Format du document : text/plain
Prévisualisation
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 14:30:55 le 23/01/2017
4.
5. Valeur(s) recherchée(s):
6. Rundll32.exe
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14.
15. "C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\rundll32.exe" [ ARCHIVE | 960 Ko ]
16. TC: 10/09/2016,13:30:13 | TM: 10/03/2016,13:07:16 | DA: 22/01/2017,21:07:50
17.
18.
19. =========================
20.
21.
22. "C:\Qoobox\Quarantine\C\Users\Public\Documents\rundll32.exe.vir" [ ARCHIVE | 45 Ko ]
23. TC: 28/11/2016,11:12:45 | TM: 14/07/2009,02:14:31 | DA: 15/01/2017,16:02:34
24.
25.
26. =========================
27.
28.
29. "C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Recent\Seaf Rundll32.exe C 230117.lnk" [ ARCHIVE | 672 o ]
30. TC: 23/01/2017,12:04:14 | TM: 23/01/2017,12:04:14 | DA: 23/01/2017,14:30:46
31.
32.
33. =========================
34.
35.
36. "C:\Users\Bruno\Desktop\Seaf Rundll32.exe C 230117.txt" [ ARCHIVE | 602 o ]
37. TC: 23/01/2017,12:04:14 | TM: 23/01/2017,12:04:14 | DA: 23/01/2017,12:04:14
38.
39.
40. =========================
41.
42.
43. "C:\Windows\System32\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
44. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 23/01/2017,12:33:01
45.
46.
47. =========================
48.
49.
50. "C:\Windows\System32\rundll32.exe" [ ARCHIVE | 45 Ko ]
51. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 23/01/2017,13:54:29
52.
53.
54. =========================
55.
56.
57. "C:\Windows\SysWOW64\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
58. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 23/01/2017,12:33:01
59.
60.
61. =========================
62.
63.
64. "C:\Windows\SysWOW64\rundll32.exe" [ ARCHIVE | 45 Ko ]
65. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 23/01/2017,13:54:29
66.
67.
68. =========================
69.
70.
71. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b43474aa60ecabf\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
72. TC: 14/07/2009,16:23:32 | TM: 14/07/2009,16:23:32 | DA: 11/01/2017,14:10:54
73.
74.
75. =========================
76.
77.
78. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe" [ ARCHIVE | 46 Ko ]
79. TC: 14/07/2009,00:57:20 | TM: 14/07/2009,02:39:31 | DA: 23/01/2017,10:58:04
80.
81.
82. =========================
83.
84.
85. "C:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ef24abc6edb15989\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
86. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 11/01/2017,15:47:14
87.
88.
89. =========================
90.
91.
92. "C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe" [ ARCHIVE | 45 Ko ]
93. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 23/01/2017,11:31:04
94.
95.
96. =========================
97.
98.
99. "D:\logiciels\pebuilder3110a\BartPE\I386\SYSTEM32\RUNDLL32.EXE" [ ARCHIVE | 34 Ko ]
100. TC: 09/03/2009,16:09:00 | TM: 19/08/2004,16:10:04 | DA: 07/11/2016,11:01:56
101.
102.
103. =========================
104.
105.
106.
107. ====== Entrée(s) du registre ======
108.
109.
110. [HKLM\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
111. "StubPath"="C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install" (REG_SZ)
112.
113. [HKLM\Software\Microsoft\SideShow\Gadgets\{B4874D4D-EF94-43EE-8EBF-F57EAF32F177}]
114. "StartCommand"="rundll32.exe C:\PROGRA~2\MICROS~1\Office12\OLSIDE~1.DLL,StartGadget" (REG_SZ)
115.
116. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
117. "KillList"="%1;explorer.exe;dvdplay.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;" (REG_SZ)
118.
119. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
120. "HostApps"="RUNDLL32.EXE;MSHTA.EXE;DLLHOST.EXE;APPLAUNCH.EXE;HH.EXE;WINHLP32.EXE;MMC.EXE;" (REG_SZ)
121.
122. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\0\{27dfca82-8593-46e4-98d8-23eb83452f65}\shell\InvokeTask\command]
123. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewEmail %*" (REG_EXPAND_SZ)
124.
125. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\1\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command]
126. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ)
127.
128. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\2\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command]
129. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ)
130.
131. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\3\{9d4b9c0a-7b4e-4c0d-926e-a536d781cff6}\shell\InvokeTask\command]
132. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnEdit %*" (REG_EXPAND_SZ)
133.
134. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\6\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command]
135. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ)
136.
137. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\7\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command]
138. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ)
139.
140. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\0\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command]
141. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ)
142.
143. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\1\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command]
144. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ)
145.
146. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\2\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command]
147. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ)
148.
149. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\3\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command]
150. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ)
151.
152. [HKLM\Software\Classes\AppID\rundll32.exe]
153. DA: 06/01/2017 10:00:39
154.
155. [HKLM\Software\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}]
156. ""="rundll32.exe" (REG_SZ)
157.
158. [HKLM\Software\Classes\Application.Manifest\shell\open\command]
159. ""="rundll32.exe dfshim.dll,ShOpenVerbApplication %1" (REG_SZ)
160.
161. [HKLM\Software\Classes\Application.Reference\shell\open\command]
162. ""="rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2" (REG_SZ)
163.
164. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\open\command]
165. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
166.
167. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\print\command]
168. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
169.
170. [HKLM\Software\Classes\CATFile\shell\open\command]
171. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1" (REG_EXPAND_SZ)
172.
173. [HKLM\Software\Classes\CERFile\shell\add\command]
174. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCER %1" (REG_EXPAND_SZ)
175.
176. [HKLM\Software\Classes\CERFile\shell\open\command]
177. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCER %1" (REG_EXPAND_SZ)
178.
179. [HKLM\Software\Classes\CertificateStoreFile\shell\open\command]
180. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenSTR %1" (REG_EXPAND_SZ)
181.
182. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
183. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ)
184.
185. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
186. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ)
187.
188. [HKLM\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command]
189. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ)
190.
191. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command]
192. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ)
193.
194. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command]
195. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ)
196.
197. [HKLM\Software\Classes\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32]
198. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ)
199.
200. [HKLM\Software\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command]
201. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ)
202.
203. [HKLM\Software\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command]
204. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ)
205.
206. [HKLM\Software\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command]
207. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ)
208.
209. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command]
210. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
211.
212. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command]
213. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
214.
215. [HKLM\Software\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
216. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ)
217.
218. [HKLM\Software\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command]
219. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ)
220.
221. [HKLM\Software\Classes\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command]
222. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ)
223.
224. [HKLM\Software\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command]
225. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ)
226.
227. [HKLM\Software\Classes\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32]
228. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ)
229.
230. [HKLM\Software\Classes\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32]
231. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ)
232.
233. [HKLM\Software\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command]
234. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ)
235.
236. [HKLM\Software\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command]
237. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ)
238.
239. [HKLM\Software\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command]
240. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ)
241.
242. [HKLM\Software\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command]
243. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ)
244.
245. [HKLM\Software\Classes\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32]
246. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ)
247.
248. [HKLM\Software\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command]
249. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ)
250.
251. [HKLM\Software\Classes\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32]
252. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ)
253.
254. [HKLM\Software\Classes\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32]
255. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ)
256.
257. [HKLM\Software\Classes\cplfile\shell\runas\command]
258. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*" (REG_EXPAND_SZ)
259.
260. [HKLM\Software\Classes\CRLFile\shell\add\command]
261. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCRL %1" (REG_EXPAND_SZ)
262.
263. [HKLM\Software\Classes\CRLFile\shell\open\command]
264. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCRL %1" (REG_EXPAND_SZ)
265.
266. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{0850302A-B344-4fda-9BE9-90576B8D46F0}\Shell\Bluetooth\command]
267. ""="rundll32.exe shell32.dll,Control_RunDLL bthprops.cpl,,1" (REG_SZ)
268.
269. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{70FFD812-4C7F-4C7D-926A-637B7DD852AF}\Shell\DeviceInstall\command]
270. ""="rundll32.exe newdev.dll,DeviceInternetSettingUi 2" (REG_SZ)
271.
272. [HKLM\Software\Classes\giffile\shell\printto\command]
273. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
274.
275. [HKLM\Software\Classes\htmlfile\shell\Print\command]
276. ""="rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"" (REG_EXPAND_SZ)
277.
278. [HKLM\Software\Classes\htmlfile\shell\printto\command]
279. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
280.
281. [HKLM\Software\Classes\icofile\shell\open\command]
282. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
283.
284. [HKLM\Software\Classes\InternetShortcut\shell\Open\Command]
285. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l" (REG_SZ)
286.
287. [HKLM\Software\Classes\InternetShortcut\shell\print\command]
288. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
289.
290. [HKLM\Software\Classes\InternetShortcut\shell\printto\command]
291. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
292.
293. [HKLM\Software\Classes\jpegfile\shell\open\command]
294. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
295.
296. [HKLM\Software\Classes\jpegfile\shell\printto\command]
297. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
298.
299. [HKLM\Software\Classes\Microsoft.InformationCard\Shell\open\command]
300. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ)
301.
302. [HKLM\Software\Classes\Microsoft.WindowsCardSpaceBackup\Shell\open\command]
303. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ)
304.
305. [HKLM\Software\Classes\MSDASC\shell\open\command]
306. ""="Rundll32.exe "%CommonProgramFiles%\System\OLE DB\oledb32.dll",OpenDSLFile %1" (REG_EXPAND_SZ)
307.
308. [HKLM\Software\Classes\MSSppPackageFile\shell\open\command]
309. ""="rundll32.exe sppcc.dll, OpenPackage %1" (REG_SZ)
310.
311. [HKLM\Software\Classes\msstylesfile\shell\open\command]
312. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"" (REG_EXPAND_SZ)
313.
314. [HKLM\Software\Classes\NetworkExplorerPlugins\urn:schemas-wifialliance-org:device:WFADevice:1\shell\Configure\command]
315. ""=""%SystemRoot%\System32\rundll32.exe" wcnwiz.dll,RunWcnWizardForDevice /c /u %1" (REG_EXPAND_SZ)
316.
317. [HKLM\Software\Classes\oms\shell\open\command]
318. ""="rundll32.exe C:\PROGRA~2\MICROS~1\Office12\OMSMAIN.DLL, OmsProtocolHandler %1" (REG_SZ)
319.
320. [HKLM\Software\Classes\opensearchresult\shell\print\command]
321. ""="rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"" (REG_EXPAND_SZ)
322.
323. [HKLM\Software\Classes\P7RFile\shell\add\command]
324. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddP7R %1" (REG_EXPAND_SZ)
325.
326. [HKLM\Software\Classes\P7RFile\shell\open\command]
327. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenP7R %1" (REG_EXPAND_SZ)
328.
329. [HKLM\Software\Classes\P7SFile\shell\open\command]
330. ""="%SystemRoot%\system32\\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ)
331.
332. [HKLM\Software\Classes\Paint.Picture\shell\open\command]
333. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
334.
335. [HKLM\Software\Classes\PFXFile\shell\add\command]
336. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddPFX %1" (REG_EXPAND_SZ)
337.
338. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
339. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
340.
341. [HKLM\Software\Classes\PhotoViewer.FileAssoc.JFIF\shell\open\command]
342. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
343.
344. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
345. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
346.
347. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Png\shell\open\command]
348. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
349.
350. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Tiff\shell\open\command]
351. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
352.
353. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Wdp\shell\open\command]
354. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
355.
356. [HKLM\Software\Classes\pjpegfile\shell\open\command]
357. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
358.
359. [HKLM\Software\Classes\pjpegfile\shell\printto\command]
360. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
361.
362. [HKLM\Software\Classes\pngfile\shell\open\command]
363. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
364.
365. [HKLM\Software\Classes\pngfile\shell\printto\command]
366. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
367.
368. [HKLM\Software\Classes\prffile\shell\Open\command]
369. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnPRF %1" (REG_EXPAND_SZ)
370.
371. [HKLM\Software\Classes\ratfile\Shell\Open\Command]
372. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnRAT %1" (REG_EXPAND_SZ)
373.
374. [HKLM\Software\Classes\RDB.AutoPlayHandler\shell\properties\command]
375. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\sysmain.dll,RDBMgmtLaunchProperties %L" (REG_EXPAND_SZ)
376.
377. [HKLM\Software\Classes\SavedDsQuery\Shell\open\command]
378. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1" (REG_EXPAND_SZ)
379.
380. [HKLM\Software\Classes\scrfile\shell\install\command]
381. ""="rundll32.exe desk.cpl,InstallScreenSaver %l" (REG_SZ)
382.
383. [HKLM\Software\Classes\scriptletfile\Shell\Generate Typelib\command]
384. ""=""C:\Windows\system32\rundll32.exe" C:\Windows\system32\scrobj.dll,GenerateTypeLib %1" (REG_SZ)
385.
386. [HKLM\Software\Classes\Shell.CDBurn\Shell\Prepare\Command]
387. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,PrepareDiscForBurnRunDll %L" (REG_EXPAND_SZ)
388.
389. [HKLM\Software\Classes\SPCFile\shell\add\command]
390. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddSPC %1" (REG_EXPAND_SZ)
391.
392. [HKLM\Software\Classes\SPCFile\shell\open\command]
393. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ)
394.
395. [HKLM\Software\Classes\STLFile\shell\add\command]
396. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCTL %1" (REG_EXPAND_SZ)
397.
398. [HKLM\Software\Classes\STLFile\shell\open\command]
399. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCTL %1" (REG_EXPAND_SZ)
400.
401. [HKLM\Software\Classes\svgfile\shell\print\command]
402. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"" (REG_EXPAND_SZ)
403.
404. [HKLM\Software\Classes\svgfile\shell\printto\command]
405. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
406.
407. [HKLM\Software\Classes\SystemFileAssociations\image\shell\print\command]
408. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
409.
410. [HKLM\Software\Classes\telnet\shell\open\command]
411. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\url.dll",TelnetProtocolHandler %l" (REG_EXPAND_SZ)
412.
413. [HKLM\Software\Classes\themefile\shell\open\command]
414. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ)
415.
416. [HKLM\Software\Classes\themepackfile\shell\open\command]
417. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ)
418.
419. [HKLM\Software\Classes\TIFImage.Document\shell\open\command]
420. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
421.
422. [HKLM\Software\Classes\TIFImage.Document\shell\printto\command]
423. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
424.
425. [HKLM\Software\Classes\Unknown\shell\openas\command]
426. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" (REG_EXPAND_SZ)
427.
428. [HKLM\Software\Classes\Unknown\shell\opendlg\command]
429. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" (REG_EXPAND_SZ)
430.
431. [HKLM\Software\Classes\WCN.AutoPlayHandler\shell\open\command]
432. ""="%systemroot%\system32\rundll32.exe %systemroot%\system32\wzcdlg.dll,ImportFlashProfile %L" (REG_EXPAND_SZ)
433.
434. [HKLM\Software\Classes\wcxfile\shell\Open\Command]
435. ""="rundll32.exe xwizards.dll,RunWizard /u {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z%1" (REG_SZ)
436.
