Sujet Précédent Sujet Suivant

Virus URL:Mal et URL:Mal2

Résolu/Fermé
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 - 19 avril 2013 à 18:34
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 24 nov. 2013 à 12:21
Alors depuis que j'ai cliquer sur un lien via FACEBOOK, je du recevoir le virus URL:Mal et URL:Mal2, a cause ça j'ai 91 pages aimé, de tas d'abonnement sur les pages des gens alors que je ne les connais pas! Et tout ca en via ma page FB...

Et aussi des problèmes avec le navigateur, de plus je n'avais pas Avast d'installé à ce moment là... Ce que bien sur je me suis empressé de faire! Mais Maintenant à chaque page internet avast bloque le virus.

Enfin bref ça on s'en fou, moi j'aimerai réglé ce problème avec URL:Mal... DONC comme vous allez tous me dire de faire un ZHPdiag, est bien j'en fais un et voici le lien cijoint : https://www.cjoint.com/13av/CDswxGvOecM_zhpdiag.txt

J'espère que vous aurez une solution pour m'en débarrasser, car avast le détecte juste mais ne le supprime pas...
A voir également:

13 réponses

Réponse 1 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
19 avril 2013 à 19:58
Salut,

▶ Télécharge ici :SEAF.exe de C_XX

▶ Lance-le, une fenêtre va s'ouvrir .

● Tape ll32.exe dans cette fenêtre

● Dans "[Options des fichiers]", choisis l'option MD5 pour "Calculer le checksum" et coche le bouton radio devant "Informations supplémentaires"

● Dans "[Options du registre]", choisis "Chercher également dans le registre"


▶ Clique sur "Lancer la rechercher"
Patiente pendant la recherche.
Une fenêtre avec un log.txt va s'afficher.
▶ Copie/colle ce rapport dans ta prochaine réponse.

A+
1
Réponse 2 / 13
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 16:23
Voila le compte rendu de ce que tu ma demander :)

https://www.cjoint.com/?CDuqwqSG8JD
1
Réponse 3 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 16:25
Salut

Alors ça donne quoi ?
1
Utilisateur anonyme
Modifié par Homerlulu le 20/04/2013 à 17:01
même ici le gars se défoule ^^ je te remets tout à 0
0
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 18:01
Ben rien je pensais que tu allais me dire de faire quelque chose grace au données ^^
0
Réponse 4 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 21:52
C'est vaiment étrange ....

Désinstalle/Réinstalle chrome
1
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 22:36
bon ca n'a pas marcher, mais je suis retourner sur firefox et ca va nikel! en tout cas avast bloque rien du tout! :)

