEnc.exe 2760 RegQueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey NAME NOT FOUND Length: 144
14:43:20,8381252 TMPGEnc.exe 2760 RegCloseKey HKCU\Keyboard Layout\Toggle SUCCESS
14:43:20,8386602 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Read
14:43:20,8388586 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys SUCCESS Desired Access: Read
14:43:20,8389031 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:20,8389286 TMPGEnc.exe 2760 RegEnumKey HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys NO MORE ENTRIES Index: 0, Length: 288
14:43:20,8389504 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys SUCCESS
14:43:20,8390861 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF SUCCESS Desired Access: Read
14:43:20,8391420 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\CTF\EnableAnchorContext NAME NOT FOUND Length: 144
14:43:20,8391651 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\CTF SUCCESS
14:43:20,8393745 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\KnownClasses NAME NOT FOUND Desired Access: Read
14:43:23,5260049 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:23,5268301 TMPGEnc.exe 2760 RegCreateKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:23,5270107 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:23,5270398 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\VFPlugin SUCCESS Desired Access: All Access
14:43:23,5270813 TMPGEnc.exe 2760 RegSetValue HKCU\Software\VFPlugin\TMPGEnc SUCCESS Type: REG_SZ, Length: 130, Data: C:\Users\Nicola\Desktop\TMPGEnc-2.525.64.184-EN-Free\TMPGEnc.vfp
14:43:23,5272311 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:23,5272525 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\VFPlugin SUCCESS
14:43:23,9145970 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
14:43:23,9146975 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\COM3 SUCCESS Desired Access: Read
14:43:23,9147327 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\COM3\Com+Enabled SUCCESS Type: REG_DWORD, Length: 4, Data: 1
14:43:23,9147518 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\COM3 SUCCESS
14:43:23,9154651 TMPGEnc.exe 2760 RegQueryKey HKCU\Software\Classes SUCCESS Query: Name
14:43:23,9154922 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} NAME NOT FOUND Desired Access: Read
14:43:23,9155164 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Desired Access: Read
14:43:23,9155525 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9155870 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\TreatAs NAME NOT FOUND Desired Access: Query Value
14:43:23,9156075 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\TreatAs NAME NOT FOUND Desired Access: Query Value
14:43:23,9156232 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} BUFFER TOO SMALL Query: Name, Length: 0
14:43:23,9156360 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9156524 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9156812 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\Progid NAME NOT FOUND Desired Access: Query Value
14:43:23,9157000 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\Progid SUCCESS Desired Access: Query Value
14:43:23,9157254 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID SUCCESS Query: Name
14:43:23,9157552 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9157740 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID\(Default) SUCCESS Type: REG_SZ, Length: 34, Data: Shell.Explorer.2
14:43:23,9157911 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID SUCCESS
14:43:23,9158075 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9158356 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\Progid NAME NOT FOUND Desired Access: Query Value
14:43:23,9158537 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\Progid SUCCESS Desired Access: Query Value
14:43:23,9158745 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID SUCCESS Query: Name
14:43:23,9159030 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9159207 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID\(Default) SUCCESS Type: REG_SZ, Length: 34, Data: Shell.Explorer.2
14:43:23,9159351 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ProgID SUCCESS
14:43:23,9159509 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9159790 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9159955 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\(Default) SUCCESS Type: REG_SZ, Length: 44, Data: Microsoft Web Browser
14:43:23,9160105 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9160470 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9160638 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\(Default) SUCCESS Type: REG_SZ, Length: 44, Data: Microsoft Web Browser
14:43:23,9160812 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9161120 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 NAME NOT FOUND Desired Access: Read
14:43:23,9161315 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 SUCCESS Desired Access: Read
14:43:23,9161603 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 SUCCESS Query: Name
14:43:23,9161914 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9162105 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32\InprocServer32 NAME NOT FOUND Length: 144
14:43:23,9162243 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 SUCCESS Query: Name
14:43:23,9162538 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9162715 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32\(Default) SUCCESS Type: REG_SZ, Length: 64, Data: C:\Windows\System32\ieframe.dll
14:43:23,9162863 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 SUCCESS Query: Name
14:43:23,9163154 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9163332 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32\(Default) SUCCESS Type: REG_SZ, Length: 64, Data: C:\Windows\System32\ieframe.dll
14:43:23,9163479 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 SUCCESS Query: Name
14:43:23,9163774 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 NAME NOT FOUND Desired Access: Maximum Allowed
14:43:23,9164119 TMPGEnc.exe 2760 RegQueryValue HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32\ThreadingModel SUCCESS Type: REG_SZ, Length: 20, Data: Apartment
14:43:23,9164548 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 SUCCESS
14:43:23,9164769 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9165479 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocHandler32 NAME NOT FOUND Desired Access: Query Value
