High-Tech Santé Médecine Droit-Finances

Auto-Entrepreneur

Comment faire ?

Rechercher : dans
Par :

[surveiller] activité d'une aplication

Dernière réponse le 2 oct 2007 à 20:22:24 Edward Withen, le 22 jun 2007 à 23:38:42 
 Signaler ce message aux modérateurs

Salutation,
Voilà après avoir desinstallé norton internet secuirity avec l'outil de Symantec, il etait resté dans le centre de securité de windows, et j'ai meme nettoyé le registre avec CCleaner, RegCleaner et EasyCleaner, mais ça na rien donné, j'ai supprimé toutes les clés et tous les fichiers contenant "Symantec, norton" mais rien à faire :(

Et ce que je vous demande c'est de me dire s'il y a un ligiciel pour surveiller quel fichier et quel clé sont chargé par le une aplication.

Autre chose: merci de me dire aussi où ce trouve l'.exe du centre de securité.

SVP, veuillez m'aider.

Merci d'avace.

Configuration: Windows XP SP2

Meilleures réponses pour « [surveiller] activité d'une aplication » dans :
Surveiller l'activité de mon ordinateur en mon absence VoirQui ne s'est jamais demandé si un collègue ou un ami essayait d'utiliser son ordinateur lorsque l'on est absent ? La première solution consiste à verrouiller sa session. Mais pour les plus curieux, il existe un petit outil sous Windows permettant...
Utiliser la vidéo surveillance en entreprise VoirLa vidéo surveillance d'entreprise sur IP (sur Internet) consiste à installer des caméras de surveillance sur un lieu de travail (bureau, magasin, entrepôt, etc.) reliées à un ordinateur. Principal avantage : la numérisation permet une grande...
Surveillance des journaux d'événements (logs) VoirL'analyse des journaux Un des meilleurs moyens de détecter les intrusions consiste à surveiller les journaux d'événements (appelés aussi journaux d'activité ou en anglais logs). En effet, d'une manière générale les serveurs stockent dans des...
Posez votre question Répondre

1

^^Marie^^, le 22 jun 2007 à 23:56:58

Salut

Pour désinstaller Norton correctement
http://service1.symantec.com/...
Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

2

Edward Withen, le 23 jun 2007 à 22:46:23

Désolé pour le retard, il y avait un bug à CCM.

Bon la solution que tu me propose c'est elle que j'avait fait pour desinstaller norton mais malgré ça, il était resté dans le centre de securité.

Et ce que je vous demande c'est de me montrer un logiciel qui affiche les clés et les fichiers chargé par une application et aussi de m'indiquer où se trouve l'exe du centre de securité.

Merci d'avance

   
Répondre à Edward Withen

3

^^Marie^^, le 23 jun 2007 à 23:07:52

Re,

Fais ce qui suit
Stp

F - Hijackthis - Outil de diagnostic et réparation

télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

4

Edward Withen, le 24 jun 2007 à 11:53:32

Re,
mdr ce hijackthis m'a cosé un prob dans le centre de securité de windows XP (anti-virus indetectable...), et à cause de lui j'ai du reinstaller mon XP (je sais que je pouvait cocher la case "j'ai un anti-virus que je.....", mais si l'antivirus ne serait pas lancé, je ne serait pas avertis).

Et puis quand j'ai reinstallé mon XP, j'avait envie d'essayer Norton Internet Security, mais 5min plustard, j'etait dessu de cette poubelle qui ralentit le demarrage et qui consomme trop de ressource pour rien, alors je le désinstalle, mais c'est une colle à la peau car il ne veut pas lacher le centre de securité, alor j'essaye diverses methodes avec les nettoyeurs mais sans rien donner, je supprime toutes les clé et tous les fichiers contenant "Norton" ou "Symantec".....mais sans rien donner, et en installant Kaspersky internet security, le centre de securité ne m'avertit pas si l'antivirus est périmé ou désactivé, car il croit que norton est toujour là....: (

Et je me demande serieusement comment ce groupe stuppide vien sortir un antivirus colle à la peau et payant en plus....

Donc je ne voit pas un autre moyen que de surveiller quels fichiers et quelles clés sont chargé par le centre de sécurité.

Merci d'avance

   
Répondre à Edward Withen

5

^^Marie^^, le 24 jun 2007 à 11:57:27

Slt

mdr ce hijackthis m'a cosé un prob ?????

Je ne vois pas du tout en quoi ???
C'est un outil de diagnostic.
Donc, aucun rapport au blocage de ton pC, à moins que tu aies touché des lignes dessus !!!

A lire

http://fr.wikipedia.org/wiki/HijackThis

Par contre tu devrais le faire...


Edit :: je t'avais donné le lien pour désinstaller Norton correctement. Lien que je fais passer à tous les internautes qui ont Norton. JAMAIS eu de soucis.....

Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

6

Edward Withen, le 24 jun 2007 à 12:06:47

Attend attend... c'est pas en l'utilisant qu'il m'a cosé le bug.....mais en le desinstallant il à touché à une clé ou à un fichier concernant le centre de securité.

   
Répondre à Edward Withen

7

^^Marie^^, le 24 jun 2007 à 12:31:43

mais en le desinstallant il à touché à une clé ou à un fichier concernant le centre de securité.

IMPOSSIBLE... HT ne touche strictement à rien.

Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

8

Edward Withen, le 24 jun 2007 à 12:36:44

Bon j'ai un autre moyen, je l'installe et quand je termine je le supprime puis je nettoie le registre.. je vais envoyer le rapport ici dans quelque instants..

   
Répondre à Edward Withen

9

Edward Withen, le 24 jun 2007 à 12:47:57

Voilà le rapport:(au fait c'est pas le meme Hijackthis ke j'ai telechargé et qui m'a cosé le prob)

Logfile of HijackThis v1.99.1
Scan saved maintenant, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E5D784-1149-4E05-B2D4-041942C0AAA5}: NameServer = 192.168.0.100,61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{B38ADCE6-F225-4F1C-9E23-89BCBEA06F67}: NameServer = 81.22.90.29 82.101.136.29
O17 - HKLM\System\CS1\Services\Tcpip\..\{13E5D784-1149-4E05-B2D4-041942C0AAA5}: NameServer = 192.168.0.100,61.88.88.88
O17 - HKLM\System\CS2\Services\Tcpip\..\{13E5D784-1149-4E05-B2D4-041942C0AAA5}: NameServer = 192.168.0.100,61.88.88.88
O17 - HKLM\System\CS3\Services\Tcpip\..\{13E5D784-1149-4E05-B2D4-041942C0AAA5}: NameServer = 192.168.0.100,61.88.88.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

   
Répondre à Edward Withen

10

^^Marie^^, le 24 jun 2007 à 12:53:02

Tu habites où ?
Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

11

Edward Withen, le 24 jun 2007 à 13:33:11

En algerie...pourquoi?

   
Répondre à Edward Withen

12

^^Marie^^, le 25 jun 2007 à 10:25:05

Tu en es où de tes soucis ?

Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

13

Edward Withen, le 25 jun 2007 à 14:46:51

Je n'ai pas bien compris la question^^

   
Répondre à Edward Withen

14

^^Marie^^, le 25 jun 2007 à 14:52:16

Pour faire un récapitulatif de tes soucis.

Dis moi comment se comporte ton PC.

Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

15

Edward Withen, le 25 jun 2007 à 16:34:15

Je n'ai rien remarqué d'anormal a par le bug du centre de securité.

   
Répondre à Edward Withen

16

^^Marie^^, le 25 jun 2007 à 19:45:43

Tu as toujours le beug ???
Encore maintenant ??
Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

17

Edward Withen, le 25 jun 2007 à 22:40:15

Bah wé puisque je n'ai rien fait.

   
Répondre à Edward Withen

18

^^Marie^^, le 26 jun 2007 à 08:05:51

Re

C - Ccleaner :
(nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc.)
Télécharge ici :
http://www.ccleaner.com/ccdownload.asp
Tutorial ici:
http://www.vulgarisation-informatique.com/nettoyer-windows-c­cleaner.php
ET
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

D – Ewido – AVG
AVG Anti-Spyware :
http://www.ewido.net/en/download/
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour.
Patiente!
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
/!\ Si un fichier est infecté en fin d'analyse /!\
choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Copie/colle le rapport
Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

19

Edward Withen, le 26 jun 2007 à 10:37:21

Re,
mdr, bon ecoute, mon regsitre je l'ai nettoyé avec CCleaner, Easy Cleaner et RagCleaner et ça n' rien donné!

Et en plus j'ai Kaspersky Internet Security 7.0.0.119 et il n' rien détécté!

Alors faut trouver autre chose.

Et tu connait pas un logiciel qui surveille les activités d'une application?

   
Répondre à Edward Withen

20

dubcek, le 26 jun 2007 à 14:16:04

Quelque softs là : http://www.microsoft.com/...

• Filemon
Cet outil de surveillance vous permet de voir toutes les activités du système de fichiers en temps réel.
• Handle
Cet utilitaire pratique de ligne de commande indique quels fichiers sont ouverts par quel processus, et bien plus encore.
• Process Explorer
Indique quels fichiers ont été ouverts par les clés de registre et autres processus d'objet, quelles DLL ils ont chargées, et bien plus encore. Cet utilitaire particulièrement puissant affichera même le propriétaire de chaque processus.
• Process Monitor
Permet de surveiller l'activité du système de fichiers, du Registre, des processus, des thread et des DLL en temps réel.
• Regmon
Cet outil de surveillance vous permet de voir toutes les activités du Registre en temps réel.

   
Répondre à dubcek

21

Edward Withen, le 26 jun 2007 à 22:47:51

Merci!
Mais comment faire pour surveiller uniquement le centre de securité, car il surveille tous ce que font les processus et il m'écrit des tas ligne dont je ne sais pas où se trouve le processus du centre de securité^^...

Merci d'avance

   
Répondre à Edward Withen

22

^^Marie^^, le 26 jun 2007 à 22:49:01

il m'écrit des tas ligne

Pourrais-tu les mettre ici (copier/coller)
stp
merci
Le signe le plus évident d'un cancer social... c'est la disparition du sens
de l'humour, dommage c'est la forme la plus saine de lucidité ^^Marie^^

   
Répondre à ^^Marie^^

23

Edward Withen, le 27 jun 2007 à 00:45:09

Attendez.......

je ne peux pas car il y a des milliers de ligne qui ce devlopent sans cesse...

Par contre j'ai trouvé comment afficher ce que charge un seul programe (avec RegMan).

Donc dites moi où se trouve l'exe du centre de sécurité et je vous copiré le rapport.

Merci

   
Répondre à Edward Withen

24

Edward Withen, le 27 jun 2007 à 14:23:41

C'est bon, j'ai trouvé les fichiers du centre de sécurité ("gdiplace.dll";"wscui.cpl" ainsi que "rundll32.exe")

Et voilà les clé qu'ils on chargé lorsque j'ai lancé le centre de securité(je devrait bientôt lister les fichiers qu'il ont chargé):


1 23:54:22 explorer.exe:856 QueryValue HKCR\cplfile\shell\cplopen\command\(Default) SUCCESS "rundll32.exe shell32.dll,Control_RunDLL "%1",%*"
2 23:54:22 explorer.exe:856 QueryValue HKCR\cplfile\shell\cplopen\command\(Default) SUCCESS "rundll32.exe shell32.dll,Control_RunDLL "%1",%*"
3 23:54:22 explorer.exe:856 QueryValue HKCR\cplfile\shell\cplopen\command\(Default) SUCCESS "rundll32.exe shell32.dll,Control_RunDLL "%1",%*"
4 23:54:22 explorer.exe:856 QueryValue HKCR\cplfile\shell\cplopen\command\(Default) SUCCESS "rundll32.exe shell32.dll,Control_RunDLL "%1",%*"
5 23:54:22 rundll32.exe:3472 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
6 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled SUCCESS 0x1
7 23:54:22 rundll32.exe:3472 QueryValue HKLM\SYSTEM\WPA\MediaCenter\Installed SUCCESS 0x0
8 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SUCCESS "C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll"
9 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave SUCCESS "wdmaud.drv"
10 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave SUCCESS "wdmaud.drv"
11 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi SUCCESS "wdmaud.drv"
12 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi SUCCESS "wdmaud.drv"
13 23:54:22 rundll32.exe:3472 QueryValue HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel SUCCESS 0x1
14 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer SUCCESS "wdmaud.drv"
15 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32\mixer SUCCESS "wdmaud.drv"
16 23:54:22 rundll32.exe:3472 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout SUCCESS 0x278D00
17 23:54:22 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Multimedia\Audio\SystemFormats SUCCESS "Qualité CD,Qualité radio,Qualité téléphonique"
18 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midimapper SUCCESS Type: SZ Name: midimapper
19 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm SUCCESS Type: SZ Name: msacm.imaadpcm
20 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm SUCCESS Type: SZ Name: msacm.msadpcm
21 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711 SUCCESS Type: SZ Name: msacm.msg711
22 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610 SUCCESS Type: SZ Name: msacm.msgsm610
23 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch SUCCESS Type: SZ Name: msacm.trspch
24 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.cvid SUCCESS Type: SZ Name: vidc.cvid
25 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.I420 SUCCESS Type: SZ Name: vidc.I420
26 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv31 SUCCESS Type: SZ Name: vidc.iv31
27 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv32 SUCCESS Type: SZ Name: vidc.iv32
28 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv41 SUCCESS Type: SZ Name: vidc.iv41
29 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iyuv SUCCESS Type: SZ Name: vidc.iyuv
30 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mrle SUCCESS Type: SZ Name: vidc.mrle
31 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.msvc SUCCESS Type: SZ Name: vidc.msvc
32 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.uyvy SUCCESS Type: SZ Name: vidc.uyvy
33 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yuy2 SUCCESS Type: SZ Name: vidc.yuy2
34 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yvu9 SUCCESS Type: SZ Name: vidc.yvu9
35 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yvyu SUCCESS Type: SZ Name: vidc.yvyu
36 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\wavemapper SUCCESS Type: SZ Name: wavemapper
37 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723 SUCCESS Type: SZ Name: msacm.msg723
38 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M263 SUCCESS Type: SZ Name: vidc.M263
39 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M261 SUCCESS Type: SZ Name: vidc.M261
40 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1 SUCCESS Type: SZ Name: msacm.msaudio1
41 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midimapper SUCCESS Type: SZ Name: midimapper
42 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm SUCCESS Type: SZ Name: msacm.imaadpcm
43 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm SUCCESS Type: SZ Name: msacm.msadpcm
44 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711 SUCCESS Type: SZ Name: msacm.msg711
45 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610 SUCCESS Type: SZ Name: msacm.msgsm610
46 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch SUCCESS Type: SZ Name: msacm.trspch
47 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.cvid SUCCESS Type: SZ Name: vidc.cvid
48 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.I420 SUCCESS Type: SZ Name: vidc.I420
49 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv31 SUCCESS Type: SZ Name: vidc.iv31
50 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv32 SUCCESS Type: SZ Name: vidc.iv32
51 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv41 SUCCESS Type: SZ Name: vidc.iv41
52 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iyuv SUCCESS Type: SZ Name: vidc.iyuv
53 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mrle SUCCESS Type: SZ Name: vidc.mrle
54 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.msvc SUCCESS Type: SZ Name: vidc.msvc
55 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.uyvy SUCCESS Type: SZ Name: vidc.uyvy
56 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yuy2 SUCCESS Type: SZ Name: vidc.yuy2
57 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yvu9 SUCCESS Type: SZ Name: vidc.yvu9
58 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yvyu SUCCESS Type: SZ Name: vidc.yvyu
59 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wavemapper SUCCESS Type: SZ Name: wavemapper
60 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723 SUCCESS Type: SZ Name: msacm.msg723
61 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M263 SUCCESS Type: SZ Name: vidc.M263
62 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.M261 SUCCESS Type: SZ Name: vidc.M261
63 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1 SUCCESS Type: SZ Name: msacm.msaudio1
64 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet SUCCESS Type: SZ Name: msacm.sl_anet
65 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2 SUCCESS Type: SZ Name: msacm.iac2
66 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iv50 SUCCESS Type: SZ Name: vidc.iv50
67 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm SUCCESS Type: SZ Name: msacm.l3acm
68 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.DIVX SUCCESS Type: SZ Name: vidc.DIVX
69 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yv12 SUCCESS Type: SZ Name: vidc.yv12
70 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.siren SUCCESS Type: SZ Name: msacm.siren
71 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave SUCCESS Type: SZ Name: wave
72 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi SUCCESS Type: SZ Name: midi
73 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer SUCCESS Type: SZ Name: mixer
74 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm SUCCESS "imaadp32.acm"
75 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwSupport SUCCESS 0x1
76 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFormatTags SUCCESS 0x2
77 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
78 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFilterTags SUCCESS 0x0
79 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm SUCCESS "msadp32.acm"
80 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwSupport SUCCESS 0x1
81 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFormatTags SUCCESS 0x2
82 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
83 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFilterTags SUCCESS 0x0
84 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711 SUCCESS "msg711.acm"
85 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwSupport SUCCESS 0x1
86 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cFormatTags SUCCESS 0x3
87 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
88 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cFilterTags SUCCESS 0x0
89 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610 SUCCESS "msgsm32.acm"
90 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwSupport SUCCESS 0x1
91 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cFormatTags SUCCESS 0x2
92 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
93 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cFilterTags SUCCESS 0x0
94 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch SUCCESS "tssoft32.acm"
95 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\fdwSupport SUCCESS 0x1
96 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\cFormatTags SUCCESS 0x2
97 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
98 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\cFilterTags SUCCESS 0x0
99 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723 SUCCESS "msg723.acm"
100 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\fdwSupport SUCCESS 0x1
101 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\cFormatTags SUCCESS 0x2
102 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
103 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\cFilterTags SUCCESS 0x0
104 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1 SUCCESS "msaud32.acm"
105 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\fdwSupport SUCCESS 0x1
106 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\cFormatTags SUCCESS 0x3
107 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\aFormatTagCache SUCCESS 01 00 00 00 12 00 00 00 ...
108 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\cFilterTags SUCCESS 0x0
109 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet SUCCESS "sl_anet.acm"
110 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\fdwSupport SUCCESS 0x1
111 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\cFormatTags SUCCESS 0x2
112 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
113 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\cFilterTags SUCCESS 0x0
114 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2 SUCCESS "C:\WINDOWS\system32\iac25_32.ax"
115 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\fdwSupport SUCCESS 0x1
116 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\cFormatTags SUCCESS 0x2
117 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
118 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\cFilterTags SUCCESS 0x0
119 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm SUCCESS "C:\WINDOWS\system32\l3codeca.acm"
120 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwSupport SUCCESS 0x1
121 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFormatTags SUCCESS 0x2
122 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
123 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFilterTags SUCCESS 0x0
124 23:54:22 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.siren SUCCESS "sirenacm.dll"
125 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\fdwSupport SUCCESS 0x1
126 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cFormatTags SUCCESS 0x2
127 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\aFormatTagCache SUCCESS 01 00 00 00 10 00 00 00 ...
128 23:54:22 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cFilterTags SUCCESS 0x0
129 23:54:22 rundll32.exe:3472 QueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS 0x0
130 23:54:22 rundll32.exe:3472 QueryValue HKCU\Control Panel\Desktop\SmoothScroll SUCCESS 0x1
131 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\THAI SUCCESS 0x1
132 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\HEBREW SUCCESS 0x0
133 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\ARABIC SUCCESS 0x0
134 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\VIETNAMESE SUCCESS 0x3
135 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\INDIAN SUCCESS 0x4
136 23:54:22 rundll32.exe:3472 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\SURROGATE SUCCESS 0x2
137 23:54:22 rundll32.exe:3472 QueryValue HKCU\Control Panel\Desktop\SmoothScroll SUCCESS 0x1
138 23:54:22 rundll32.exe:3472 QueryValue HKLM\System\CurrentControlSet\Control\ProductOptions\ProductType SUCCESS "WinNT"
139 23:54:22 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal SUCCESS "%USERPROFILE%\Mes documents"
140 23:54:22 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings SUCCESS "%USERPROFILE%\Local Settings"
141 23:54:22 rundll32.exe:3472 QueryValue HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName SUCCESS "GANIBARD-A3F22B"
142 23:54:23 rundll32.exe:3472 QueryValue HKLM\System\CurrentControlSet\Services\LDAP\LdapClientIntegrity SUCCESS 0x1
143 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\CTF\SystemShared\CUAS SUCCESS 0x0
144 23:54:23 rundll32.exe:3472 QueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS "1"
145 23:54:23 rundll32.exe:3472 QueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS "1"
146 23:54:23 rundll32.exe:3472 QueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey SUCCESS "2"
147 23:54:23 rundll32.exe:3472 QueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey SUCCESS "2"
148 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\IMM\Ime File SUCCESS "msctfime.ime"
149 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\CTF\SystemShared\CUAS SUCCESS 0x0
150 23:54:23 rundll32.exe:3472 QueryValue HKLM\SYSTEM\WPA\MediaCenter\Installed SUCCESS 0x0
151 23:54:23 rundll32.exe:3472 QueryValue HKLM\Hardware\DeviceMap\VIDEO\MaxObjectNumber SUCCESS 0x3
152 23:54:23 rundll32.exe:3472 QueryValue HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\PCI\VEN_10DE&DEV_0185&SUBSYS_20181682&REV_C1\4&1affaa3d&0&0008\HardwareID SUCCESS "PCI\VEN_10DE&DEV_0185&SUBSYS_20181682&REV_C1"
