00:04:29 {269 sec sans BootLogXP qui est le logiciel fournissant ce relevé} - qué tchiniss !

---

Que peux-t'on charger sous XP avant d'avoir un bureau "ready to work" ?

La réponse de BootVis (174 sec = 00:02:54) est :

 

Microsoft a développé le programme Bootvis qui permet dans un premier temps d'analyser le démarrage de Windows et le chargement des drivers.

Bootvis se charge, dans un second temps, d'optimiser et d'accélérer le démarrage. 

 

Après optimalisation on obtient 159 sec = 00:02:39.

Le gain est de 9% (15 secondes); il est relativement faible mais de nombreuses optimalisations ont déjà été réalisées auparavant.

BootVis commence son calcul après le démarrage du Bios et de NT Loader.

Le premier graphique permet d'appréhender le pourcentage d'occupation du CPU pendant le démarrage :

 

La barre verticale indique le moment ou le Menu Démarrer est disponible pour l'utilisation : 82 secondes.

 

Le second graphique enregistre le nombre d'écritures/lectures sur le disque durant chaque seconde du traçage :

 

 

Note : l'alerte "Disk write caching is disabled" ne correspond pas aux propriétés de notre XP bootdisk ?

 

 

Le troisème graphique indique le temps de chargement des pilotes :

 

 

crpf.sys : Comodo System Cleaner - csdf.sys : Comodo Safe Delete Filter - symevent.sys : Part of Symantec Antivirus - fltmgr.sys : Microsoft Filesystem Filter Manager

A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. Examples of file system filter drivers include anti-virus filters, backup agents, and encryption products.

amon.sys : Part of Eset Nod32 Antivirus

 

Tout le système opératoire est en C:.

Le disque E: (seconde partition du même disque physique que C:) est également invoqué dans notre XP (pagefile.sys {second part}, répertoires des magasins des différentes identités de Outlook Express et des raccourcis vers des applications portables).

Le disque R: contient l'image disque du C: (Acronis).

Les disques  D: et N: et P: sont appelés par notre logiciel de synchronisation des "user's data" comme "Mes Documents".

Le disque F: a été exploité à notre insu par XP : "\Config.Msi\file.rbf"

Les disques M: et O: et Q: sont des partitions hébergées sur les mêmes disque durs que N: et P: et R: qui sont invoqués comme indiqué ci-dessus.

De nombreux raccoucis appellent des données (non névralgiques) stockées en H: et U:

Ce qui explique que la boot séquence "s'intéresse" à tout ce petit monde des unités de stockage :

 

 

Zoom de "Disk Utilisation" :

 

3-16 sec : boot disk avec un court appel au P: (disque interne invoqué par notre logiciel de synchronisation des "user's data" comme "Mes Documents") 16-39 sec : aucune utilisation des disques. 40-51 sec : appel à toutes les unités. 62-82 sec (le "Menu Démarrer" est disponible) 82-104 sec : appel à toutes les unités. 104-126 sec : bootdisk uniquement. 126-148 sec : bootdisk uniquement. 148-158 sec (PC prêt à l'usage) : bootdisk et un petit remords sur H: U: (USB disk : XP a de nombreux raccourcis vers son contenu).

 

Un autre BootVis sur un P4 de 2002 : http://www.kine-online.com/bootlog

---

Que peux-t'on charger sous XP avant d'avoir un bureau "ready to work" ?

XP : The Boot Process.

 

1/ Power supply switched on.
The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the Power Good signal to the processor. The time from switch-on to Power Good is usually between 0.1 and 0.5 seconds.

L'alimentation électrique effectue un auto-test. Lorsque toutes les tensions sont acceptables, l'alimentation indique que la puissance est stable et envoie un signal OK au processeur.

Le temps depuis l'allumage jusqu'au stade "Power Good" est généralement compris entre 0,1 et 0,5 seconde.

 

2/ The microprocessor timer chip receives the Power Good signal.

With the arrival of the Power Good signal the timer chip stops sending reset signals to the processor allowing the CPU to begin operations.

Avec l'arrivée du signal "Power Good", la puce "timer" arrête d'envoyer des signaux de réinitialisation et autorise ainsi le processeur à commencer les opérations.
 

3/ The CPU starts executing the ROM BIOS code.
The CPU loads the ROM BIOS starting at ROM memory address FFFF:0000 which is only 16 bytes from the top of ROM memory. As such it contains only a JMP (jump) instruction that points to the actual address of the ROM BIOS code.

 

4/ The ROM BIOS performs a basic test of central hardware to verify basic functionality.

