About Online Clipboard…Clipboard Contents
http://www.miraclesalad.com/webtools/clip.php?clip=318c
001 |
GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-30 19:48:10 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\ETIENN~1\LOCALS~1\Temp\kgxyyfog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF4759BBC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4759A78] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF74E9A20] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF475A02C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4759F56] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF475964E] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74EA2A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF74F5910] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF4759B52] SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xF1E1EB4C] SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xF1E1EC3A] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74EA2C8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF4759C72] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF475A0FA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF4759C32] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF74F50B0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF4759DB2] SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xF1E1EAB0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF4766322] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF476614C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF4766280] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CB4 4 Bytes JMP 38E7F1E1 PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F4763866 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP F4766150 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP F4766326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ZwLoadDriver 805A8F96 7 Bytes JMP F4766284 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A6A 5 Bytes JMP F4762594 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) .text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CB4 4 Bytes JMP 38E7F1E1 PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F4763866 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP F4766150 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!SeQueryInformationToken + A0C 8058B7CD 7 Bytes JMP F4766326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!KeFlushQueuedDpcs + 197A 805A8F96 7 Bytes JMP F4766284 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A6A 5 Bytes JMP F4762594 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ? C:\DOCUME~1\ETIENN~1\LOCALS~1\Temp\kgxyyfog.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 28006A70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004630 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005E10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28006090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 280066E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 280068D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28006280 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 5 Bytes JMP 280033B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ole32.dll!CoInitializeEx 774BEF7B 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ole32.dll!CoRegisterClassObject 774D7E90 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 2800A090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 2800A240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 28009F00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 2800A170 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) Device \FileSystem\Ntfs \Ntfs 86FA4668 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) Device \Driver\Cdrom \Device\CdRom0 86F4C108 Device \FileSystem\Rdbss \Device\FsWrap 86DAA7F8 Device \Driver\Cdrom \Device\CdRom1 86F4C108 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86E6D790 Device \Driver\atapi \Device\Ide\IdePort0 86E6D790 Device \Driver\atapi \Device\Ide\IdePort1 86E6D790 Device \Driver\atapi \Device\Ide\IdePort2 86E6D790 Device \Driver\atapi \Device\Ide\IdePort3 86E6D790 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 86E6D790 Device \FileSystem\Srv \Device\LanmanServer 86925410 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86DA6030 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86DA6030 Device \FileSystem\Npfs \Device\NamedPipe 86DABC10 Device \FileSystem\Msfs \Device\Mailslot 86DD6158 Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 86D7EF00 Device \Driver\d347prt \Device\Scsi\d347prt1 86D7EF00 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86DA5988 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86DA5988 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86DA5988 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86DA5988 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86DA5988 Device \FileSystem\Cdfs \Cdfs 86AD5458 ---- Modules - GMER 1.0.15 ---- Module _________ F744B000-F7463000 (98304 bytes) ---- Processes - GMER 1.0.15 ---- Library C:\Documents and Settings\Etienne Diouf\Bureau\gmer.exe (*** hidden *** ) @ C:\Documents and Settings\Etienne Diouf\Bureau\gmer.exe [2284] 0x00400000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\tlntsvr.exe (*** hidden *** ) [DISABLED] TlntSvr <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg@Description Serveur de Registre Reg HKLM\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\AllowedPaths (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\AllowedPaths@Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Control\Print\Printers?System\CurrentControlSet\Control\Server Applications?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\OLAP Server?Software\Microsoft\Windows NT\CurrentVersion?System\CurrentControlSet\Control\ContentIndex?System\CurrentControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration? Reg HKLM\SYSTEM\ControlSet001\Control\Session Manager@PendingFileRenameOperations ???3????NVIDIA?tem??????????? ??????????? ???????????????????????????2???????????????/???????????????????????????????????????/?/???/????? ??????????????????????????????P???????tc??Fournit un syst?me de gestion de th?me de l'exp?rience utilisateur.?????\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys?tm??Canal IDE principal?????? ???????/???????????/?????????????? ??????\ac??? ???/???E?????tmp??C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll??????/????? ???????/???????????/???????????????????????????/??????????????????0????????????????`???????????????????? ????????????????????? ???????????????:\??Pilote de p?riph?rique terminal?????? ???????M?????pro??.NT?????Microsoft???? ?????????????/????????????????D???????????%SystemRoot%\System32\svchost -k DComLaunch??????????????\??\W??????? ?????????????.????????????????@????????R???????????8??46??? ???????/??????????????????????????????????????????0????????????????`???????????????????? ???????? Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@DisplayNameFile %SystemRoot%\System32\els.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@DisplayNameID 257 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@File %SystemRoot%\System32\config\SecEvent.Evt Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@MaxSize 524288 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@PrimaryModule Security Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@Retention 604800 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@Sources Spooler?Security Account Manager?SC Manager?NetDDE Object?LSA?DS?Security? Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security@RestrictGuestAccess 1 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@CategoryCount 9 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security@TypesSupported 28 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Channel 5120 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Device 4352 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Directory 4368 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Event 4384 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@File 4416 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Job 5136 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Key 4432 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Port 4464 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Process 4480 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Profile 4496 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Section 4512 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Thread 4560 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Timer 4576 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Token 4592 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@Type 4608 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928 Reg HKLM\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912 Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@Type 16 Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@Start 4 Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@ImagePath C:\WINDOWS\system32\tlntsvr.exe Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@DisplayName Telnet Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@DependOnService RPCSS?TCPIP?NTLMSSP? Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@DependOnGroup Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr@Description Permet ? un utilisateur distant de se connecter au syst?me et d'ex?cuter des programmes, et prend en charge divers clients Telnet TCP/IP dont les ordinateurs sous UNIX et sous Windows. Si ce service est arr?t?, l'utilisateur peut ne plus avoir acc?s ? distance aux programmes. Si ce service est d?sactiv?, les services qui en d?pendent explicitement ne pourront pas d?marrer. Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\TlntSvr\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@Library C:\WINDOWS\system32\wbem\wmiaprpl.dll Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@Open WmiOpenPerfData Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@Collect WmiCollectPerfData Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@Close WmiClosePerfData Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@Last Counter 2284 Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@Last Help 2285 Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@First Counter 2272 Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@First Help 2273 Reg HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance@Object List 2272 2272 2278 2278 Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg@Description Serveur de Registre Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths@Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Control\Print\Printers?System\CurrentControlSet\Control\Server Applications?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\OLAP Server?Software\Microsoft\Windows NT\CurrentVersion?System\CurrentControlSet\Control\ContentIndex?System\CurrentControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration? Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0xB8 0xB3 0xA4 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@DisplayNameFile %SystemRoot%\System32\els.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@DisplayNameID 257 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@File %SystemRoot%\System32\config\SecEvent.Evt Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@MaxSize 524288 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@PrimaryModule Security Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@Retention 604800 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@Sources Spooler?ServiceModel 3.0.0.0?Security Account Manager?SC Manager?NetDDE Object?LSA?DS?Security? Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@RestrictGuestAccess 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryCount 9 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@TypesSupported 28 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Channel 5120 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Device 4352 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Directory 4368 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Event 4384 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@File 4416 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Job 5136 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Key 4432 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Port 4464 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Process 4480 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Profile 4496 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Section 4512 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Thread 4560 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Timer 4576 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Token 4592 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Type 4608 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912 Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ImagePath C:\WINDOWS\system32\tlntsvr.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DisplayName Telnet Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DependOnService RPCSS?TCPIP?NTLMSSP? Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DependOnGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Description Permet ? un utilisateur distant de se connecter au syst?me et d'ex?cuter des programmes, et prend en charge divers clients Telnet TCP/IP dont les ordinateurs sous UNIX et sous Windows. Si ce service est arr?t?, l'utilisateur peut ne plus avoir acc?s ? distance aux programmes. Si ce service est d?sactiv?, les services qui en d?pendent explicitement ne pourront pas d?marrer. Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Library C:\WINDOWS\system32\wbem\wmiaprpl.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Open WmiOpenPerfData Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Collect WmiCollectPerfData Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Close WmiClosePerfData Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 4954 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 4955 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 4942 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 4943 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 4942 4942 4948 4948 Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg@Description Serveur de Registre Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg\AllowedPaths (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg\AllowedPaths@Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Control\Print\Printers?System\CurrentControlSet\Control\Server Applications?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\OLAP Server?Software\Microsoft\Windows NT\CurrentVersion?System\CurrentControlSet\Control\ContentIndex?System\CurrentControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration? Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@DisplayNameFile %SystemRoot%\System32\els.dll Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@DisplayNameID 257 Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@File %SystemRoot%\System32\config\SecEvent.Evt Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@MaxSize 524288 Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@PrimaryModule Security Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@Retention 604800 Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@Sources Spooler?ServiceModel 3.0.0.0?Security Account Manager?SC Manager?NetDDE Object?LSA?DS?Security? Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@RestrictGuestAccess 1 Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS@Parameter |
3 updates, last one at Wed, Dec 31, 1969, 7:00pm.
Embed code: