1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 14:30:55 le 23/01/2017 4. 5. Valeur(s) recherchée(s): 6. Rundll32.exe 7. 8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9. 10. (!) --- Recherche registre 11. 12. ====== Fichier(s) ====== 13. 14. 15. "C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\rundll32.exe" [ ARCHIVE | 960 Ko ] 16. TC: 10/09/2016,13:30:13 | TM: 10/03/2016,13:07:16 | DA: 22/01/2017,21:07:50 17. 18. 19. ========================= 20. 21. 22. "C:\Qoobox\Quarantine\C\Users\Public\Documents\rundll32.exe.vir" [ ARCHIVE | 45 Ko ] 23. TC: 28/11/2016,11:12:45 | TM: 14/07/2009,02:14:31 | DA: 15/01/2017,16:02:34 24. 25. 26. ========================= 27. 28. 29. "C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Recent\Seaf Rundll32.exe C 230117.lnk" [ ARCHIVE | 672 o ] 30. TC: 23/01/2017,12:04:14 | TM: 23/01/2017,12:04:14 | DA: 23/01/2017,14:30:46 31. 32. 33. ========================= 34. 35. 36. "C:\Users\Bruno\Desktop\Seaf Rundll32.exe C 230117.txt" [ ARCHIVE | 602 o ] 37. TC: 23/01/2017,12:04:14 | TM: 23/01/2017,12:04:14 | DA: 23/01/2017,12:04:14 38. 39. 40. ========================= 41. 42. 43. "C:\Windows\System32\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ] 44. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 23/01/2017,12:33:01 45. 46. 47. ========================= 48. 49. 50. "C:\Windows\System32\rundll32.exe" [ ARCHIVE | 45 Ko ] 51. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 23/01/2017,13:54:29 52. 53. 54. ========================= 55. 56. 57. "C:\Windows\SysWOW64\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ] 58. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 23/01/2017,12:33:01 59. 60. 61. ========================= 62. 63. 64. "C:\Windows\SysWOW64\rundll32.exe" [ ARCHIVE | 45 Ko ] 65. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 23/01/2017,13:54:29 66. 67. 68. ========================= 69. 70. 71. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b43474aa60ecabf\rundll32.exe.mui" [ ARCHIVE | 3 Ko ] 72. TC: 14/07/2009,16:23:32 | TM: 14/07/2009,16:23:32 | DA: 11/01/2017,14:10:54 73. 74. 75. ========================= 76. 77. 78. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe" [ ARCHIVE | 46 Ko ] 79. TC: 14/07/2009,00:57:20 | TM: 14/07/2009,02:39:31 | DA: 23/01/2017,10:58:04 80. 81. 82. ========================= 83. 84. 85. "C:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ef24abc6edb15989\rundll32.exe.mui" [ ARCHIVE | 3 Ko ] 86. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 11/01/2017,15:47:14 87. 88. 89. ========================= 90. 91. 92. "C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe" [ ARCHIVE | 45 Ko ] 93. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 23/01/2017,11:31:04 94. 95. 96. ========================= 97. 98. 99. "D:\logiciels\pebuilder3110a\BartPE\I386\SYSTEM32\RUNDLL32.EXE" [ ARCHIVE | 34 Ko ] 100. TC: 09/03/2009,16:09:00 | TM: 19/08/2004,16:10:04 | DA: 07/11/2016,11:01:56 101. 102. 103. ========================= 104. 105. 106. 107. ====== Entrée(s) du registre ====== 108. 109. 110. [HKLM\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] 111. "StubPath"="C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install" (REG_SZ) 112. 113. [HKLM\Software\Microsoft\SideShow\Gadgets\{B4874D4D-EF94-43EE-8EBF-F57EAF32F177}] 114. "StartCommand"="rundll32.exe C:\PROGRA~2\MICROS~1\Office12\OLSIDE~1.DLL,StartGadget" (REG_SZ) 115. 116. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation] 117. "KillList"="%1;explorer.exe;dvdplay.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;" (REG_SZ) 118. 119. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation] 120. "HostApps"="RUNDLL32.EXE;MSHTA.EXE;DLLHOST.EXE;APPLAUNCH.EXE;HH.EXE;WINHLP32.EXE;MMC.EXE;" (REG_SZ) 121. 122. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\0\{27dfca82-8593-46e4-98d8-23eb83452f65}\shell\InvokeTask\command] 123. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewEmail %*" (REG_EXPAND_SZ) 124. 125. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\1\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command] 126. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ) 127. 128. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\2\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command] 129. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ) 130. 131. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\3\{9d4b9c0a-7b4e-4c0d-926e-a536d781cff6}\shell\InvokeTask\command] 132. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnEdit %*" (REG_EXPAND_SZ) 133. 134. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\6\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command] 135. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ) 136. 137. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\7\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command] 138. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ) 139. 140. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\0\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command] 141. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ) 142. 143. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\1\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command] 144. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ) 145. 146. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\2\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command] 147. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ) 148. 149. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\3\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command] 150. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ) 151. 152. [HKLM\Software\Classes\AppID\rundll32.exe] 153. DA: 06/01/2017 10:00:39 154. 155. [HKLM\Software\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}] 156. ""="rundll32.exe" (REG_SZ) 157. 158. [HKLM\Software\Classes\Application.Manifest\shell\open\command] 159. ""="rundll32.exe dfshim.dll,ShOpenVerbApplication %1" (REG_SZ) 160. 161. [HKLM\Software\Classes\Application.Reference\shell\open\command] 162. ""="rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2" (REG_SZ) 163. 164. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\open\command] 165. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 166. 167. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\print\command] 168. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 169. 170. [HKLM\Software\Classes\CATFile\shell\open\command] 171. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1" (REG_EXPAND_SZ) 172. 173. [HKLM\Software\Classes\CERFile\shell\add\command] 174. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCER %1" (REG_EXPAND_SZ) 175. 176. [HKLM\Software\Classes\CERFile\shell\open\command] 177. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCER %1" (REG_EXPAND_SZ) 178. 179. [HKLM\Software\Classes\CertificateStoreFile\shell\open\command] 180. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenSTR %1" (REG_EXPAND_SZ) 181. 182. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32] 183. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ) 184. 185. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32] 186. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ) 187. 188. [HKLM\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command] 189. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ) 190. 191. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command] 192. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ) 193. 194. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command] 195. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ) 196. 197. [HKLM\Software\Classes\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32] 198. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ) 199. 200. [HKLM\Software\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command] 201. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ) 202. 203. [HKLM\Software\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command] 204. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ) 205. 206. [HKLM\Software\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command] 207. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ) 208. 209. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command] 210. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ) 211. 212. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command] 213. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ) 214. 215. [HKLM\Software\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32] 216. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ) 217. 218. [HKLM\Software\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command] 219. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ) 220. 221. [HKLM\Software\Classes\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command] 222. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ) 223. 224. [HKLM\Software\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command] 225. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ) 226. 227. [HKLM\Software\Classes\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32] 228. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ) 229. 230. [HKLM\Software\Classes\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32] 231. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ) 232. 233. [HKLM\Software\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command] 234. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ) 235. 236. [HKLM\Software\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command] 237. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ) 238. 239. [HKLM\Software\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command] 240. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ) 241. 242. [HKLM\Software\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command] 243. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ) 244. 245. [HKLM\Software\Classes\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32] 246. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ) 247. 248. [HKLM\Software\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command] 249. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ) 250. 251. [HKLM\Software\Classes\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32] 252. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ) 253. 254. [HKLM\Software\Classes\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32] 255. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ) 256. 257. [HKLM\Software\Classes\cplfile\shell\runas\command] 258. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*" (REG_EXPAND_SZ) 259. 260. [HKLM\Software\Classes\CRLFile\shell\add\command] 261. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCRL %1" (REG_EXPAND_SZ) 262. 263. [HKLM\Software\Classes\CRLFile\shell\open\command] 264. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCRL %1" (REG_EXPAND_SZ) 265. 266. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{0850302A-B344-4fda-9BE9-90576B8D46F0}\Shell\Bluetooth\command] 267. ""="rundll32.exe shell32.dll,Control_RunDLL bthprops.cpl,,1" (REG_SZ) 268. 269. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{70FFD812-4C7F-4C7D-926A-637B7DD852AF}\Shell\DeviceInstall\command] 270. ""="rundll32.exe newdev.dll,DeviceInternetSettingUi 2" (REG_SZ) 271. 272. [HKLM\Software\Classes\giffile\shell\printto\command] 273. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 274. 275. [HKLM\Software\Classes\htmlfile\shell\Print\command] 276. ""="rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"" (REG_EXPAND_SZ) 277. 278. [HKLM\Software\Classes\htmlfile\shell\printto\command] 279. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 280. 281. [HKLM\Software\Classes\icofile\shell\open\command] 282. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 283. 284. [HKLM\Software\Classes\InternetShortcut\shell\Open\Command] 285. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l" (REG_SZ) 286. 287. [HKLM\Software\Classes\InternetShortcut\shell\print\command] 288. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ) 289. 290. [HKLM\Software\Classes\InternetShortcut\shell\printto\command] 291. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ) 292. 293. [HKLM\Software\Classes\jpegfile\shell\open\command] 294. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 295. 296. [HKLM\Software\Classes\jpegfile\shell\printto\command] 297. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 298. 299. [HKLM\Software\Classes\Microsoft.InformationCard\Shell\open\command] 300. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ) 301. 302. [HKLM\Software\Classes\Microsoft.WindowsCardSpaceBackup\Shell\open\command] 303. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ) 304. 305. [HKLM\Software\Classes\MSDASC\shell\open\command] 306. ""="Rundll32.exe "%CommonProgramFiles%\System\OLE DB\oledb32.dll",OpenDSLFile %1" (REG_EXPAND_SZ) 307. 308. [HKLM\Software\Classes\MSSppPackageFile\shell\open\command] 309. ""="rundll32.exe sppcc.dll, OpenPackage %1" (REG_SZ) 310. 311. [HKLM\Software\Classes\msstylesfile\shell\open\command] 312. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"" (REG_EXPAND_SZ) 313. 314. [HKLM\Software\Classes\NetworkExplorerPlugins\urn:schemas-wifialliance-org:device:WFADevice:1\shell\Configure\command] 315. ""=""%SystemRoot%\System32\rundll32.exe" wcnwiz.dll,RunWcnWizardForDevice /c /u %1" (REG_EXPAND_SZ) 316. 317. [HKLM\Software\Classes\oms\shell\open\command] 318. ""="rundll32.exe C:\PROGRA~2\MICROS~1\Office12\OMSMAIN.DLL, OmsProtocolHandler %1" (REG_SZ) 319. 320. [HKLM\Software\Classes\opensearchresult\shell\print\command] 321. ""="rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"" (REG_EXPAND_SZ) 322. 323. [HKLM\Software\Classes\P7RFile\shell\add\command] 324. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddP7R %1" (REG_EXPAND_SZ) 325. 326. [HKLM\Software\Classes\P7RFile\shell\open\command] 327. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenP7R %1" (REG_EXPAND_SZ) 328. 329. [HKLM\Software\Classes\P7SFile\shell\open\command] 330. ""="%SystemRoot%\system32\\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ) 331. 332. [HKLM\Software\Classes\Paint.Picture\shell\open\command] 333. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 334. 335. [HKLM\Software\Classes\PFXFile\shell\add\command] 336. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddPFX %1" (REG_EXPAND_SZ) 337. 338. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Bitmap\shell\open\command] 339. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 340. 341. [HKLM\Software\Classes\PhotoViewer.FileAssoc.JFIF\shell\open\command] 342. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 343. 344. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Jpeg\shell\open\command] 345. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 346. 347. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Png\shell\open\command] 348. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 349. 350. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Tiff\shell\open\command] 351. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 352. 353. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Wdp\shell\open\command] 354. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 355. 356. [HKLM\Software\Classes\pjpegfile\shell\open\command] 357. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 358. 359. [HKLM\Software\Classes\pjpegfile\shell\printto\command] 360. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 361. 362. [HKLM\Software\Classes\pngfile\shell\open\command] 363. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 364. 365. [HKLM\Software\Classes\pngfile\shell\printto\command] 366. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 367. 368. [HKLM\Software\Classes\prffile\shell\Open\command] 369. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnPRF %1" (REG_EXPAND_SZ) 370. 371. [HKLM\Software\Classes\ratfile\Shell\Open\Command] 372. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnRAT %1" (REG_EXPAND_SZ) 373. 374. [HKLM\Software\Classes\RDB.AutoPlayHandler\shell\properties\command] 375. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\sysmain.dll,RDBMgmtLaunchProperties %L" (REG_EXPAND_SZ) 376. 377. [HKLM\Software\Classes\SavedDsQuery\Shell\open\command] 378. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1" (REG_EXPAND_SZ) 379. 380. [HKLM\Software\Classes\scrfile\shell\install\command] 381. ""="rundll32.exe desk.cpl,InstallScreenSaver %l" (REG_SZ) 382. 383. [HKLM\Software\Classes\scriptletfile\Shell\Generate Typelib\command] 384. ""=""C:\Windows\system32\rundll32.exe" C:\Windows\system32\scrobj.dll,GenerateTypeLib %1" (REG_SZ) 385. 386. [HKLM\Software\Classes\Shell.CDBurn\Shell\Prepare\Command] 387. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,PrepareDiscForBurnRunDll %L" (REG_EXPAND_SZ) 388. 389. [HKLM\Software\Classes\SPCFile\shell\add\command] 390. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddSPC %1" (REG_EXPAND_SZ) 391. 392. [HKLM\Software\Classes\SPCFile\shell\open\command] 393. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ) 394. 395. [HKLM\Software\Classes\STLFile\shell\add\command] 396. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCTL %1" (REG_EXPAND_SZ) 397. 398. [HKLM\Software\Classes\STLFile\shell\open\command] 399. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCTL %1" (REG_EXPAND_SZ) 400. 401. [HKLM\Software\Classes\svgfile\shell\print\command] 402. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"" (REG_EXPAND_SZ) 403. 404. [HKLM\Software\Classes\svgfile\shell\printto\command] 405. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 406. 407. [HKLM\Software\Classes\SystemFileAssociations\image\shell\print\command] 408. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 409. 410. [HKLM\Software\Classes\telnet\shell\open\command] 411. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\url.dll",TelnetProtocolHandler %l" (REG_EXPAND_SZ) 412. 413. [HKLM\Software\Classes\themefile\shell\open\command] 414. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ) 415. 416. [HKLM\Software\Classes\themepackfile\shell\open\command] 417. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ) 418. 419. [HKLM\Software\Classes\TIFImage.Document\shell\open\command] 420. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 421. 422. [HKLM\Software\Classes\TIFImage.Document\shell\printto\command] 423. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 424. 425. [HKLM\Software\Classes\Unknown\shell\openas\command] 426. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" (REG_EXPAND_SZ) 427. 428. [HKLM\Software\Classes\Unknown\shell\opendlg\command] 429. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" (REG_EXPAND_SZ) 430. 431. [HKLM\Software\Classes\WCN.AutoPlayHandler\shell\open\command] 432. ""="%systemroot%\system32\rundll32.exe %systemroot%\system32\wzcdlg.dll,ImportFlashProfile %L" (REG_EXPAND_SZ) 433. 434. [HKLM\Software\Classes\wcxfile\shell\Open\Command] 435. ""="rundll32.exe xwizards.dll,RunWizard /u {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z%1" (REG_SZ) 436. 437. [HKLM\Software\Classes\wdpfile\shell\open\command] 438. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ) 439. 440. [HKLM\Software\Classes\wdpfile\shell\print\command] 441. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1" (REG_EXPAND_SZ) 442. 443. [HKLM\Software\Classes\wdpfile\shell\printto\command] 444. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 445. 446. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32] 447. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ) 448. 449. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32] 450. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ) 451. 452. [HKLM\Software\Classes\Wow6432Node\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command] 453. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ) 454. 455. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command] 456. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ) 457. 458. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command] 459. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ) 460. 461. [HKLM\Software\Classes\Wow6432Node\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32] 462. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ) 463. 464. [HKLM\Software\Classes\Wow6432Node\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command] 465. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ) 466. 467. [HKLM\Software\Classes\Wow6432Node\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command] 468. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ) 469. 470. [HKLM\Software\Classes\Wow6432Node\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command] 471. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ) 472. 473. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command] 474. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ) 475. 476. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command] 477. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ) 478. 479. [HKLM\Software\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32] 480. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ) 481. 482. [HKLM\Software\Classes\Wow6432Node\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command] 483. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ) 484. 485. [HKLM\Software\Classes\Wow6432Node\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command] 486. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ) 487. 488. [HKLM\Software\Classes\Wow6432Node\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command] 489. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ) 490. 491. [HKLM\Software\Classes\Wow6432Node\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32] 492. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ) 493. 494. [HKLM\Software\Classes\Wow6432Node\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32] 495. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ) 496. 497. [HKLM\Software\Classes\Wow6432Node\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command] 498. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ) 499. 500. [HKLM\Software\Classes\Wow6432Node\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command] 501. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ) 502. 503. [HKLM\Software\Classes\Wow6432Node\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command] 504. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ) 505. 506. [HKLM\Software\Classes\Wow6432Node\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command] 507. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ) 508. 509. [HKLM\Software\Classes\Wow6432Node\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32] 510. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ) 511. 512. [HKLM\Software\Classes\Wow6432Node\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command] 513. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ) 514. 515. [HKLM\Software\Classes\Wow6432Node\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32] 516. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ) 517. 518. [HKLM\Software\Classes\Wow6432Node\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32] 519. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ) 520. 521. [HKLM\Software\Classes\Wow6432Node\AppID\rundll32.exe] 522. DA: 06/01/2017 10:00:39 523. 524. [HKLM\Software\Classes\Wow6432Node\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}] 525. ""="rundll32.exe" (REG_SZ) 526. 527. [HKLM\Software\Classes\xhtmlfile\shell\print\command] 528. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"" (REG_EXPAND_SZ) 529. 530. [HKLM\Software\Classes\xhtmlfile\shell\printto\command] 531. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ) 532. 533. [HKLM\Software\Clients\Mail\Microsoft Outlook\shell\Properties\command] 534. ""="rundll32.exe shell32.dll,Control_RunDLL "C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL"" (REG_SZ) 535. 536. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f224ae3_0] 537. ""="{0.0.0.00000000}.{bca175d6-2564-4904-bf5b-de14445da46e}|\Device\HarddiskVolume2\Windows\System32\rundll32.exe%b{00000000-0000-0000-0000-000000000000}" (REG_SZ) 538. 539. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs] 540. "95"="Seaf Rundll32.exe C 230117.txt" (REG_BINARY) 541. 542. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt] 543. "1"="Seaf Rundll32.exe C 230117.txt" (REG_BINARY) 544. 545. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] 546. "C:\Windows\System32\rundll32.exe"="Processus hôte Windows (Rundll32)" (REG_SZ) 547. 548. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] 549. "C:\Windows\System32\rundll32.exe"="Processus hôte Windows (Rundll32)" (REG_SZ) 550. 551. ========================= 552. 553. Fin à: 14:32:20 le 23/01/2017 554. 715543 Éléments analysés 555. 556. ========================= 557. E.O.F