Any errors that occur at this point in the boot process will be reported by means of 'beep-codes' because the video subsystem has not yet been initialized.
 

5/ The BIOS searches for adapters that may need to load their own ROM BIOS routines.
Video adapters provide the most common source of adapter ROM BIOS. The start-up BIOS routines scan memory addresses C000:0000 through C780:0000 to find video ROM. An error loading any adapter ROM generates an error such as: XXXX ROM Error where XXXX represents the segment address of the failed module
 

6/ The ROM BIOS checks to see if this is a 'cold-start' or a 'warm-start'.

To determine whether this is a warm-start or a cold start the ROM BIOS startup routines check the value of two bytes located at memory location 0000:0472. Any value other than 1234h indicates that this is a cold-start.

 

7/ If this is a cold-start the ROM BIOS executes a full POST (Power On Self Test). If this is a warm-start the memory test portion of the POST is switched off.

The POST can be broken down into three components:
The Video Test initializes the video adapter, tests the video card and video memory, and displays configuration information or any errors.
The BIOS Identification displays the BIOS version, manufacturer, and date.
The Memory Test tests the memory chips and displays a running sum of installed memory.

 

Errors the occur during the POST can be classified as either 'fatal' or 'non-fatal'. A non-fatal error will typically display an error message on screen and allow the system to continue the boot process. A fatal error, on the other hand, stops the process of booting the computer and is generally signaled by a series of beep-codes.

 

8/ The BIOS locates and reads the configuration information stored in CMOS.

CMOS (which stands for Complementary Metal-Oxide Semiconductor) is a small area of memory (64 bytes) which is maintained by the current of a small battery attached to the motherboard. Most importantly for the ROM BIOS startup routines CMOS indicates the order in which drives should be examined for an operating systems - floppy first, CD-Rom first, or fixed disk first.

 

9/ Fixed Disk
If the first bootable disk is a fixed disk the BIOS examines the very first sector of the disk for a Master Boot Record (MBR). For a floppy the BIOS looks for a Boot Record in the very first sector.

On a fixed disk the Master Boot Record occupies the very first sector at cylinder 0, head 0, sector 1. It is 512 bytes in size. If this sector is found it is loaded into memory at address 0000:7C00 and tested for a valid signature. A valid signature would be the value 55AAh in the last two bytes. Lacking an MBR or a valid signature the boot process halts with an error message which might read: NO ROM BASIC - SYSTEM HALTED
A Master Boot Record is made up of two parts - the partition table which describes the layout of the fixed disk and the partition loader code which includes instructions for continuing the boot process.
 

10/ MBR

With a valid MBR loaded into memory the BIOS transfers control of the boot process to the partition loader code that takes up most of the 512 bytes of the MBR.

The process of installing multiple operating systems on a single PC usually involves replacing the original partition loader code with a Boot Loader program that allows the user to select the specific fixed disk to load in the next step of the process.

 

11/ Partition Table

The partition loader (or Boot Loader) examines the partition table for a partition marked as active. The partition loader then searches the very first sector of that partition for a Boot Record.

The Boot Record is also 512 bytes and contains a table that describes the characteristics of the partition (number of bytes per sectors, number of sectors per cluster, etc.) and also the jump code that locates the first of the operating system files (IO.SYS in DOS).

 

12/ Operating System - Boot Record : The active partition's boot record is checked for a valid boot signature and if found the boot sector code is executed as a program.

The loading of Windows XP is controlled by the file NTLDR which is a hidden, system file that resides in the root directory of the system partition. NTLDR will load XP in four stages:
1) Initial Boot Loader Phase
2) Operating System selection
3) Hardware Detection
4) Configuration Selection

 

13/ Operating System - NTLDR Initial Phase : During the initial phase NTLDR switches the processor from real-mode to protected mode which places the processor in 32-bit memory mode and turns memory paging on. It then loads the appropriate mini-file system drivers to allow NTLDR to load files from a partition formatted with any of the files systems supported by XP.

Windows XP supports partitions formatted with either the FAT-16, FAT-32, or NTFS file system.

 

14/ Operating System - NTLDR - OS Selection - BOOT.INI : If the file BOOT.INI is located in the root directory NTLDR will read it's contents into memory. If BOOT.INI contains entries for more than one operating system NTLDR will stop the boot sequence at this point, display a menu of choices, and wait for a specified period of time for the user to make a selection.
If the file BOOT.INI is not found in the root directory NTLDR will continue the boot sequence and attempt to load XP from the first partition of the first disk, typically C:\.