153 23:54:23 rundll32.exe:3472 QueryValue HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\PCI\VEN_10DE&DEV_0185&SUBSYS_20181682&REV_C1\4&1affaa3d&0&0008\HardwareID SUCCESS "PCI\VEN_10DE&DEV_0185&SUBSYS_20181682&REV_C1"
154 23:54:23 rundll32.exe:3472 QueryValue HKLM\Hardware\DeviceMap\Video\\Device\Video0 SUCCESS "\Registry\Machine\System\CurrentControlSet\Control\Video\{CDC5B952-8FD8-4BBA-9A32-444F483AE1D8}\0000"
155 23:54:23 rundll32.exe:2748 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
156 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
157 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\CTF\SystemShared\CUAS SUCCESS 0x0
158 23:54:23 rundll32.exe:3472 QueryKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts SUCCESS Subkeys = 0
159 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\GDIPlus\FontCachePath SUCCESS "C:\Documents and Settings\GANIBARDI\Local Settings\Application Data"
160 23:54:23 rundll32.exe:2748 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
161 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
162 23:54:23 rundll32.exe:2748 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
163 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InProcServer32 SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32
164 23:54:23 rundll32.exe:2748 QueryValue HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InProcServer32\(Default) SUCCESS "C:\WINDOWS\system32\nvshell.dll"
165 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InProcServer32 SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32
166 23:54:23 rundll32.exe:2748 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1CDB2949-8F65-4355-8456-263E7C208A5D} {000214E6-0000-0000-C000-000000000046} 0x401 SUCCESS 0x1
167 23:54:23 rundll32.exe:2748 QueryValue HKCR\CLSID\{1cdb2949-8f65-4355-8456-263e7c208a5d}\InProcServer32\(Default) SUCCESS "C:\WINDOWS\system32\nvshell.dll"
168 23:54:23 rundll32.exe:2748 QueryValue HKLM\Software\Microsoft\COM3\REGDBVersion SUCCESS 1C 00 00 00 00 00 00 00
169 23:54:23 rundll32.exe:2748 QueryValue HKLM\Software\Microsoft\COM3\REGDBVersion SUCCESS 1C 00 00 00 00 00 00 00
170 23:54:23 rundll32.exe:2748 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
171 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
172 23:54:23 rundll32.exe:2748 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
173 23:54:23 rundll32.exe:2748 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
174 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
175 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32 SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32
176 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
177 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
178 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
179 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32 SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32
180 23:54:23 rundll32.exe:2748 QueryValue HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\nvshell.dll"
181 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
182 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
183 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
184 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
185 23:54:23 rundll32.exe:2748 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
186 23:54:23 rundll32.exe:2748 QueryKey HKCR\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D} SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1CDB2949-8F65-4355-8456-263E7C208A5D}
187 23:54:23 rundll32.exe:2748 QueryValue HKCU\Software\NVIDIA Corporation\Global\nView\nViewLoaded SUCCESS 0x1
188 23:54:23 rundll32.exe:3472 QueryValue HKLM\System\CurrentControlSet\Control\Nls\Locale\0000040C SUCCESS "1"
189 23:54:23 rundll32.exe:3472 QueryValue HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1 SUCCESS "1"
190 23:54:23 rundll32.exe:2748 QueryValue HKCU\Software\NVIDIA Corporation\Global\nView\Shell SUCCESS 0x0
191 23:54:23 rundll32.exe:3472 QueryKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink SUCCESS Subkeys = 0
192 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink\Lucida Sans Unicode SUCCESS "MSGOTHIC.TTC,MS UI Gothic"
193 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink\Tahoma SUCCESS "MSGOTHIC.TTC,MS UI Gothic"
194 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink\Microsoft Sans Serif SUCCESS "MSGOTHIC.TTC,MS UI Gothic"
195 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
196 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
197 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\(Default) SUCCESS "%SystemRoot%\system32\SHELL32.dll"
198 23:54:23 rundll32.exe:3472 QueryValue HKCU\Control Panel\don't load\ncpa.cpl SUCCESS "No"
199 23:54:23 rundll32.exe:3472 QueryValue HKCU\Control Panel\don't load\odbccp32.cpl SUCCESS "No"
200 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\CPLs\Internet Connection Firewall SUCCESS "Firewall.cpl"
201 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\CPLs\NetSetupWizard SUCCESS "NetSetup.cpl"
202 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\CPLs\Speech SUCCESS "C:\Program Files\Fichiers communs\Microsoft Shared\Speech\sapi.cpl"
203 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\CPLs\Cmcpls SUCCESS "C:\WINDOWS\System\cmicnfg.cpl"
204 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\CPLs\ SUCCESS ""
205 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\CPLs\Nero BurnRights SUCCESS "C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl"
206 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\CPLs\mlcfg32.cpl SUCCESS "C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL"
207 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Controls Folder\Presentation LCID SUCCESS 0x40C
208 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Controls Folder\Presentation Cache SUCCESS 48 01 00 00 03 00 00 00 ...
209 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: Accessibility_Options
210 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: Add-Remove_Programs
211 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: Date-Time
212 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: Dialing_Options
213 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: Display_Properties
214 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: Internet_Options
215 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: Printers
216 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Printers\(Default) SUCCESS "{2227A280-3AEA-1069-A2DE-08002B30309D}"
217 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: {0DF44EAA-FF21-4412-828E-260A8728E7F1}
218 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
219 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: {7007ACC7-3202-11D1-AAD2-00805FC1270E}
220 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: {D20EA4E1-3957-11d2-A40B-0C5020524152}
221 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: {D20EA4E1-3957-11d2-A40B-0C5020524153}
222 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
223 23:54:23 rundll32.exe:3472 EnumerateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace SUCCESS Name: {E211B736-43FD-11D1-9EFB-0000F8757FCD}
224 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
225 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
226 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}
227 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}\LocalizedString SUCCESS "@%SystemRoot%\system32\SHELL32.dll,-9319"
228 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1757981266-1390067357-725345543-1003\Flags SUCCESS 0x0
229 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1757981266-1390067357-725345543-1003\State SUCCESS 0x100
230 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1757981266-1390067357-725345543-1003\CentralProfile SUCCESS ""
231 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1757981266-1390067357-725345543-1003\ProfileImagePath SUCCESS "%SystemDrive%\Documents and Settings\GANIBARDI"
232 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1757981266-1390067357-725345543-1003\ProfileLoadTimeLow SUCCESS 0x245C9702
233 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1757981266-1390067357-725345543-1003\ProfileLoadTimeHigh SUCCESS 0x1C7B841
234 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\LangID SUCCESS 0C 04
235 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-9319 SUCCESS "Imprimantes et télécopieurs"
236 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
237 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}\ShellFolder
238 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}\ShellFolder\Attributes SUCCESS 0x20000004
239 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}\ShellFolder
240 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
241 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
242 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
243 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\LocalizedString SUCCESS "@%SystemRoot%\system32\SHELL32.dll,-32517"
244 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-32517 SUCCESS "Barre des tâches et menu Démarrer"
245 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
246 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
247 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
248 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\ShellFolder
249 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\ShellFolder\Attributes SUCCESS 0x0
250 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\ShellFolder
251 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} SUCCESS 0x20
252 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
253 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
254 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
255 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\{305CA226-D286-468E-B848-2B2E8E697B74} 2 SUCCESS 0x1
256 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
257 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
258 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
259 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\LocalizedString SUCCESS "@%SystemRoot%\system32\SHELL32.dll,-22985"
260 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22985 SUCCESS "Options des dossiers"
261 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
262 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
263 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
264 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\ShellFolder
265 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF}\ShellFolder\Attributes SUCCESS 0x0
266 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\ShellFolder
267 23:54:23 rundll32.exe:3472 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF} SUCCESS 0x40000021
268 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
269 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
270 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
271 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\{305CA226-D286-468E-B848-2B2E8E697B74} 2 SUCCESS 0x1
272 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
273 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
274 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
275 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\LocalizedString SUCCESS "@C:\WINDOWS\system32\netshell.dll,-1200"
276 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1200 SUCCESS "Connexions réseau"
277 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
278 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
279 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
280 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\ShellFolder
281 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\ShellFolder\Attributes SUCCESS 00 00 00 20
282 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\ShellFolder
283 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
284 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
285 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524152} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}
286 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}\LocalizedString SUCCESS "@%SystemRoot%\system32\SHELL32.dll,-22981"
287 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22981 SUCCESS "Polices"
288 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
289 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524152} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}
290 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
291 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524152}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}\ShellFolder
292 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524152}\ShellFolder\Attributes SUCCESS 0x60000000
293 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524152}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}\ShellFolder
294 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
295 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
296 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524153} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}
297 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}\LocalizedString SUCCESS "@%SystemRoot%\system32\SHELL32.dll,-22982"
298 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22982 SUCCESS "Outils d'administration"
299 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
300 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524153} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}
301 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
302 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524153}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}\ShellFolder
303 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524153}\ShellFolder\Attributes SUCCESS 0x60000100
304 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{D20EA4E1-3957-11D2-A40B-0C5020524153}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}\ShellFolder
305 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
306 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
307 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
308 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\LocalizedString SUCCESS "@C:\WINDOWS\system32\mstask.dll,-3408"
309 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\mstask.dll,-3408 SUCCESS "Tâches planifiées"
310 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
311 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
312 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
313 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\ShellFolder
314 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\ShellFolder\Attributes SUCCESS 00 00 00 21
315 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\ShellFolder
316 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
317 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID
318 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
319 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\LocalizedString SUCCESS "@%SystemRoot%\system32\wiashext.dll,-331"
320 23:54:23 rundll32.exe:3472 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\wiashext.dll,-331 SUCCESS "Scanneurs et appareils photo"
321 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
322 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD} SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
323 23:54:23 rundll32.exe:3472 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-725345543-1003_CLASSES
324 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ShellFolder
325 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ShellFolder\Attributes SUCCESS 0x20400004
326 23:54:23 rundll32.exe:3472 QueryKey HKCR\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ShellFolder SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ShellFolder
327 23:54:23 rundll32.exe:3472 QueryValue HKCR\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ShellFolder\CallForAttributes SUCCESS 0x0
328 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\Firewall.cpl SUCCESS "3,10"
329 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\wscui.cpl SUCCESS 0xFFFFFFFF
330 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\NetSetup.cpl SUCCESS 0x3
331 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\C:\Program Files\Fichiers communs\Microsoft Shared\Speech\sapi.cpl SUCCESS 0x4
332 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\System32\wuaucpl.cpl SUCCESS 0xA
333 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\appwiz.cpl SUCCESS 0x8
334 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\access.cpl SUCCESS 0x7
335 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\bthprops.cpl SUCCESS "2,3"
336 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\desk.cpl SUCCESS 0x1
337 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\hdwwiz.cpl SUCCESS 0xFFFFFFFF
338 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\inetcpl.cpl SUCCESS "3,10"
339 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\intl.cpl SUCCESS 0x6
340 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\irprops.cpl SUCCESS 0x2
341 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\joy.cpl SUCCESS 0x2
342 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\main.cpl SUCCESS 0x2
343 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\mmsys.cpl SUCCESS 0x4
344 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\ncpa.cpl SUCCESS 0x3
345 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\nwc.cpl SUCCESS 0x0
346 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\nusrmgr.cpl SUCCESS 0x9
347 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\odbccp32.cpl SUCCESS 0x0
348 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\powercfg.cpl SUCCESS 0x5
349 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\sticpl.cpl SUCCESS 0x2
350 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\sysdm.cpl SUCCESS "5"
351 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\telephon.cpl SUCCESS 0x2
352 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\timedate.cpl SUCCESS 0x6
353 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\ecsepm.cpl SUCCESS 0x2
354 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\ SUCCESS ""
355 23:54:23 rundll32.exe:3472 EnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\C:\Program Files\Microsoft Office\Office12\MLCFG32.CPL SUCCESS 0x9
356 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\access.cpl SUCCESS 0x7
357 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\C:\Program Files\Fichiers communs\Microsoft Shared\Speech\sapi.cpl SUCCESS 0x4
358 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\(Default) SUCCESS ""
359 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\appwiz.cpl SUCCESS 0x8
360 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\desk.cpl SUCCESS 0x1
361 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\hdwwiz.cpl SUCCESS 0xFFFFFFFF
362 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\intl.cpl SUCCESS 0x6
363 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\joy.cpl SUCCESS 0x2
364 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\main.cpl SUCCESS 0x2
365 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\main.cpl SUCCESS 0x2
366 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\mmsys.cpl SUCCESS 0x4
367 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\nusrmgr.cpl SUCCESS 0x9
368 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\powercfg.cpl SUCCESS 0x5
369 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\sysdm.cpl SUCCESS "5"
370 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\telephon.cpl SUCCESS 0x2
371 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\timedate.cpl SUCCESS 0x6
372 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\wscui.cpl SUCCESS 0xFFFFFFFF
373 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\(Default) SUCCESS ""
374 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\C:\Program Files\Microsoft Office\Office12\MLCFG32.CPL SUCCESS 0x9
375 23:54:23 rundll32.exe:3472 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468E-B848-2B2E8E697B74} 2\%SystemRoot%\system32\inetcpl.cpl SUCCESS "3,10"
376 23:54:23 rundll32.exe:3472 QueryValue HKLM\SYSTEM\WPA\MediaCenter\Installed SUCCESS 0x0
377 23:54:23 rundll32.exe:3472 QueryValue HKLM\System\Setup\SystemSetupInProgress SUCCESS 0x0
378 23:54:23 rundll32.exe:3472 QueryValue HKLM\System\WPA\PnP\seed SUCCESS 0xD7CA2224
379 23:54:23 rundll32.exe:3472 QueryValue HKLM\SYSTEM\Setup\OsLoaderPath SUCCESS "\"
380 23:54:23 rundll32.exe:3472 QueryValue HKLM\SYSTEM\Setup\OsLoaderPath SUCCESS "\"
381 23:54

   
Répondre à Edward Withen
26 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net