donc je dirais "résolu"! meme si on a pas vraiment pu supprimer ce virus, au moins moi je peux naviguer tranquille sans des bug de connexions, alors merci de ta patience et de ton aide juju!! :)
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 22:39
fais un tour dans les extensions de google chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 00:23
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 00:20:47 le 20/04/2013
4.
5. Valeur(s) recherchée(s):
6. ll32.exe
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) ======
15.
16.
17. "C:\NvidiaLogs\LOG.RunDll32.EXE.log" [ ARCHIVE | 5 Ko ]
18. TC: 08/11/2011,16:16:02 | TM: 08/11/2011,16:16:42 | DA: 08/11/2011,16:16:02
19.
20. Hash MD5: 389A04235F7403CC655BF53AFC67CC95
21.
22.
23. =========================
24.
25.
26. "C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 3 Ko ]
27. TC: 19/04/2013,00:05:34 | TM: 19/04/2013,00:05:34 | DA: 19/04/2013,00:05:34
28.
29. Hash MD5: 55DC002DAA86142FACE8C9E5267D3BE3
30.
31.
32. =========================
33.
34.
35. "C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 148 Ko ]
36. TC: 19/04/2013,00:30:11 | TM: 19/04/2013,00:30:11 | DA: 19/04/2013,00:30:11
37.
38. Hash MD5: 0C223D768217BB7409CCFFDBDA0B79A3
39.
40.
41. =========================
42.
43.
44. "C:\Windows\System32\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
45. TC: 19/02/2011,06:28:45 | TM: 19/02/2011,06:28:45 | DA: 19/02/2011,06:28:45
46.
47. Hash MD5: 7304BD89B983ACD95852E7106C9C7B46
48.
49. CompanyName: Microsoft Corporation
50. ProductName: Système d'exploitation Microsoft® Windows®
51. InternalName: rundll
52. OriginalFileName: RUNDLL32.EXE.MUI
53. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
54. ProductVersion: 6.1.7600.16385
55. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
56.
57. =========================
58.
59.
60. "C:\Windows\System32\rundll32.exe" [ ARCHIVE | 45 Ko ]
61. TC: 14/07/2009,01:41:43 | TM: 14/07/2009,03:14:31 | DA: 14/07/2009,01:41:43
62.
63. Hash MD5: 51138BEEA3E2C21EC44D0932C71762A8
64.
65. CompanyName: Microsoft Corporation
66. ProductName: Système d'exploitation Microsoft® Windows®
67. InternalName: rundll
68. OriginalFileName: RUNDLL32.EXE.MUI
69. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
70. ProductVersion: 6.1.7600.16385
71. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
72.
73. =========================
74.
75.
76. "C:\Windows\SysWOW64\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
77. TC: 19/02/2011,06:28:45 | TM: 19/02/2011,06:28:45 | DA: 19/02/2011,06:28:45
78.
79. Hash MD5: 7304BD89B983ACD95852E7106C9C7B46
80.
81. CompanyName: Microsoft Corporation
82. ProductName: Système d'exploitation Microsoft® Windows®
83. InternalName: rundll
84. OriginalFileName: RUNDLL32.EXE.MUI
85. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
86. ProductVersion: 6.1.7600.16385
87. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
88.
89. =========================
90.
91.
92. "C:\Windows\SysWOW64\rundll32.exe" [ ARCHIVE | 45 Ko ]
93. TC: 14/07/2009,01:41:43 | TM: 14/07/2009,03:14:31 | DA: 14/07/2009,01:41:43
94.
95. Hash MD5: 51138BEEA3E2C21EC44D0932C71762A8
96.
97. CompanyName: Microsoft Corporation
98. ProductName: Système d'exploitation Microsoft® Windows®
99. InternalName: rundll
100. OriginalFileName: RUNDLL32.EXE.MUI
101. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
102. ProductVersion: 6.1.7600.16385
103. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
104.
105. =========================
106.
107.
108. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b43474aa60ecabf\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
109. TC: 19/02/2011,06:28:43 | TM: 19/02/2011,06:28:43 | DA: 19/02/2011,06:28:43
110.
111. Hash MD5: F5B29EBA352AB43092F6D5C4A7FE436E
112.
113. CompanyName: Microsoft Corporation
114. ProductName: Système d'exploitation Microsoft® Windows®
115. InternalName: rundll
116. OriginalFileName: RUNDLL32.EXE.MUI
117. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
118. ProductVersion: 6.1.7600.16385
119. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
120.
121. =========================
122.
123.
124. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe" [ ARCHIVE | 46 Ko ]
125. TC: 14/07/2009,01:57:20 | TM: 14/07/2009,03:39:31 | DA: 14/07/2009,01:57:20
126.
127. Hash MD5: DD81D91FF3B0763C392422865C9AC12E
128.
129. CompanyName: Microsoft Corporation
130. ProductName: Système d'exploitation Microsoft® Windows®
131. InternalName: rundll
132. OriginalFileName: RUNDLL32.EXE.MUI
133. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
134. ProductVersion: 6.1.7600.16385
135. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
136.
137. =========================
138.
139.
140. "C:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ef24abc6edb15989\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
141. TC: 19/02/2011,06:28:45 | TM: 19/02/2011,06:28:45 | DA: 19/02/2011,06:28:45
142.
143. Hash MD5: 7304BD89B983ACD95852E7106C9C7B46
144.
145. CompanyName: Microsoft Corporation
146. ProductName: Système d'exploitation Microsoft® Windows®
147. InternalName: rundll
148. OriginalFileName: RUNDLL32.EXE.MUI
149. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
150. ProductVersion: 6.1.7600.16385
151. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
152.
153. =========================
154.
155.
156. "C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe" [ ARCHIVE | 45 Ko ]
157. TC: 14/07/2009,01:41:43 | TM: 14/07/2009,03:14:31 | DA: 14/07/2009,01:41:43
158.
159. Hash MD5: 51138BEEA3E2C21EC44D0932C71762A8
160.
161. CompanyName: Microsoft Corporation
162. ProductName: Système d'exploitation Microsoft® Windows®
163. InternalName: rundll
164. OriginalFileName: RUNDLL32.EXE.MUI
165. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
166. ProductVersion: 6.1.7600.16385
167. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
168.
169. =========================
170.
171.
172.
173. ====== Entrée(s) du registre ======
174.
175.
176. [HKLM\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
177. "StubPath"="C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install" (REG_SZ)
178.
179. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
180. "KillList"="%1;explorer.exe;dvdplay.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;" (REG_SZ)
181.
182. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
183. "HostApps"="RUNDLL32.EXE;MSHTA.EXE;DLLHOST.EXE;APPLAUNCH.EXE;HH.EXE;WINHLP32.EXE;MMC.EXE;" (REG_SZ)
184.
185. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\0\{27dfca82-8593-46e4-98d8-23eb83452f65}\shell\InvokeTask\command]
186. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewEmail %*" (REG_EXPAND_SZ)
187.
188. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\1\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command]
189. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ)
190.
191. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\2\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command]
192. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ)
193.
194. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\3\{9d4b9c0a-7b4e-4c0d-926e-a536d781cff6}\shell\InvokeTask\command]
195. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnEdit %*" (REG_EXPAND_SZ)
196.
197. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\6\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command]
198. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ)
199.
200. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\7\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command]
201. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ)
202.
203. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\0\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command]
204. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ)
205.
206. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\1\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command]
207. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ)
208.
209. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\2\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command]
210. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ)
211.
212. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\3\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command]
213. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ)
214.
215. [HKLM\Software\Classes\AppID\rundll32.exe]
216. DA: 18/04/2013 17:08:48
217.
218. [HKLM\Software\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}]
219. ""="rundll32.exe" (REG_SZ)
220.
221. [HKLM\Software\Classes\Application.Manifest\shell\open\command]
222. ""="rundll32.exe dfshim.dll,ShOpenVerbApplication %1" (REG_SZ)
223.
224. [HKLM\Software\Classes\Application.Reference\shell\open\command]
225. ""="rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2" (REG_SZ)
226.
227. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\open\command]
228. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
229.
230. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\print\command]
231. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
232.
233. [HKLM\Software\Classes\CATFile\shell\open\command]
234. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1" (REG_EXPAND_SZ)
235.
236. [HKLM\Software\Classes\CERFile\shell\add\command]
237. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCER %1" (REG_EXPAND_SZ)
238.
239. [HKLM\Software\Classes\CERFile\shell\open\command]
240. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCER %1" (REG_EXPAND_SZ)
241.
242. [HKLM\Software\Classes\CertificateStoreFile\shell\open\command]
243. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenSTR %1" (REG_EXPAND_SZ)
244.
245. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
246. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ)
247.
248. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
249. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ)
250.
251. [HKLM\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command]
252. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ)
253.
254. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command]
255. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ)
256.
257. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command]
258. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ)
259.
260. [HKLM\Software\Classes\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32]
261. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ)
262.
263. [HKLM\Software\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command]
264. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ)
265.
266. [HKLM\Software\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command]
267. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ)
268.
269. [HKLM\Software\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command]
270. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ)
271.
272. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command]
273. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
274.
275. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command]
276. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
277.
278. [HKLM\Software\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
279. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ)
280.
281. [HKLM\Software\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command]
282. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ)
283.
284. [HKLM\Software\Classes\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command]
285. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ)
286.
287. [HKLM\Software\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command]
288. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ)
289.
290. [HKLM\Software\Classes\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32]
291. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ)
292.
293. [HKLM\Software\Classes\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32]
294. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ)
295.
296. [HKLM\Software\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command]
297. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ)
298.
299. [HKLM\Software\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command]
300. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ)
301.
302. [HKLM\Software\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command]
303. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ)
304.
305. [HKLM\Software\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command]
306. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ)
307.
308. [HKLM\Software\Classes\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32]
309. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ)
310.
311. [HKLM\Software\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command]
312. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ)
313.
314. [HKLM\Software\Classes\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32]
315. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ)
316.
317. [HKLM\Software\Classes\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32]
318. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ)
319.
320. [HKLM\Software\Classes\cplfile\shell\runas\command]
321. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*" (REG_EXPAND_SZ)
322.
323. [HKLM\Software\Classes\CRLFile\shell\add\command]
324. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCRL %1" (REG_EXPAND_SZ)
325.
326. [HKLM\Software\Classes\CRLFile\shell\open\command]
327. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCRL %1" (REG_EXPAND_SZ)
328.
329. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{0850302A-B344-4fda-9BE9-90576B8D46F0}\Shell\Bluetooth\command]
330. ""="rundll32.exe shell32.dll,Control_RunDLL bthprops.cpl,,1" (REG_SZ)
331.
332. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{70FFD812-4C7F-4C7D-926A-637B7DD852AF}\Shell\DeviceInstall\command]
333. ""="rundll32.exe newdev.dll,DeviceInternetSettingUi 2" (REG_SZ)
334.
335. [HKLM\Software\Classes\giffile\shell\printto\command]
336. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
337.
338. [HKLM\Software\Classes\htmlfile\shell\print\command]
339. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"" (REG_EXPAND_SZ)
340.
341. [HKLM\Software\Classes\htmlfile\shell\printto\command]
342. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
343.
344. [HKLM\Software\Classes\icofile\shell\open\command]
345. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
346.
347. [HKLM\Software\Classes\IE.AssocFile.HTM\shell\print\command]
348. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
349.
350. [HKLM\Software\Classes\IE.AssocFile.HTM\shell\printto\command]
351. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
352.