14:43:23,9165925 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocHandler32 NAME NOT FOUND Desired Access: Query Value
14:43:23,9166193 TMPGEnc.exe 2760 RegQueryKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS Query: Name
14:43:23,9166739 TMPGEnc.exe 2760 RegOpenKey HKCU\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocHandler NAME NOT FOUND Desired Access: Query Value
14:43:23,9167040 TMPGEnc.exe 2760 RegOpenKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocHandler NAME NOT FOUND Desired Access: Query Value
14:43:23,9167285 TMPGEnc.exe 2760 RegCloseKey HKCR\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} SUCCESS
14:43:23,9167818 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Ole SUCCESS Desired Access: Read
14:43:23,9168283 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\MaximumAllowedAllocationSize NAME NOT FOUND Length: 144
14:43:23,9168525 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Ole SUCCESS
14:43:23,9190436 TMPGEnc.exe 2760 RegOpenKey HKCU SUCCESS Desired Access: Read
14:43:23,9191327 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:23,9196718 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:23,9197381 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI NAME NOT FOUND Length: 144
14:43:23,9198222 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:23,9219383 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale REPARSE Desired Access: Read
14:43:23,9219768 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale SUCCESS Desired Access: Read
14:43:23,9220264 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US NAME NOT FOUND Length: 532
14:43:23,9220465 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale SUCCESS
14:43:23,9220636 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale REPARSE Desired Access: Read
14:43:23,9220850 TMPGEnc.exe 2760 RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale SUCCESS Desired Access: Read
14:43:23,9221095 TMPGEnc.exe 2760 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US NAME NOT FOUND Length: 532
14:43:23,9221215 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale SUCCESS
14:43:24,0259498 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0260302 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI NAME NOT FOUND Length: 144
14:43:24,0260677 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0293316 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0294056 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI NAME NOT FOUND Length: 144
14:43:24,0294733 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0297055 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0297598 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI NAME NOT FOUND Length: 144
14:43:24,0297879 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0302509 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0303049 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif NAME NOT FOUND Length: 144
14:43:24,0303347 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0313368 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0314038 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif NAME NOT FOUND Length: 144
14:43:24,0314373 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0452818 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0453585 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI NAME NOT FOUND Length: 144
14:43:24,0453964 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0488489 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0489256 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI NAME NOT FOUND Length: 144
14:43:24,0489799 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0491729 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0492319 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI NAME NOT FOUND Length: 144
14:43:24,0492654 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0495525 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0496081 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif NAME NOT FOUND Length: 144
14:43:24,0496399 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,0505271 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS Desired Access: Read
14:43:24,0505941 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif NAME NOT FOUND Length: 144
14:43:24,0506253 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SUCCESS
14:43:24,1037919 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Desired Access: Query Value, Enumerate Sub Keys
14:43:24,1038690 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif NAME NOT FOUND Desired Access: Query Value
14:43:24,1038968 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS
14:43:24,2498614 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS Desired Access: Query Value, Enumerate Sub Keys
14:43:24,2499358 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\System NAME NOT FOUND Desired Access: Query Value
14:43:24,2499672 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback SUCCESS
14:43:24,3278848 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\KnownClasses NAME NOT FOUND Desired Access: Read
14:43:24,3284644 TMPGEnc.exe 2760 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\KnownClasses NAME NOT FOUND Desired Access: Read
14:43:26,2347119 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Classes SUCCESS
14:43:26,2390274 TMPGEnc.exe 2760 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize SUCCESS Desired Access: Read
14:43:26,2390918 TMPGEnc.exe 2760 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles NAME NOT FOUND Length: 20
14:43:26,2391139 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize SUCCESS
14:43:26,2445525 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions SUCCESS
14:43:26,2446215 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
14:43:26,2446379 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options SUCCESS
14:43:26,2446550 TMPGEnc.exe 2760 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions SUCCESS
14:43:26,2446969 TMPGEnc.exe 2760 RegCloseKey HKLM SUCCESS
14:43:26,2447226 TMPGEnc.exe 2760 RegCloseKey HKCU SUCCESS
14:43:26,2447608 TMPGEnc.exe 2760 RegCloseKey HKCU\Software\Classes SUCCESS
14:43:26,2449371 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\Locale SUCCESS
14:43:26,2449548 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts SUCCESS
14:43:26,2449699 TMPGEnc.exe 2760 RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\Language Groups SUCCESS

up

Per capire quella file stai cercando in quella lista come minimo te servirebbe una squadra di cercatori cinesi :D

Ho lanciato un programma trial che non necessita di installazione (un .exe). Essendo un trial ha un periodo di prova terminato il quale bisogna acquistare il software per poterlo utilizzare. Ora, per poter stabilire la data del primo utilizzo è evidente che tale software è andato a scrivere qualche chiave di registro. Tralasciando le solite osservazioni sulla legalità per l’utilizzo dei software, e ben intendendo che sono totalmente contro la pirateria del software, esiste un modo per capire dove sono queste chiavi? Ho provato a fare una ricerca nel registro di windows provando a mettere il nome del software ma non mi è uscito nulla che mi desse qualche spunto concreto, pertanto non ho minimamente idea di quali chiavi siano state create. Inoltre non ho pensato a fare un backup del registro prima di utilizzare tale software, pertanto non posso nemmeno cancellarlo col backup; e non posso nemmeno tornare indietro a precedenti punti di ripristino perché andrebbero perse anche le impostazioni attuali dei programmi che utilizzo. Insomma non voglio togliere la protezione del software, sia ben chiaro, però dal momento che non era stato installato (e quindi non posso utilizzare nemmeno programmi di pulizia accurata come ccleaner e simili), esiste un metodo per trovare quelle chiavi ed eliminarle per poter pulire il registro?

Dipende tutto dal programmatore,quello che non vuole farsi scovare usa dati criptati,non sempre risiedono nel registro,anche su tu avessi fatto il backup del registro con il buon ERUNT,il programma avrebbe avuto la sua scadenza,quello che tu cerchi,può essere nascosta in una dll,in un file con estensione vaga.Visto che parliamo per solo scopo didattico,in alcuni casi basta tornare indietro con la data,oppure una disinstallazione ed una nuova installazione,ma quando il programmatore non vuole,neanche queste manovre fungono,quindi mettiti l'animo in pace che un comune mortale non troverà mai la soluzione.Una volta su Amiga si analizzavano queste cose scrutando la RAM con programmi specifici,questo perchè nella RAM gli eseguibili e le dll vengono decompilati e quindi si rivelano in maniera più trasparente lasciando intravedere i dati sensibili.

Odio quando mi si sporca il registro... :muro:

E' una cosa inevitabile che col passare del tempo il registro di windows si riempia, ogni azione che fai sul sistema crea sempre nuove chiavi, se non le vuoi fai una pulizia manuale ogni volta che disinstalli o modifichi qualcosa, ma tanto alla fine qualche traccia rimane sempre

E' una cosa inevitabile che col passare del tempo il registro di windows si riempia, ogni azione che fai sul sistema crea sempre nuove chiavi, se non le vuoi fai una pulizia manuale ogni volta che disinstalli o modifichi qualcosa, ma tanto alla fine qualche traccia rimane sempre

Un rimedio c'è,basta avere ERUNT (http://www.ilsoftware.it/querydl.asp?id=779) e dopo le selvagge installazioni,rimettere il registro precedente al massacro.

Se si vuole ogni volta ripristinare il registro lo si può fare anche con rgedit che crea copie complete del registro ripristinabili con un doppio click. Allora l'ideale sono quei programmi disinstallatori in versione pro che fanno un controllo in tempo reale su tutti i cambi del registro e dei file, riuscendo così al momento della disinstallazione ad eliminare ogni traccia

Odio quando mi si sporca il registro... :muro:

Puoi andare su di un PC, dove non hai eseguito il programma, con regedit, con la funzione "File"--->"Esporta" salvi tutto il registro evidenziando "Computer" in un file Registroold.reg.
Esegui il programma in questione
Risalvi il registro in un file Registronew.reg
Con "Total Commander" analizzi le differenze tra i due file e trovi quello che è stato modificato.
Poi con regedit, con la funzione "File"--->"Importa" rimetti il vecchio registro con "Registroold.reg"

per risolvera il problema il modo è di reinstallare windows per bene.

per risolvera il problema il modo è di reinstallare windows per bene.

Questa è la soluzione più semplice per risolvere i problemi senza capirli.