437. [HKLM\Software\Classes\wdpfile\shell\open\command]
438. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
439.
440. [HKLM\Software\Classes\wdpfile\shell\print\command]
441. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1" (REG_EXPAND_SZ)
442.
443. [HKLM\Software\Classes\wdpfile\shell\printto\command]
444. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
445.
446. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
447. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ)
448.
449. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
450. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ)
451.
452. [HKLM\Software\Classes\Wow6432Node\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command]
453. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ)
454.
455. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command]
456. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ)
457.
458. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command]
459. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ)
460.
461. [HKLM\Software\Classes\Wow6432Node\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32]
462. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ)
463.
464. [HKLM\Software\Classes\Wow6432Node\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command]
465. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ)
466.
467. [HKLM\Software\Classes\Wow6432Node\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command]
468. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ)
469.
470. [HKLM\Software\Classes\Wow6432Node\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command]
471. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ)
472.
473. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command]
474. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
475.
476. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command]
477. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
478.
479. [HKLM\Software\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
480. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ)
481.
482. [HKLM\Software\Classes\Wow6432Node\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command]
483. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ)
484.
485. [HKLM\Software\Classes\Wow6432Node\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command]
486. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ)
487.
488. [HKLM\Software\Classes\Wow6432Node\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command]
489. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ)
490.
491. [HKLM\Software\Classes\Wow6432Node\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32]
492. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ)
493.
494. [HKLM\Software\Classes\Wow6432Node\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32]
495. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ)
496.
497. [HKLM\Software\Classes\Wow6432Node\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command]
498. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ)
499.
500. [HKLM\Software\Classes\Wow6432Node\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command]
501. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ)
502.
503. [HKLM\Software\Classes\Wow6432Node\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command]
504. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ)
505.
506. [HKLM\Software\Classes\Wow6432Node\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command]
507. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ)
508.
509. [HKLM\Software\Classes\Wow6432Node\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32]
510. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ)
511.
512. [HKLM\Software\Classes\Wow6432Node\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command]
513. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ)
514.
515. [HKLM\Software\Classes\Wow6432Node\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32]
516. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ)
517.
518. [HKLM\Software\Classes\Wow6432Node\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32]
519. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ)
520.
521. [HKLM\Software\Classes\Wow6432Node\AppID\rundll32.exe]
522. DA: 06/01/2017 10:00:39
523.
524. [HKLM\Software\Classes\Wow6432Node\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}]
525. ""="rundll32.exe" (REG_SZ)
526.
527. [HKLM\Software\Classes\xhtmlfile\shell\print\command]
528. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"" (REG_EXPAND_SZ)
529.
530. [HKLM\Software\Classes\xhtmlfile\shell\printto\command]
531. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
532.
533. [HKLM\Software\Clients\Mail\Microsoft Outlook\shell\Properties\command]
534. ""="rundll32.exe shell32.dll,Control_RunDLL "C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL"" (REG_SZ)
535.
536. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f224ae3_0]
537. ""="{0.0.0.00000000}.{bca175d6-2564-4904-bf5b-de14445da46e}|\Device\HarddiskVolume2\Windows\System32\rundll32.exe%b{00000000-0000-0000-0000-000000000000}" (REG_SZ)
538.
539. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs]
540. "95"="Seaf Rundll32.exe C 230117.txt" (REG_BINARY)
541.
542. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt]
543. "1"="Seaf Rundll32.exe C 230117.txt" (REG_BINARY)
544.
545. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
546. "C:\Windows\System32\rundll32.exe"="Processus hôte Windows (Rundll32)" (REG_SZ)
547.
548. [HKU\S-1-5-21-1413675022-3679237491-1003182551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
549. "C:\Windows\System32\rundll32.exe"="Processus hôte Windows (Rundll32)" (REG_SZ)
550.
551. =========================
552.
553. Fin à: 14:32:20 le 23/01/2017
554. 715543 Éléments analysés
555.
556. =========================
557. E.O.F