353. [HKLM\Software\Classes\IE.AssocFile.SVG\shell\print\command]
354. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
355.
356. [HKLM\Software\Classes\IE.AssocFile.SVG\shell\printto\command]
357. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
358.
359. [HKLM\Software\Classes\IE.AssocFile.URL\Shell\Open\Command]
360. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l" (REG_SZ)
361.
362. [HKLM\Software\Classes\IE.AssocFile.URL\Shell\print\command]
363. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
364.
365. [HKLM\Software\Classes\IE.AssocFile.URL\Shell\printto\command]
366. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
367.
368. [HKLM\Software\Classes\IE.AssocFile.XHT\shell\print\command]
369. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintXHTML "%1"" (REG_SZ)
370.
371. [HKLM\Software\Classes\IE.AssocFile.XHT\shell\printto\command]
372. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintXHTML "%1" "%2" "%3" "%4"" (REG_SZ)
373.
374. [HKLM\Software\Classes\InternetShortcut\shell\Open\Command]
375. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l" (REG_SZ)
376.
377. [HKLM\Software\Classes\InternetShortcut\shell\print\command]
378. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
379.
380. [HKLM\Software\Classes\InternetShortcut\shell\printto\command]
381. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
382.
383. [HKLM\Software\Classes\jpegfile\shell\open\command]
384. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
385.
386. [HKLM\Software\Classes\jpegfile\shell\printto\command]
387. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
388.
389. [HKLM\Software\Classes\Microsoft.InformationCard\Shell\open\command]
390. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ)
391.
392. [HKLM\Software\Classes\Microsoft.WindowsCardSpaceBackup\Shell\open\command]
393. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ)
394.
395. [HKLM\Software\Classes\MSDASC\shell\open\command]
396. ""="Rundll32.exe "%CommonProgramFiles%\System\OLE DB\oledb32.dll",OpenDSLFile %1" (REG_EXPAND_SZ)
397.
398. [HKLM\Software\Classes\MSSppPackageFile\shell\open\command]
399. ""="rundll32.exe sppcc.dll, OpenPackage %1" (REG_SZ)
400.
401. [HKLM\Software\Classes\msstylesfile\shell\open\command]
402. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"" (REG_EXPAND_SZ)
403.
404. [HKLM\Software\Classes\NetworkExplorerPlugins\urn:schemas-wifialliance-org:device:WFADevice:1\shell\Configure\command]
405. ""=""%SystemRoot%\System32\rundll32.exe" wcnwiz.dll,RunWcnWizardForDevice /c /u %1" (REG_EXPAND_SZ)
406.
407. [HKLM\Software\Classes\opensearchresult\shell\print\command]
408. ""="rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"" (REG_EXPAND_SZ)
409.
410. [HKLM\Software\Classes\P7RFile\shell\add\command]
411. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddP7R %1" (REG_EXPAND_SZ)
412.
413. [HKLM\Software\Classes\P7RFile\shell\open\command]
414. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenP7R %1" (REG_EXPAND_SZ)
415.
416. [HKLM\Software\Classes\P7SFile\shell\open\command]
417. ""="%SystemRoot%\system32\\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ)
418.
419. [HKLM\Software\Classes\Paint.Picture\shell\open\command]
420. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
421.
422. [HKLM\Software\Classes\PFXFile\shell\add\command]
423. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddPFX %1" (REG_EXPAND_SZ)
424.
425. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
426. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
427.
428. [HKLM\Software\Classes\PhotoViewer.FileAssoc.JFIF\shell\open\command]
429. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
430.
431. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
432. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
433.
434. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Png\shell\open\command]
435. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
436.
437. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Tiff\shell\open\command]
438. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
439.
440. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Wdp\shell\open\command]
441. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
442.
443. [HKLM\Software\Classes\pjpegfile\shell\open\command]
444. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
445.
446. [HKLM\Software\Classes\pjpegfile\shell\printto\command]
447. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
448.
449. [HKLM\Software\Classes\pngfile\shell\open\command]
450. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
451.
452. [HKLM\Software\Classes\pngfile\shell\printto\command]
453. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
454.
455. [HKLM\Software\Classes\prffile\shell\Open\command]
456. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnPRF %1" (REG_EXPAND_SZ)
457.
458. [HKLM\Software\Classes\ratfile\Shell\Open\Command]
459. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnRAT %1" (REG_EXPAND_SZ)
460.
461. [HKLM\Software\Classes\RDB.AutoPlayHandler\shell\properties\command]
462. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\sysmain.dll,RDBMgmtLaunchProperties %L" (REG_EXPAND_SZ)
463.
464. [HKLM\Software\Classes\rlogin\shell\open\command]
465. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l" (REG_SZ)
466.
467. [HKLM\Software\Classes\SavedDsQuery\Shell\open\command]
468. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1" (REG_EXPAND_SZ)
469.
470. [HKLM\Software\Classes\scrfile\shell\install\command]
471. ""="rundll32.exe desk.cpl,InstallScreenSaver %l" (REG_SZ)
472.
473. [HKLM\Software\Classes\scriptletfile\Shell\Generate Typelib\command]
474. ""=""C:\Windows\system32\RUNDLL32.EXE" "C:\Windows\system32\scrobj.dll",GenerateTypeLib "%1"" (REG_SZ)
475.
476. [HKLM\Software\Classes\Shell.CDBurn\Shell\Prepare\Command]
477. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,PrepareDiscForBurnRunDll %L" (REG_EXPAND_SZ)
478.
479. [HKLM\Software\Classes\SPCFile\shell\add\command]
480. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddSPC %1" (REG_EXPAND_SZ)
481.
482. [HKLM\Software\Classes\SPCFile\shell\open\command]
483. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ)
484.
485. [HKLM\Software\Classes\STLFile\shell\add\command]
486. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCTL %1" (REG_EXPAND_SZ)
487.
488. [HKLM\Software\Classes\STLFile\shell\open\command]
489. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCTL %1" (REG_EXPAND_SZ)
490.
491. [HKLM\Software\Classes\svgfile\shell\print\command]
492. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"" (REG_EXPAND_SZ)
493.
494. [HKLM\Software\Classes\svgfile\shell\printto\command]
495. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
496.
497. [HKLM\Software\Classes\SystemFileAssociations\image\shell\print\command]
498. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
499.
500. [HKLM\Software\Classes\telnet\shell\open\command]
501. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l" (REG_SZ)
502.
503. [HKLM\Software\Classes\themefile\shell\open\command]
504. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ)
505.
506. [HKLM\Software\Classes\themepackfile\shell\open\command]
507. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ)
508.
509. [HKLM\Software\Classes\TIFImage.Document\shell\open\command]
510. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
511.
512. [HKLM\Software\Classes\TIFImage.Document\shell\printto\command]
513. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
514.
515. [HKLM\Software\Classes\tn3270\shell\open\command]
516. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l" (REG_SZ)
517.
518. [HKLM\Software\Classes\Unknown\shell\openas\command]
519. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" (REG_EXPAND_SZ)
520.
521. [HKLM\Software\Classes\Unknown\shell\opendlg\command]
522. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" (REG_EXPAND_SZ)
523.
524. [HKLM\Software\Classes\WCN.AutoPlayHandler\shell\open\command]
525. ""="%systemroot%\system32\rundll32.exe %systemroot%\system32\wzcdlg.dll,ImportFlashProfile %L" (REG_EXPAND_SZ)
526.
527. [HKLM\Software\Classes\wcxfile\shell\Open\Command]
528. ""="rundll32.exe xwizards.dll,RunWizard /u {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z%1" (REG_SZ)
529.
530. [HKLM\Software\Classes\wdpfile\shell\open\command]
531. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
532.
533. [HKLM\Software\Classes\wdpfile\shell\print\command]
534. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1" (REG_EXPAND_SZ)
535.
536. [HKLM\Software\Classes\wdpfile\shell\printto\command]
537. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
538.
539. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
540. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ)
541.
542. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
543. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ)
544.
545. [HKLM\Software\Classes\Wow6432Node\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command]
546. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ)
547.
548. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command]
549. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ)
550.
551. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command]
552. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ)
553.
554. [HKLM\Software\Classes\Wow6432Node\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32]
555. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ)
556.
557. [HKLM\Software\Classes\Wow6432Node\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command]
558. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ)
559.
560. [HKLM\Software\Classes\Wow6432Node\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command]
561. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ)
562.
563. [HKLM\Software\Classes\Wow6432Node\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command]
564. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ)
565.
566. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command]
567. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
568.
569. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command]
570. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
571.
572. [HKLM\Software\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
573. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ)
574.
575. [HKLM\Software\Classes\Wow6432Node\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command]
576. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ)
577.
578. [HKLM\Software\Classes\Wow6432Node\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command]
579. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ)
580.
581. [HKLM\Software\Classes\Wow6432Node\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command]
582. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ)
583.
584. [HKLM\Software\Classes\Wow6432Node\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32]
585. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ)
586.
587. [HKLM\Software\Classes\Wow6432Node\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32]
588. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ)
589.
590. [HKLM\Software\Classes\Wow6432Node\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command]
591. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ)
592.
593. [HKLM\Software\Classes\Wow6432Node\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command]
594. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ)
595.
596. [HKLM\Software\Classes\Wow6432Node\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command]
597. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ)
598.
599. [HKLM\Software\Classes\Wow6432Node\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command]
600. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ)
601.
602. [HKLM\Software\Classes\Wow6432Node\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32]
603. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ)
604.
605. [HKLM\Software\Classes\Wow6432Node\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command]
606. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ)
607.
608. [HKLM\Software\Classes\Wow6432Node\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32]
609. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ)
610.
611. [HKLM\Software\Classes\Wow6432Node\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32]
612. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ)
613.
614. [HKLM\Software\Classes\Wow6432Node\AppID\rundll32.exe]
615. DA: 18/04/2013 17:08:48
616.
617. [HKLM\Software\Classes\Wow6432Node\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}]
618. ""="rundll32.exe" (REG_SZ)
619.
620. [HKLM\Software\Classes\xhtmlfile\shell\print\command]
621. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"" (REG_EXPAND_SZ)
622.
623. [HKLM\Software\Classes\xhtmlfile\shell\printto\command]
624. ""=""%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
625.
626. [HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
627. "C:\Windows\system32\rundll32.exe"="VSTO Deployment Manifest 90140066040C0000" (REG_SZ)
628.
629. [HKU\S-1-5-21-2512810324-267804827-496726001-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f1bdaa42_0]
630. ""="{0.0.0.00000000}.{ba93f25e-384c-4b45-9169-9ab92f05dd52}|\Device\HarddiskVolume2\Windows\System32\rundll32.exe%b{00000000-0000-0000-0000-000000000000}" (REG_SZ)
631.
632. [HKU\S-1-5-21-2512810324-267804827-496726001-1001\Software\Microsoft\Windows\CurrentVersion\Run]
633. "MSIDLL"="C:\Windows\SysWOW64\rundll32.exe msiojf32.dll,ciyHQA" (REG_SZ)
634.
635. [HKU\S-1-5-21-2512810324-267804827-496726001-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
636. "C:\Windows\system32\rundll32.exe"="VSTO Deployment Manifest 90140066040C0000" (REG_SZ)
637.
638. [HKU\S-1-5-21-2512810324-267804827-496726001-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
639. "Q:\%systemroot%\system32\rundll32.exe"="VSTO Deployment Manifest 90140066040C0000" (REG_SZ)
640.
641. [HKU\S-1-5-21-2512810324-267804827-496726001-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
642. "C:\Windows\system32\rundll32.exe"="VSTO Deployment Manifest 90140066040C0000" (REG_SZ)
643.
644. [HKU\S-1-5-21-2512810324-267804827-496726001-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
645. "Q:\%systemroot%\system32\rundll32.exe"="VSTO Deployment Manifest 90140066040C0000" (REG_SZ)
646.
647. [HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
648. "C:\Windows\system32\rundll32.exe"="VSTO Deployment Manifest 90140066040C0000" (REG_SZ)
649.
650. =========================
651.
652. Fin à: 00:22:06 le 20/04/2013
653. 441968 Éléments analysés
654.
655. =========================
656. E.O.F
0
Réponse 6 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 03:28
Etrange ça

Attention !!! : Seuls ces liens sont officiels ne pas telecharger l'outil sur d'autres liens !!
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail. Il y aura une extinction du bureau pendant le scan --> pas de panique.

Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....: https://forum.pcastuces.com/default.asp

telecharge et enregistre Pre_Scan sur ton bureau :

http://services.service-webmaster.fr/cpt-clics/clics-30453-6820.html (renommé winlogon)

ou , si le lien n'est pas fonctionnel :

http://www.archive-host.com (renommé winlogon)
http://www.security-helpzone.com/Tools/g3n/winlogon.exe (renommé winlogon)

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Scan|Kill"

si l'outil est bloqué par l'infection utilise cette version avec ces autres extensions :

http://www.security-helpzone.com/Tools/g3n/Pre_Scan.scr
http://www.security-helpzone.com/Tools/g3n/Pre_Scan.pif
http://www.security-helpzone.com/Tools/g3n/Pre_Scan.com

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut que des fenêtres noires clignotent , laisse-le travailler.

l'outil va envoyer sur un serveur les virus qu'il a mis en quarantaine afin que je puisse l'ameliorer et etudier ces infections plus en profondeur.

Laisse l'outil redemarrer ton pc.

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra à la racine de ton disque système ( généralement C:\ )

NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur https://www.cjoint.com/ puis donne le lien obtenu en echange sur le forum où tu te fais aider
0
Réponse 7 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 18:47
C'est pas une analyse que je dois interpréter mais une routine de suppression automatique :)

Relance Pre_Scan (winlogon) clique sur Diag, héberge le rapport
0
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 19:38
https://www.cjoint.com/c/CDutMtN202j
0
Réponse 8 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 19:48
Bon je trouve pas ce que je cherche tant pis! ^^

Télécharge sur cette page: AdwCleaner (de Xplode)

▶ Lance-le

clique sur Suppression et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
0
Réponse 9 / 13
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 19:58
Voila, https://www.cjoint.com/?CDut5oXhWWD

Par contre avast me signal toujours qu'il est la quand je navigue sur internet..
0
Réponse 10 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 20:07
Sur toutes les pages ?
0
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 20:37
Oui sur toutes! :(
0
Réponse 11 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 20:39
Et sur quel navigateur ?
0
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 21:31
Chrome
0
Réponse 12 / 13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 21:33
ah ouais ok ce navigateur de m€rde ...

On va désactiver la synchronisation de Chrome avec ton compte Google
- Clique sur le menu Google Chrome dans la barre d'outils du navigateur.
- Sélectionne Connecté en tant que <ton adresse e-mail>.
- Dans la section "Connexion", clique sur Dashboard.
- Accède à la section "Synchronisation de Google Chrome" du tableau de bord, puis clique sur Arrêter la synchronisation et

supprimer les données de Google.

La synchronisation est désactivée, et toutes les données synchronisées qui ont été enregistrées dans ton compte Google sont

supprimées. Elles sont toutefois conservées sur ton ordinateur.

Ensuite tu désinstalle ADWcleaner en le lançant et en cliquant sur désinstaller.
Tu le ré-télécharges depuis ce lien: http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleane

Tu choisis "Suppression" et tu poste le rapport dans ta réponse
0
Fitsalus Messages postés 12 Date d'inscription jeudi 18 avril 2013 Statut Membre Dernière intervention 15 mai 2013 1
20 avril 2013 à 21:49
Alors voila le lien https://www.cjoint.com/?CDuvVnJ9luG

Mais avast comme d'habitude bloque le virus s chaque page internet...
0
Réponse 13 / 13
babeur
24 nov. 2013 à 00:27
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 00:01:41 le 24/11/2013
4.
5. Valeur(s) recherchée(s):
6. ll32.exe
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) ======
15.
16.
17. "C:\Windows\Prefetch\RUNDLL32.EXE-341B93B7.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 25 Ko ]
18. TC: 21/08/2013,20:18:56 | TM: 21/08/2013,20:18:56 | DA: 21/08/2013,20:18:56
19.
20. Hash MD5: B1356A4F3573DA384C4C4C9A6AE3F2EC
21.
22.
23. =========================
24.
25.
26. "C:\Windows\Prefetch\RUNDLL32.EXE-4B3F7C94.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 26 Ko ]
27. TC: 14/08/2013,21:38:26 | TM: 14/08/2013,21:38:26 | DA: 14/08/2013,21:38:26
28.
29. Hash MD5: 1AF3D4CE7B13007A6BCFF358B8069501
30.
31.
32. =========================
33.
34.
35. "C:\Windows\Prefetch\RUNDLL32.EXE-58863F79.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 33 Ko ]
36. TC: 14/08/2013,21:37:27 | TM: 23/11/2013,23:48:03 | DA: 14/08/2013,21:37:27
37.
38. Hash MD5: D73A4AC668B4B8B3F6C2395A1B8C4616
39.
40.
41. =========================
42.
43.
44. "C:\Windows\Prefetch\RUNDLL32.EXE-6BBF0EED.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 31 Ko ]
45. TC: 20/08/2013,20:23:27 | TM: 20/08/2013,20:23:27 | DA: 20/08/2013,20:23:27
46.
47. Hash MD5: 30493203963CA0E28D6F956F819ABD0A
48.
49.
50. =========================
51.
52.
53. "C:\Windows\Prefetch\RUNDLL32.EXE-6E778EED.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 37 Ko ]
54. TC: 20/08/2013,20:22:41 | TM: 20/08/2013,20:22:41 | DA: 20/08/2013,20:22:41
55.
56. Hash MD5: 4B7A73E5417F6041E28252082FE5BE87
57.
58.
59. =========================
60.
61.
62. "C:\Windows\Prefetch\RUNDLL32.EXE-752665EB.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 83 Ko ]
63. TC: 14/08/2013,00:00:08 | TM: 23/11/2013,20:48:09 | DA: 14/08/2013,00:00:08
64.
65. Hash MD5: 552AA27B800558DAFC7F3469C829250A
66.
67.
68. =========================
69.
70.
71. "C:\Windows\Prefetch\RUNDLL32.EXE-7AE3E63E.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 21 Ko ]
72. TC: 22/08/2013,20:14:02 | TM: 22/08/2013,20:14:02 | DA: 22/08/2013,20:14:02
73.
74. Hash MD5: CFF453FB6BDE089997D51B8DFDF46C45
75.
76.
77. =========================
78.
79.
80. "C:\Windows\Prefetch\RUNDLL32.EXE-7F02EC5E.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 21 Ko ]
81. TC: 23/08/2013,19:44:56 | TM: 23/08/2013,19:44:56 | DA: 23/08/2013,19:44:56
82.
83. Hash MD5: B2DBC39364B77BB93F620F07913BED94
84.
85.
86. =========================
87.
88.
89. "C:\Windows\Prefetch\RUNDLL32.EXE-8317E1EF.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 20 Ko ]
90. TC: 21/08/2013,23:23:31 | TM: 21/08/2013,23:23:31 | DA: 21/08/2013,23:23:31
91.
92. Hash MD5: BAA35A73A02C4563DF1480D5A621B1A0
93.
94.
95. =========================
96.
97.
98. "C:\Windows\Prefetch\RUNDLL32.EXE-9AA1C622.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 47 Ko ]
99. TC: 14/08/2013,21:37:23 | TM: 14/08/2013,21:37:23 | DA: 14/08/2013,21:37:23
100.
101. Hash MD5: 257E06D0AB724BFAFADC3FFB3C7F18A4
102.
103.
104. =========================
105.
106.
107. "C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 12 Ko ]
108. TC: 14/08/2013,21:42:57 | TM: 22/11/2013,19:26:34 | DA: 14/08/2013,21:42:57
109.
110. Hash MD5: 7E74183BEB12843248D8D5AB392664D3
111.
112.
113. =========================
114.
115.
116. "C:\Windows\Prefetch\RUNDLL32.EXE-B8129DAF.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 20 Ko ]
117. TC: 21/08/2013,23:04:56 | TM: 21/08/2013,23:04:56 | DA: 21/08/2013,23:04:56
118.
119. Hash MD5: 7A7CDA1AC9E8975BD8ECF5A1F765C7CB
120.
121.
122. =========================
123.
124.
125. "C:\Windows\Prefetch\RUNDLL32.EXE-E447C111.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 29 Ko ]
126. TC: 20/08/2013,23:32:31 | TM: 20/08/2013,23:32:31 | DA: 20/08/2013,23:32:31
127.
128. Hash MD5: 6D31F40141A53E549C9B653DE768C867
129.
130.
131. =========================
132.
133.
134. "C:\Windows\Prefetch\RUNDLL32.EXE-E9AFF3BB.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 39 Ko ]
135. TC: 18/08/2013,19:19:19 | TM: 29/08/2013,20:42:38 | DA: 18/08/2013,19:19:19
136.
137. Hash MD5: 5A7FB61822042E77CFAB8E7AE8E348A6
138.
139.
140. =========================
141.
142.
143. "C:\Windows\Prefetch\RUNDLL32.EXE-F1685F13.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 22 Ko ]
144. TC: 20/08/2013,20:40:22 | TM: 20/08/2013,22:06:04 | DA: 20/08/2013,20:40:22
145.
146. Hash MD5: AE35D8A26A9C98F34AA8DE4BB88311AE
147.
148.
149. =========================
150.
151.
152. "C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 89 Ko ]
153. TC: 13/08/2013,21:03:56 | TM: 30/10/2013,20:37:12 | DA: 13/08/2013,21:03:56
154.
155. Hash MD5: 39AE8006E521FEE26B3B771B80204F36
156.
157.
158. =========================
159.
160.
161. "C:\Windows\Prefetch\RUNDLL32.EXE-FA0294F9.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 69 Ko ]
162. TC: 20/08/2013,20:44:28 | TM: 30/08/2013,20:14:10 | DA: 20/08/2013,20:44:28
163.
164. Hash MD5: 48B2F8E2543292C4D522442DAA97199D
165.
166.
167. =========================
168.
169.
170. "C:\Windows\System32\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
171. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 14/07/2009,16:23:36
172.
173. Hash MD5: 7304BD89B983ACD95852E7106C9C7B46
174.
175. CompanyName: Microsoft Corporation
176. ProductName: Système d'exploitation Microsoft® Windows®
177. InternalName: rundll
178. OriginalFileName: RUNDLL32.EXE.MUI
179. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
180. ProductVersion: 6.1.7600.16385
181. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
182.
183. =========================
184.
185.
186. "C:\Windows\System32\rundll32.exe" [ ARCHIVE | 45 Ko ]
187. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 14/07/2009,00:41:43
188.
189. Hash MD5: 51138BEEA3E2C21EC44D0932C71762A8
190.
191. CompanyName: Microsoft Corporation
192. ProductName: Système d'exploitation Microsoft® Windows®
193. InternalName: rundll
194. OriginalFileName: RUNDLL32.EXE.MUI
195. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
196. ProductVersion: 6.1.7600.16385
197. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
198.
199. =========================
200.
201.
202. "C:\Windows\SysWOW64\fr-FR\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
203. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 14/07/2009,16:23:36
204.
205. Hash MD5: 7304BD89B983ACD95852E7106C9C7B46
206.
207. CompanyName: Microsoft Corporation
208. ProductName: Système d'exploitation Microsoft® Windows®
209. InternalName: rundll
210. OriginalFileName: RUNDLL32.EXE.MUI
211. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
212. ProductVersion: 6.1.7600.16385
213. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
214.
215. =========================
216.
217.
218. "C:\Windows\SysWOW64\rundll32.exe" [ ARCHIVE | 45 Ko ]
219. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 14/07/2009,00:41:43
220.
221. Hash MD5: 51138BEEA3E2C21EC44D0932C71762A8
222.
223. CompanyName: Microsoft Corporation
224. ProductName: Système d'exploitation Microsoft® Windows®
225. InternalName: rundll
226. OriginalFileName: RUNDLL32.EXE.MUI
227. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
228. ProductVersion: 6.1.7600.16385
229. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
230.
231. =========================
232.
233.
234. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4b43474aa60ecabf\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
235. TC: 14/07/2009,16:23:32 | TM: 14/07/2009,16:23:32 | DA: 14/07/2009,16:23:33
236.
237. Hash MD5: F5B29EBA352AB43092F6D5C4A7FE436E
238.
239. CompanyName: Microsoft Corporation
240. ProductName: Système d'exploitation Microsoft® Windows®
241. InternalName: rundll
242. OriginalFileName: RUNDLL32.EXE.MUI
243. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
244. ProductVersion: 6.1.7600.16385
245. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
246.
247. =========================
248.
249.
250. "C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe" [ ARCHIVE | 46 Ko ]
251. TC: 14/07/2009,00:57:20 | TM: 14/07/2009,02:39:31 | DA: 14/07/2009,00:57:20
252.
253. Hash MD5: DD81D91FF3B0763C392422865C9AC12E
254.
255. CompanyName: Microsoft Corporation
256. ProductName: Système d'exploitation Microsoft® Windows®
257. InternalName: rundll
258. OriginalFileName: RUNDLL32.EXE.MUI
259. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
260. ProductVersion: 6.1.7600.16385
261. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
262.
263. =========================
264.
265.
266. "C:\Windows\winsxs\x86_microsoft-windows-rundll32.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ef24abc6edb15989\rundll32.exe.mui" [ ARCHIVE | 3 Ko ]
267. TC: 14/07/2009,16:23:36 | TM: 14/07/2009,16:23:36 | DA: 14/07/2009,16:23:36
268.
269. Hash MD5: 7304BD89B983ACD95852E7106C9C7B46
270.
271. CompanyName: Microsoft Corporation
272. ProductName: Système d'exploitation Microsoft® Windows®
273. InternalName: rundll
274. OriginalFileName: RUNDLL32.EXE.MUI
275. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
276. ProductVersion: 6.1.7600.16385
277. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
278.
279. =========================
280.
281.
282. "C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe" [ ARCHIVE | 45 Ko ]
283. TC: 14/07/2009,00:41:43 | TM: 14/07/2009,02:14:31 | DA: 14/07/2009,00:41:43
284.
285. Hash MD5: 51138BEEA3E2C21EC44D0932C71762A8
286.
287. CompanyName: Microsoft Corporation
288. ProductName: Système d'exploitation Microsoft® Windows®
289. InternalName: rundll
290. OriginalFileName: RUNDLL32.EXE.MUI
291. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
292. ProductVersion: 6.1.7600.16385
293. FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
294.
295. =========================
296.
297.
298.
299. ====== Entrée(s) du registre ======
300.
301.
302. [HKLM\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
303. "StubPath"=""C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP" (REG_SZ)
304.
305. [HKLM\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
306. "StubPath"="C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install" (REG_SZ)
307.
308. [HKLM\Software\Microsoft\SideShow\Gadgets\{B4874D4D-EF94-43EE-8EBF-F57EAF32F177}]
309. "StartCommand"="rundll32.exe C:\PROGRA~2\MICROS~1\Office12\OLSIDE~1.DLL,StartGadget" (REG_SZ)
310.
311. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
312. "KillList"="%1;explorer.exe;dvdplay.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;" (REG_SZ)
313.
314. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
315. "HostApps"="RUNDLL32.EXE;MSHTA.EXE;DLLHOST.EXE;APPLAUNCH.EXE;HH.EXE;WINHLP32.EXE;MMC.EXE;" (REG_SZ)
316.
317. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\0\{27dfca82-8593-46e4-98d8-23eb83452f65}\shell\InvokeTask\command]
318. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewEmail %*" (REG_EXPAND_SZ)
319.
320. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\1\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command]
321. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ)
322.
323. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\2\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command]
324. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ)
325.
326. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\3\{9d4b9c0a-7b4e-4c0d-926e-a536d781cff6}\shell\InvokeTask\command]
327. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnEdit %*" (REG_EXPAND_SZ)
328.
329. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\6\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command]
330. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ)
331.
332. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksItemsSelected\7\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command]
333. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ)
334.
335. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\0\{5099caf3-7ab4-4c18-ab35-3f3e664638e4}\shell\InvokeTask\command]
336. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewContact %*" (REG_EXPAND_SZ)
337.
338. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\1\{da8c976e-ec82-48ad-8ae4-38872e958dc5}\shell\InvokeTask\command]
339. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnNewGroup %*" (REG_EXPAND_SZ)
340.
341. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\2\{0b51213d-c59c-4b59-bc10-f27d0b330294}\shell\InvokeTask\command]
342. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnImport" (REG_EXPAND_SZ)
343.
344. [HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}\TasksNoItemsSelected\3\{165095b1-322d-47b1-bc9f-2a9234c1c4cb}\shell\InvokeTask\command]
345. ""="rundll32.exe "%CommonProgramFiles(x86)%\System\wab32.dll",ShellUICommand_OnExport" (REG_EXPAND_SZ)
346.
347. [HKLM\Software\Classes\AppID\rundll32.exe]
348. DA: 23/11/2013 23:41:09
349.
350. [HKLM\Software\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}]
351. ""="rundll32.exe" (REG_SZ)
352.
353. [HKLM\Software\Classes\Application.Manifest\shell\open\command]
354. ""="rundll32.exe dfshim.dll,ShOpenVerbApplication %1" (REG_SZ)
355.
356. [HKLM\Software\Classes\Application.Reference\shell\open\command]
357. ""="rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2" (REG_SZ)
358.
359. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\open\command]
360. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
361.
362. [HKLM\Software\Classes\Applications\photoviewer.dll\shell\print\command]
363. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
364.
365. [HKLM\Software\Classes\CATFile\shell\open\command]
366. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1" (REG_EXPAND_SZ)
367.
368. [HKLM\Software\Classes\CERFile\shell\add\command]
369. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCER %1" (REG_EXPAND_SZ)
370.
371. [HKLM\Software\Classes\CERFile\shell\open\command]
372. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCER %1" (REG_EXPAND_SZ)
373.
374. [HKLM\Software\Classes\CertificateStoreFile\shell\open\command]
375. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenSTR %1" (REG_EXPAND_SZ)
376.
377. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
378. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ)
379.
380. [HKLM\Software\Classes\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
381. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ)
382.
383. [HKLM\Software\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command]
384. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ)
385.
386. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command]
387. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ)
388.
389. [HKLM\Software\Classes\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command]
390. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ)
391.
392. [HKLM\Software\Classes\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32]
393. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ)
394.
395. [HKLM\Software\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command]
396. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ)
397.
398. [HKLM\Software\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command]
399. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ)
400.
401. [HKLM\Software\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command]
402. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ)
403.
404. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command]
405. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
406.
407. [HKLM\Software\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command]
408. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
409.
410. [HKLM\Software\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
411. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ)
412.
413. [HKLM\Software\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command]
414. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ)
415.
416. [HKLM\Software\Classes\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command]
417. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ)
418.
419. [HKLM\Software\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command]
420. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ)
421.
422. [HKLM\Software\Classes\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32]
423. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ)
424.
425. [HKLM\Software\Classes\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32]
426. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ)
427.
428. [HKLM\Software\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command]
429. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ)
430.
431. [HKLM\Software\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command]
432. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ)
433.
434. [HKLM\Software\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command]
435. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ)
436.
437. [HKLM\Software\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command]
438. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ)
439.
440. [HKLM\Software\Classes\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32]
441. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ)
442.
443. [HKLM\Software\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command]
444. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ)
445.
446. [HKLM\Software\Classes\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32]
447. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ)
448.
449. [HKLM\Software\Classes\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32]
450. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ)
451.
452. [HKLM\Software\Classes\cplfile\shell\runas\command]
453. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*" (REG_EXPAND_SZ)
454.
455. [HKLM\Software\Classes\CRLFile\shell\add\command]
456. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCRL %1" (REG_EXPAND_SZ)
457.
458. [HKLM\Software\Classes\CRLFile\shell\open\command]
459. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCRL %1" (REG_EXPAND_SZ)
460.
461. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{0850302A-B344-4fda-9BE9-90576B8D46F0}\Shell\Bluetooth\command]
462. ""="rundll32.exe shell32.dll,Control_RunDLL bthprops.cpl,,1" (REG_SZ)
463.
464. [HKLM\Software\Classes\DeviceDisplayObject\InterfaceClass\{70FFD812-4C7F-4C7D-926A-637B7DD852AF}\Shell\DeviceInstall\command]
465. ""="rundll32.exe newdev.dll,DeviceInternetSettingUi 2" (REG_SZ)
466.
467. [HKLM\Software\Classes\giffile\shell\printto\command]
468. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
469.
470. [HKLM\Software\Classes\htmlfile\shell\print\command]
471. ""="rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"" (REG_EXPAND_SZ)
472.
473. [HKLM\Software\Classes\htmlfile\shell\printto\command]
474. ""="rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
475.
476. [HKLM\Software\Classes\icofile\shell\open\command]
477. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
478.
479. [HKLM\Software\Classes\IE.AssocFile.HTM\shell\print\command]
480. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
481.
482. [HKLM\Software\Classes\IE.AssocFile.HTM\shell\printto\command]
483. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
484.
485. [HKLM\Software\Classes\IE.AssocFile.URL\Shell\Open\Command]
486. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l" (REG_SZ)
487.
488. [HKLM\Software\Classes\IE.AssocFile.URL\Shell\print\command]
489. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
490.
491. [HKLM\Software\Classes\IE.AssocFile.URL\Shell\printto\command]
492. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
493.
494. [HKLM\Software\Classes\InternetShortcut\shell\Open\Command]
495. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l" (REG_SZ)
496.
497. [HKLM\Software\Classes\InternetShortcut\shell\print\command]
498. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"" (REG_SZ)
499.
500. [HKLM\Software\Classes\InternetShortcut\shell\printto\command]
501. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"" (REG_SZ)
502.
503. [HKLM\Software\Classes\jpegfile\shell\open\command]
504. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
505.
506. [HKLM\Software\Classes\jpegfile\shell\printto\command]
507. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
508.
509. [HKLM\Software\Classes\Microsoft.InformationCard\Shell\open\command]
510. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ)
511.
512. [HKLM\Software\Classes\Microsoft.WindowsCardSpaceBackup\Shell\open\command]
513. ""="C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1" (REG_SZ)
514.
515. [HKLM\Software\Classes\MSDASC\shell\open\command]
516. ""="Rundll32.exe "%CommonProgramFiles%\System\OLE DB\oledb32.dll",OpenDSLFile %1" (REG_EXPAND_SZ)
517.
518. [HKLM\Software\Classes\MSSppPackageFile\shell\open\command]
519. ""="rundll32.exe sppcc.dll, OpenPackage %1" (REG_SZ)
520.
521. [HKLM\Software\Classes\msstylesfile\shell\open\command]
522. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"" (REG_EXPAND_SZ)
523.
524. [HKLM\Software\Classes\NetworkExplorerPlugins\urn:schemas-wifialliance-org:device:WFADevice:1\shell\Configure\command]
525. ""=""%SystemRoot%\System32\rundll32.exe" wcnwiz.dll,RunWcnWizardForDevice /c /u %1" (REG_EXPAND_SZ)
526.
527. [HKLM\Software\Classes\oms\shell\open\command]
528. ""="rundll32.exe C:\PROGRA~2\MICROS~1\Office12\OMSMAIN.DLL, OmsProtocolHandler %1" (REG_SZ)
529.
530. [HKLM\Software\Classes\opensearchresult\shell\print\command]
531. ""="rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"" (REG_EXPAND_SZ)
532.
533. [HKLM\Software\Classes\P7RFile\shell\add\command]
534. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddP7R %1" (REG_EXPAND_SZ)
535.
536. [HKLM\Software\Classes\P7RFile\shell\open\command]
537. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenP7R %1" (REG_EXPAND_SZ)
538.
539. [HKLM\Software\Classes\P7SFile\shell\open\command]
540. ""="%SystemRoot%\system32\\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ)
541.
542. [HKLM\Software\Classes\Paint.Picture\shell\open\command]
543. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
544.
545. [HKLM\Software\Classes\PFXFile\shell\add\command]
546. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddPFX %1" (REG_EXPAND_SZ)
547.
548. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
549. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
550.
551. [HKLM\Software\Classes\PhotoViewer.FileAssoc.JFIF\shell\open\command]
552. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
553.
554. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
555. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
556.
557. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Png\shell\open\command]
558. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
559.
560. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Tiff\shell\open\command]
561. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
562.
563. [HKLM\Software\Classes\PhotoViewer.FileAssoc.Wdp\shell\open\command]
564. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
565.
566. [HKLM\Software\Classes\pjpegfile\shell\open\command]
567. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
568.
569. [HKLM\Software\Classes\pjpegfile\shell\printto\command]
570. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
571.
572. [HKLM\Software\Classes\pngfile\shell\open\command]
573. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
574.
575. [HKLM\Software\Classes\pngfile\shell\printto\command]
576. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
577.
578. [HKLM\Software\Classes\prffile\shell\Open\command]
579. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnPRF %1" (REG_EXPAND_SZ)
580.
581. [HKLM\Software\Classes\ratfile\Shell\Open\Command]
582. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnRAT %1" (REG_EXPAND_SZ)
583.
584. [HKLM\Software\Classes\RDB.AutoPlayHandler\shell\properties\command]
585. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\sysmain.dll,RDBMgmtLaunchProperties %L" (REG_EXPAND_SZ)
586.
587. [HKLM\Software\Classes\rlogin\shell\open\command]
588. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l" (REG_SZ)
589.
590. [HKLM\Software\Classes\SavedDsQuery\Shell\open\command]
591. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1" (REG_EXPAND_SZ)
592.
593. [HKLM\Software\Classes\scrfile\shell\install\command]
594. ""="rundll32.exe desk.cpl,InstallScreenSaver %l" (REG_SZ)
595.
596. [HKLM\Software\Classes\scriptletfile\Shell\Generate Typelib\command]
597. ""=""C:\Windows\system32\RUNDLL32.EXE" "C:\Windows\system32\scrobj.dll",GenerateTypeLib "%1"" (REG_SZ)
598.
599. [HKLM\Software\Classes\Shell.CDBurn\Shell\Prepare\Command]
600. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,PrepareDiscForBurnRunDll %L" (REG_EXPAND_SZ)
601.
602. [HKLM\Software\Classes\SPCFile\shell\add\command]
603. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddSPC %1" (REG_EXPAND_SZ)
604.
605. [HKLM\Software\Classes\SPCFile\shell\open\command]
606. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1" (REG_EXPAND_SZ)
607.
608. [HKLM\Software\Classes\STLFile\shell\add\command]
609. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCTL %1" (REG_EXPAND_SZ)
610.
611. [HKLM\Software\Classes\STLFile\shell\open\command]
612. ""="%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCTL %1" (REG_EXPAND_SZ)
613.
614. [HKLM\Software\Classes\SystemFileAssociations\image\shell\print\command]
615. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
616.
617. [HKLM\Software\Classes\telnet\shell\open\command]
618. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l" (REG_SZ)
619.
620. [HKLM\Software\Classes\themefile\shell\open\command]
621. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ)
622.
623. [HKLM\Software\Classes\themepackfile\shell\open\command]
624. ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"" (REG_EXPAND_SZ)
625.
626. [HKLM\Software\Classes\TIFImage.Document\shell\open\command]
627. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
628.
629. [HKLM\Software\Classes\TIFImage.Document\shell\printto\command]
630. ""=""%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
631.
632. [HKLM\Software\Classes\tn3270\shell\open\command]
633. ""=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l" (REG_SZ)
634.
635. [HKLM\Software\Classes\Unknown\shell\openas\command]
636. ""="C:\Windows\SysWow64\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1" (REG_SZ)
637.
638. [HKLM\Software\Classes\Unknown\shell\opendlg\command]
639. ""="C:\Windows\SysWow64\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1" (REG_SZ)
640.
641. [HKLM\Software\Classes\WCN.AutoPlayHandler\shell\open\command]
642. ""="%systemroot%\system32\rundll32.exe %systemroot%\system32\wzcdlg.dll,ImportFlashProfile %L" (REG_EXPAND_SZ)
643.
644. [HKLM\Software\Classes\wcxfile\shell\Open\Command]
645. ""="rundll32.exe xwizards.dll,RunWizard /u {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z%1" (REG_SZ)
646.
647. [HKLM\Software\Classes\wdpfile\shell\open\command]
648. ""="%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" (REG_EXPAND_SZ)
649.
650. [HKLM\Software\Classes\wdpfile\shell\print\command]
651. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1" (REG_EXPAND_SZ)
652.
653. [HKLM\Software\Classes\wdpfile\shell\printto\command]
654. ""="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4"" (REG_EXPAND_SZ)
655.
656. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
657. ""=""%SystemRoot%\System32\rundll32.exe" "%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba}" (REG_EXPAND_SZ)
658.
659. [HKLM\Software\Classes\Wow6432Node\CLSID\{00f2b433-44e4-4d88-b2b0-2698a0a91dba}\LocalServer32]
660. "ServerExecutable"="%SystemRoot%\System32\rundll32.exe" (REG_EXPAND_SZ)
661.
662. [HKLM\Software\Classes\Wow6432Node\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command]
663. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 1" (REG_EXPAND_SZ)
664.
665. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\Open\Command]
666. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN" (REG_EXPAND_SZ)
667.
668. [HKLM\Software\Classes\Wow6432Node\CLSID\{38A98528-6CBF-4CA9-8DC0-B1E1D10F7B1B}\Shell\OpenWithoutDiagnostics\Command]
669. ""="rundll32.exe %SystemRoot%\system32\van.dll,RunVAN /disablediagnostics" (REG_EXPAND_SZ)
670.
671. [HKLM\Software\Classes\Wow6432Node\CLSID\{3eef301f-b596-4c0b-bd92-013beafce793}\LocalServer32]
672. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793}" (REG_EXPAND_SZ)
673.
674. [HKLM\Software\Classes\Wow6432Node\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\Shell\Open\Command]
675. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\telephon.cpl" (REG_EXPAND_SZ)
676.
677. [HKLM\Software\Classes\Wow6432Node\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\Shell\Open\Command]
678. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\intl.cpl" (REG_EXPAND_SZ)
679.
680. [HKLM\Software\Classes\Wow6432Node\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\Shell\Open\Command]
681. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl" (REG_EXPAND_SZ)
682.
683. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command]
684. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
685.
686. [HKLM\Software\Classes\Wow6432Node\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command]
687. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,Options_RunDLL 0" (REG_EXPAND_SZ)
688.
689. [HKLM\Software\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
690. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}" (REG_EXPAND_SZ)
691.
692. [HKLM\Software\Classes\Wow6432Node\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\Shell\Open\Command]
693. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\main.cpl,@1" (REG_EXPAND_SZ)
694.
695. [HKLM\Software\Classes\Wow6432Node\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command]
696. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\infocardcpl.cpl,ManageCardSpace_RunDll" (REG_SZ)
697.
698. [HKLM\Software\Classes\Wow6432Node\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\Shell\Open\Command]
699. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\srchadmin.dll" (REG_EXPAND_SZ)
700.
701. [HKLM\Software\Classes\Wow6432Node\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32]
702. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}" (REG_EXPAND_SZ)
703.
704. [HKLM\Software\Classes\Wow6432Node\CLSID\{9a97f12a-6b73-4dc4-b3c1-e9244c03adac}\LocalServer32]
705. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9a97f12a-6b73-4dc4-b3c1-e9244c03adac}" (REG_EXPAND_SZ)
706.
707. [HKLM\Software\Classes\Wow6432Node\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\Shell\Open\Command]
708. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\irprops.cpl" (REG_EXPAND_SZ)
709.
710. [HKLM\Software\Classes\Wow6432Node\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\Shell\Open\Command]
711. ""="C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\shell32.dll,Control_RunDLL C:\Windows\SysWOW64\inetcpl.cpl" (REG_SZ)
712.
713. [HKLM\Software\Classes\Wow6432Node\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\Shell\Open\Command]
714. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\Speech\SpeechUX\sapi.cpl" (REG_EXPAND_SZ)
715.
716. [HKLM\Software\Classes\Wow6432Node\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\Shell\Open\Command]
717. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\timedate.cpl" (REG_EXPAND_SZ)
718.
719. [HKLM\Software\Classes\Wow6432Node\CLSID\{e3a4e5ca-55b2-4a06-b1ab-8fbecc7bca4b}\LocalServer32]
720. ""="rundll32.exe /sta {fcc2867c-69ea-4d85-8058-7c214e611c97}" (REG_SZ)
721.
722. [HKLM\Software\Classes\Wow6432Node\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\Shell\Open\Command]
723. ""="%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,Control_RunDLL %SystemRoot%\System32\mmsys.cpl" (REG_EXPAND_SZ)
724.
725. [HKLM\Software\Classes\Wow6432Node\CLSID\{fb479c02-9ec4-4fed-8599-debe037452cb}\LocalServer32]
726. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {fb479c02-9ec4-4fed-8599-debe037452cb}" (REG_EXPAND_SZ)
727.
728. [HKLM\Software\Classes\Wow6432Node\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32]
729. ""="%SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" (REG_EXPAND_SZ)
730.
731. [HKLM\Software\Classes\Wow6432Node\AppID\rundll32.exe]
732. DA: 23/11/2013 23:41:09
733.
734. [HKLM\Software\Classes\Wow6432Node\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}]
735. ""="rundll32.exe" (REG_SZ)
736.
737. [HKLM\Software\Clients\Mail\Hotmail\Protocols\mailto\shell\open\command]
738. ""="%SystemRoot%\system32\rundll32.exe "%ProgramFiles%\Internet Explorer\hmmapi.dll",MailToProtocolHandler %1" (REG_EXPAND_SZ)
739.
740. [HKLM\Software\Clients\Mail\Hotmail\shell\open\command]
741. ""="%systemRoot%\system32\rundll32.exe "%ProgramFiles%\Internet Explorer\hmmapi.dll",OpenInboxHandler" (REG_EXPAND_SZ)
742.
743. [HKLM\Software\Clients\Mail\Microsoft Outlook\shell\Properties\command]
744. ""="rundll32.exe shell32.dll,Control_RunDLL "C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL"" (REG_SZ)
745.
746. [HKU\S-1-5-21-998234409-988763214-829020365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU]
747. "4"="rundll32.exe" (REG_BINARY)
748.
749. [HKU\S-1-5-21-998234409-988763214-829020365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU]
750. "4"="rundll32.exe" (REG_BINARY)
751.
752. =========================
753.
754. Fin à: 00:13:47 le 24/11/2013
755. 631366 Éléments analysés
756.
757. =========================
758. E.O.F
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
24 nov. 2013 à 12:21
Bonjour mon chien, merci mon chien !!!
0

Discussions similaires

url bloqué par avast
pipo63 -
juju666 -

88 réponses
Sécurité de l'URL
ghaouar -
fiddy -

2 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
La nouvelle messagerie du Boncoin....
Utilisateur anonyme -
Madabatro -

69 réponses
un scam ?
sentinelle vador -
sentinelle vador -

2 réponses