 

NTLDR (NT Loader) est le nom du chargeur d'amorçage de Windows 2003, XP, 2000 et NT 4.0 et NT 3.x sur les processeurs x86 et x86-64 (AMD64 et Intel 64).

Note : Vista ou Seven ne l'utilise [hélas] plus.

 

Le fichier de configuration de NTLDR "boot.ini" est un fichier texte (en ASCII : American Standard Code for Information Interchange)

NTLDR passe le système en mode protégé et il gère les tables spécifiques aux processeurs de la famille x86 : la GDT (Global Descriptor Table), pour gérer la mémoire et IDT (Interrupt Descriptor Table), pour contrôler les interruptions (interruptions logicielles et exceptions). NTLDR charge également le noyau windows NT (Ntoskrnl.exe ou ntkrnlpa.exe pour les systèmes avec PAE), les fichiers hal.dll (couche d'abstraction matériel), ntdetect.com ; puis il passe la main.

PAE = Physical Address Extension = a processor feature that enables x86 processors to access more than 4 Gb of physical memory. 32-bit versions of Windows Server running on x86-based systems can use PAE to access up to 64 Gb or 128 Gb of physical memory, depending on the physical address size of the processor and the operating system version.

 

15/ Operating System - F8 - Assuming that the operating system being loaded is Windows NT, 2000, or XP pressing F8 at this stage of the boot sequence to display various boot options including "Safe Mode" and "Last Known Good Configuration".

After each successful boot sequence XP makes a copy of the current combination of driver and system settings and stores it as the Last Known Good Configuration. This collection of settings can be used to boot the system subsequently if the installation of some new device has caused a boot failure.

 

16/ Operating System - NTLDR - Hardware Detection : If the selected operating system is XP, NTLDR will continue the boot process by locating and loading the DOS based NTDETECT.COM program to perform hardware detection. NTDETECT.COM collects a list of currently installed hardware components and returns this list for later inclusion in the registry under the HKEY_LOCAL_MACHINE\HARDWARE key

17/ Operating System - NTLDR - Configuration Selection : If this computer has more than one defined Hardware Profile the NTLDR program will stop at this point and display the Hardware Profiles/Configuration Recovery menu.
Lacking more than one Hardware Profile NTLDR will skip this step and not display this menu.
 

18/ Operating System - Kernel Load : After selecting a hardware configuration (if necessary) NTLDR begins loading the XP kernel (NTOSKRNL.EXE).
During the loading of the kernel (but before it is initialized) NTLDR remains in control of the computer. The screen is cleared and a series of white rectangles progress across the bottom of the screen. NTLDR also loads the Hardware Abstraction Layer (HAL.DLL) at this time which will insulate the kernel from hardware. Both files are located in the \system32 directory.

 

Note : des fichiers "Ntoskrnl.exe", cela n'est pas cela qui manque dans un XP :

 

Ci-dessus dans un P4 HT 2.8 GHz de nos ressources d'atelier; ci-dessous dans un Compaq P4 HT 2.8 GHz fraîchement reformaté (et juste "full-windowsupdaté").

 

Ci-dessous dans le P4 HT 3.6 GHz qui a servi de base pour la XP boot séquence qui est le sujet de cette page.

Dans le même PC, pour Vista :

Dans le même PC, pour Seven :

 

19/ Operating System - NTLDR - Boot Device Drivers : NTLDR now loads device drivers that are marked as boot devices. With the loading of these drivers NTLDR  relinquishes control of the computer.

Every driver has a registry subkey entry under HKEY_LOCAL_MACHINE\SYSTEM\Services. Any driver that has a Start value of SERVICE_BOOT_START is considered a device to start at boot up. A period is printed to the screen for each loaded file (unless the /SOS switch is used in which case file names are printed.

 

20/ Operating System - Kernel Initialization : NTOSKRNL goes through two phases in its boot process - phase 0 and phase 1. Phase 0 initializes just enough of the microkernel and Executive subsystems so that basic services required for the completion of initialization become available.. At this point, the system display a graphical screen with a status bar indicating load status.

XP disables interrupts during phase 0 and enables them before phase 1. The HAL is called to prepare the interrupt controller; the Memory Manager, Object Manager, Security Reference Monitor, and Process Manager are initialized.
Phase 1 begins when the HAL is called to prepare the system to accept interrupts from devices. If more than one processor is present the additional processors are initialized at this point.

All Executive subsystems are reinitialized in the following order :
1) Object Manager
2) Executive
3) Microkernel
4) Security Reference Monitor
5) Memory Manager
6) Cache Manager
7) LPCS
8) I/O Manager
9) Process Manager
 

21/ Operating System - I/O Manager : The initialization of I/O Manager begins the process of loading all the systems driver files. Picking up where NTLDR left off, it first finishes the loading of boot devices. Next it assembles a prioritized list of drivers and attempts to load each in turn.

The failure of a driver to load may prompt NT to reboot and try to start the system using the values stored in the Last Known Good Configuration.

 

22/ Operating System - SMSS : The last task for phase 1 initialization of the kernel is to launch the Session Manager Subsystem (SMSS). SMSS is responsible for creating the user-mode environment that provides the visible interface to NT.

SMSS runs in user-mode but unlike other user-mode applications SMSS is considered a trusted part of the operating system and is also a native application (it uses only core Executive functions). These two features allow SMSS to start the graphics subsystem and login processes.

 

23/ Operating System - win32k.sys : SMSS loads the win32k.sys device driver which implements the Win32 graphics subsystem.

Shortly after win32k.sys starts it switches the screen into graphics mode. The Services Subsystem now starts all services mark as Auto Start. Once all devices and services are started the boot is deemed successful and this configuration is saved as the Last Known Good Configuration.

 

24/ Operating System - Logon : The XP boot process is not considered complete until a user has successfully logged onto the system. The process is begun by the WINLOGON.EXE file which is loaded as a service by the kernel and continued by the Local Security Authority (LSASS.EXE) which displays the logon dialog box.

This dialog box appears at approximately the time that the Services Subsystem starts the network service.

---

Au stade Bureau chargé & Machine "ready to use", la liste des tâches actives est la suivante :

 

---

Les pilotes et les processus à mettre en œuvre pendant le démarrage de Windows se trouvent en majorité sous trois rubriques :

 

1/ Groupe de programmes [dans notre cas : uniquement la gestion de la souris pour compatibilité avec des logiciels des années 199x] :

 

 

2/ Tâches planifiées [dans notre cas : uniquement les "Google Tasks"] que nous allons (essayer d') éliminer (nous ferons bien les mises-à-jour nous-même) :

 

Note : au fur et à mesure que nous éliminons ces tâches planifiées, elles reviennent si on ouvre un des logiciels Google (comme Chrome ou Earth). Google ne semble pas supporter l'exploitation de ses logiciels (gratuits) sans "reprogrammer" leur mise à jour.

Essai en cours 03/11/2009 : planifier pour 2010 :

 

 

... à suivre ...

  

3/ Registry :

 

a) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run :

 

HKLM = HKEY_LOCAL_MACHINE contient des informations de configuration spécifiques à l'ordinateur (pour n'importe quel utilisateur).

 

b) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run :

 

HKCU = HKEY_CURRENT_USER = une sous-clé de HKEY_USERS; elle contient la racine des informations de configuration relatives à l'utilisateur qui a ouvert une session.

Les paramètres des dossiers, des couleurs d'écran et du Panneau de configuration de l'utilisateur sont enregistrés à cet emplacement.

Ces informations sont associées au profil de l'utilisateur.

 

c) Nombreuses autres KEY's comme HKEY_LOCAL_MACHINE\SYSTEM\...ControlSet...\Services

---

XP Optimalization : LargeSystemCache.reg - NtfsDisableLastAccessUpdate.reg - DesktopProcess.reg - AlwaysUnloadDll.reg - shell\Haute-priorité.reg - IoPageLockLimitxxx(x).reg - BootOptimizeFunction.reg

XP Services : Home & Pro, par défaut : http://www.kine-online.com/services-xp.htm

Security Task Manager : en janvier 2010.

---

Voici la boot sequence, processus par processus (chronologiquement chargé); on est parti pour quatre bonnes minutes.

Note : ce relevé est en cours de parachèvement.

 

XPBA 1.0 - 26.9.2009 7:34:33.813 - ProcessId -1 : C:\WINDOWS\system32\ntkrnlpa.exe

 

{ C:\WINDOWS\system32\ntkrnlpa.exe - Windows NT Kernel.

The kernel handles memory management, input/output operating, and interrupts.
26.09.2009 07:29:53.796 : C:\WINDOWS\system32\hal.dll - Hardware Abstraction Layer, couche d'abstraction de matériel.

Drivers for most hardware are contained in external files but core drivers (which are required to support the kernel) are compiled into Hal.dll

A file that hides hardware complexities from Windows applications.
26.09.2009 07:29:53.796 : C:\WINDOWS\system32\KDCOM.DLL - An extension library which handles kernel debugging ("Kernel Mode Debugger").
26.09.2009 07:29:53.796 : C:\WINDOWS\system32\BOOTVID.dll - VGA Boot Driver.

26.09.2009 07:29:53.796 : sptd.sys - Part of Daemon Tools software : émulation CD-ROM.
26.09.2009 07:29:53.796 : C:\WINDOWS\System32\Drivers\WMILIB.SYS - WMI support library (infrastructure de gestion Windows)

Windows Management Instrumentation (WMI) is the Microsoft implementation of Web-based Enterprise Management (WBEM), which is an industry initiative to develop a standard technology for accessing management information in an enterprise environment. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components.
26.09.2009 07:29:53.796 : C:\WINDOWS\System32\Drivers\SCSIPORT.SYS - SCSI Port Driver (Small Computer System).

Un "SCSI/RAID Host Controller" est présent sur la carte-mère Asus P5PL2 & un "ND8653I EUU262M SCSI CdRom Device" est un Lecteur de CD virtuel.
26.09.2009 07:29:53.796 : ACPI.sys - ACPI Driver - Automatic Configuration Power Interface.

A driver which will attempt to throttle CPU usage when temperatures get to high (and other power management operations).
26.09.2009 07:29:53.796 : pci.sys - Plug and Play PCI Enumerator.
26.09.2009 07:29:53.796 : ohci1394.sys - 1394 OpenHCI Port Driver.

For : OHCI Compliant IEEE 1394 Host Controller or NEC FireWarden OHCI Compliant IEEE 1394 Host Controller or Texas Instruments OHCI Compliant IEEE 1394 Host Controller or VIA OHCI Compliant IEEE 1394 Host Controller or AGERE OHCI Compliant IEEE 1394 Host Controller.
26.09.2009 07:29:53.796 : C:\WINDOWS\system32\DRIVERS\1394BUS.SYS - IEEE 1394 bus driver

This driver serves as a hardware-independent interface to the IEEE 1394 bus, handling some IRPs (I/O request packets) that are sent by IEEE 1394 devices, and forwarding others to the port driver for the host controller on the motherboard.
26.09.2009 07:29:53.796 : isapnp.sys - Plug and Play ISA Bus Driver.
26.09.2009 07:29:53.796 : pciide.sys - Generic PCI IDE Bus Driver.
26.09.2009 07:29:53.796 : C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS - PCI IDE Bus Driver Extension.
26.09.2009 07:29:53.796 : MountMgr.sys - Mount Manager.

Points de montage de volume sur les disques (file volume management : allocates and deallocates drive letters for all devices).

The mount manager (MM) is responsible for managing volume names. For each volume, it stores a name that is unique and is permanently identified with the volume, even after the volume has been removed from the system. It also manages less permanent names, like drive letters, that persist across reboots, but whose assignments can change as volumes are added to or removed from the system. The mount manager provides a unique interface to each volume in the system by creating a symbolic link to the volume's device object. Since the symbolic links themselves and the device objects they target do not persist when the system restarts, the mount manager preserves the name of the symbolic link in a persistent name database in the registry.
26.09.2009 07:29:53.796 : ftdisk.sys - Volume Manager Driver.
26.09.2009 07:29:53.796 : PartMgr.sys - Partition Manager Driver.
26.09.2009 07:29:53.796 : sfsync02.sys - StarForce Protection Synchronization Driver (Eagle Dynamics, Lock On).
26.09.2009 07:29:53.796 : VolSnap.sys - Volume Shadow Copy Driver.

Provides a framework that allows a coordinated and consistent point-in-time copy of disk volumes.

The IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES control code is sent to force a flush of a file system before a volume shadow copy occurs. This IOCTL is issued as an IRP_MJ_DEVICE_CONTROL request that is sent only to the volume device object of a local file system and to file system filter drivers that may have attached to that volume. This IOCTL is most commonly sent by the Volume Shadow Copy Service, but it can also be issued by other user-mode applications or processes. It is also possible under special circumstances for this IOCTL to be sent by the Volume Shadow Copy Driver (volsnap.sys) during a hibernation request or before a crash dump. This IOCTL is sent to file system filter drivers, file system drivers, and other device drivers (storage filter drivers and storage drivers, for example) located below the file systems.
26.09.2009 07:29:53.796 : atapi.sys - IDE/ATAPI Port Driver
26.09.2009 07:29:53.796 : disk.sys - Plug and Play Disk Driver.
26.09.2009 07:29:53.796 : C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - SCSI Devices Driver.
26.09.2009 07:29:53.796 : fltmgr.sys - Filesystem Filter Manager.

A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. Examples of file system filter drivers include anti-virus filters, backup agents, and encryption products.
26.09.2009 07:29:53.796 : sr.sys - System Restore Filesystem Filter Driver.
26.09.2009 07:29:53.796 : crpf.sys - COMODO System Cleaner : Safe Delete Filter.
26.09.2009 07:29:53.796 : csdf.sys - COMODO Privacy Cleaner.

 

Freeware Comodo System Cleaner offre la possibilité de gérer, d'optimiser, de réparer et de nettoyer votre système Windows en profondeur tout en protégeant votre vie privée. Son interface un peu trop spartiate dissimule un grand potentiel. En effet, ce véritable couteau suisse logiciel réunit une véritable panoplie d'outils personnalisables et sûrs pour : * Réparer le registre Windows  minutieusement * Supprimer des données inutiles * Rechercher des fichiers en doublons * Effacer vos traces d'activité et historiques * Détruire vos dossiers en mode sécurisé * Obtenir des informations matérielles * Désinstaller rapidement vos logiciels * Gérer vos paramètres système avancé.

26.09.2009 07:29:53.796 : PxHelp20.sys - Px Engine Device Driver.

Belongs to the software PxHelp or RecordNow! or ESSSONIC or Sonic RecordNow! or Dell Media Experience or Pioneer RecordNow DX or Sonic MyDVD or Sonic RecordNow! Deluxe or Sonic RecordNow DX or Sonic MyDVD Plus or Microsoft Plus! Digital Media or 1CLICK DivxToDVD or Sonic PrimoSDK or Corel Photo Album or HP RecordNow or IBM RecordNow! or Sonic MyDVD LE or Sonic RecordNow Copy or Roxio Easy Media Creator or Microsoft Digital Image Suite or Roxio RecordNow Copy or HP DigitalMedia Archive or Sonic RecordNow! Plus or Adobe Photoshop Lightroom or Yahoo! Music Jukebox or Roxio Media Manager or Roxio Drag-to-Disc or Roxio Creator Basic v or Napster Burn Engine by Sonic Solutions or VERITAS Software, Inc.
26.09.2009 07:29:53.796 : KSecDD.sys - MS Kernel Security Support Provider Interface.

This component is associated with secur32.dll and with the Local Security Authority Subsystem (LSASS - lsasrv.dll).
26.09.2009 07:29:53.796 : ntfs.sys - NTFS file system.
26.09.2009 07:29:53.796 : ndis.sys - NDIS 5.1 Wrapper Network Driver.
26.09.2009 07:29:53.796 : timntr.sys - Acronis TrueImage Backup Archive Explorer.

Acronis True Image Home is an integrated software suite that ensures security of all information on your PC. It can backup all the data you need and securely destroy all confidential data you do not need anymore. With Acronis True Image Home, you will be able to back up selected files and folders, Windows applications settings, Microsoft e-mail client settings and messages, or entire disks and partitions, as well as permanently destroy files and wipe personal information from partitions and/or entire disks, and clean all traces of user activity from your Windows system.
26.09.2009 07:29:53.796 : tdrpman.sys - Acronis Try&Decide and Restore Points Volume Filter Driver.
26.09.2009 07:29:53.796 : speedfan.sys - SpeedFan est capable d'interroger et de monitorer un grand nombre de composants utilisés dans les PC's.

 

 
26.09.2009 07:29:53.796 : snapman.sys - Acronis Snapshot API.

API = Application Programming Interface

interface de programmation : ensemble de fonctions, procédures ou classes mises à disposition des programmes informatiques.

26.09.2009 07:29:53.796 : sfhlp02.sys - StarForce Protection Helper Driver.
26.09.2009 07:29:53.796 : sfdrv01.sys - StarForce Protection Environment Driver.
26.09.2009 07:29:53.796 : RecAgent.sys - Recorder agent driver belongs to Soft Modem or Smart Link.

Dans cette machine : USB Smart Voice Modem 56Kbps (for FAX).
26.09.2009 07:29:53.796 : Mup.sys - Multiple UNC Provider Driver.

The multiple UNC provider (MUP) is a kernel-mode component responsible for channeling all remote file system accesses using a Universal Naming Convention (UNC) name to a network redirector (the UNC provider) that is capable of handling the remote file system requests.
26.09.2009 07:29:53.796 : giveio.sys - part of SpeedFan; allows programs low-level access to parallel and serial ports.
26.09.2009 07:29:53.796 }

 

ProcessId 4 : C:\WINDOWS\system32\DRIVERS\intelppm.sys - 26.09.2009 07:29:59.060 - 227206 ms (3,8 minutes)

 

{ C:\WINDOWS\system32\DRIVERS\intelppm.sys - pilote relatif à la gestion de l’alimentation; Processor Device Driver.
26.09.2009 07:29:59.060 : C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS - Display Driver.
26.09.2009 07:29:59.381 : C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - Miniport nVidia Graphic Driver
26.09.2009 07:29:59.382 : C:\WINDOWS\system32\DRIVERS\HDAudBus.sys - High Definition Audio Bus Driver
26.09.2009 07:29:59.410 : C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys - Realtek Network Driver
26.09.2009 07:29:59.450 : C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - USB 1.1/2.0 Driver
26.09.2009 07:29:59.478 : C:\WINDOWS\system32\DRIVERS\usbuhci.sys - USB 1.1/2.0 Driver
26.09.2009 07:29:59.478 : C:\WINDOWS\system32\DRIVERS\usbehci.sys - USB 1.1/2.0 Driver
26.09.2009 07:29:59.490 : C:\WINDOWS\system32\drivers\ks.sys - Microsoft Windows Kernel CSA library file, DirectX.

 

[dxdiag]

 

AVStream is a Microsoft-provided multimedia class driver that supports video-only streaming and integrated audio/video streaming.

Microsoft provides AVStream as part of the operating system, in the export driver Ks.sys. Hardware vendors write minidrivers that run under Ks.sys.
26.09.2009 07:29:59.607 : C:\WINDOWS\system32\drivers\drmk.sys - Microsoft Kernel DRM Descrambler Filter (Windows XP Embedded SP2 Feature Pack).
26.09.2009 07:29:59.607 : C:\WINDOWS\system32\drivers\portcls.sys - provides a collection of audio port drivers ...

... and a set of helper functions that can be called by the adapter driver. The PortCls driver provides kernel-streaming capabilities for ISA/DMA and PCI audio device drivers and is implemented in the portcls.sys file as an export driver (a kernel-mode DLL).
26.09.2009 07:29:59.607 : C:\WINDOWS\system32\drivers\ctaud2k.sys - Part of the software Creative Audio Driver.

Codecs installés dans cette machine.

26.09.2009 07:29:59.607 : C:\WINDOWS\system32\drivers\ctoss2k.sys - Part of the software Creative Audio Driver.
26.09.2009 07:29:59.625 : C:\WINDOWS\system32\drivers\ctprxy2k.sys - Creative Proxy Audio Device Driver.
26.09.2009 07:29:59.645 : C:\WINDOWS\system32\DRIVERS\nic1394.sys - IEEE1394 Ndis Miniport.
26.09.2009 07:29:59.658 : C:\WINDOWS\system32\DRIVERS\fdc.sys - Floppy Disk Controller Driver.
26.09.2009 07:29:59.667 : C:\WINDOWS\system32\DRIVERS\parport.sys - Parallel Port Driver.
26.09.2009 07:29:59.678 : C:\WINDOWS\system32\DRIVERS\i8042prt.sys - Controls PS/2 Keyboards and Mouse.
26.09.2009 07:29:59.693 : C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Keyboard Class Driver.
26.09.2009 07:29:59.698 : C:\WINDOWS\system32\DRIVERS\IPFilter.sys - Microsoft IntelliPoint (IntelliMouse).
26.09.2009 07:29:59.724 : C:\WINDOWS\system32\DRIVERS\mouclass.sys - Mouse Class Driver.
26.09.2009 07:29:59.727 : C:\WINDOWS\system32\DRIVERS\serial.sys - Serial Device Driver.
26.09.2009 07:29:59.739 : C:\WINDOWS\system32\DRIVERS\serenum.sys - Serial Port Enumerator.
26.09.2009 07:29:59.747 : C:\WINDOWS\system32\DRIVERS\ASACPI.sys - ATK0110 ACPI Utility (Motherboard Resource, Power Management).

 

 
26.09.2009 07:29:59.763 : C:\WINDOWS\system32\DRIVERS\imapi.sys - IMAPI Kernel Driver.

Image Mastering Application Programming Interface : provides the ability to create and burn single-session and multi-session discs, including bootable discs.
26.09.2009 07:29:59.776 : C:\WINDOWS\system32\Drivers\ElbyDelay.sys - Elby Delay Lower Filter Driver (CDRTools or VirtualCloneDrive).
26.09.2009 07:29:59.791 : C:\WINDOWS\system32\Drivers\AnyDVD.sys - AnyDVD Filter Driver (SlySoft)
26.09.2009 07:29:59.809 : C:\WINDOWS\system32\drivers\pfc.sys - AnyDVD Patin-Couffin Autoplay Support Driver.
26.09.2009 07:29:59.827 : C:\WINDOWS\system32\DRIVERS\cdrom.sys - SCSI CD-ROM Driver.
26.09.2009 07:29:59.836 : C:\WINDOWS\system32\DRIVERS\redbook.sys - Redbook Audio Filter Driver.

The Redbook system driver (Redbook.sys) is the KS filter that manages the rendering of CD digital audio. The Redbook driver is a client of the SysAudio system driver. The system routes CD digital audio through the file system to the Redbook driver and then to the SysAudio driver. The CD digital audio is rendered on the preferred wave output device (as set in the Multimedia property pages in Control Panel).
26.09.2009 07:29:59.846 : C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys - NTI CD-ROM Filter Driver.

Vestige d'un programme désinstallé NTI Backup ?
26.09.2009 07:29:59.863 : C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys - CD/DVD Class Filter Driver.

GEAR Software disc copying service installed with iTunes and other CD/DVD burning software file.

 

26.09.2009 07:29:59.966 : C:\WINDOWS\system32\DRIVERS\audstub.sys - Audio Stub Driver.

The Legacy Audio Drivers component provides support for legacy audio drivers. This component supplies the Audio Stub Driver in the audstub.sys file and the supporting INF (information) file, wave.inf.
26.09.2009 07:30:00.234 : C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - RAS L2TP mini-port/call-manager driver. Network Driver.
26.09.2009 07:30:00.246 : C:\WINDOWS\system32\DRIVERS\ndistapi.sys - NDIS 3.0 connection wrapper driver. Network Driver.
26.09.2009 07:30:00.254 : C:\WINDOWS\system32\DRIVERS\ndiswan.sys - MS PPP Framing Driver (Strong Encryption). Network Driver.
26.09.2009 07:30:00.261 : C:\WINDOWS\system32\DRIVERS\raspppoe.sys - RAS PPPoE mini-port/call-manager driver. Network Driver.
26.09.2009 07:30:00.270 : C:\WINDOWS\system32\DRIVERS\TDI.SYS - TDI Wrapper. Network Driver.
26.09.2009 07:30:00.296 : C:\WINDOWS\system32\DRIVERS\raspptp.sys - Peer-to-Peer Tunneling Protocol. Network Driver.
26.09.2009 07:30:00.296 : C:\WINDOWS\system32\DRIVERS\psched.sys - MS QoS Packet Scheduler. Network Driver.
26.09.2009 07:30:00.307 : C:\WINDOWS\system32\DRIVERS\msgpc.sys - MS General Packet Classifier. Network Driver.
26.09.2009 07:30:00.313 : C:\WINDOWS\system32\DRIVERS\ptilink.sys - Direct Parallel Link Service - I/O Library - LPT.
26.09.2009 07:30:00.332 : C:\WINDOWS\system32\DRIVERS\raspti.sys - PTI Direct Parallel mini-port/call-manager. Network Driver.
26.09.2009 07:30:00.333 : C:\WINDOWS\system32\DRIVERS\termdd.sys - Terminal Server Driver. Network Driver.
26.09.2009 07:30:00.344 : C:\WINDOWS\system32\DRIVERS\swenum.sys - Plug and Play Software Device Enumerator.
26.09.2009 07:30:00.351 : C:\WINDOWS\system32\DRIVERS\update.sys - Microsoft driver for updating system components.
26.09.2009 07:30:00.378 : C:\WINDOWS\system32\DRIVERS\mssmbios.sys - System Management BIOS Driver.
26.09.2009 07:30:00.392 : C:\WINDOWS\system32\Drivers\NDProxy.SYS - NDIS Proxy. Network Driver.
26.09.2009 07:30:00.517 : C:\WINDOWS\system32\drivers\HdAudio.sys - related to Universal Audio Architecture (UAA) High Definition Audio class driver.
26.09.2009 07:30:02.118 : C:\WINDOWS\system32\DRIVERS\USBD.SYS - Universal Serial Bus Driver.
26.09.2009 07:30:04.200 : C:\WINDOWS\system32\DRIVERS\usbhub.sys - Default Hub Driver for USB.
26.09.2009 07:30:04.200 : C:\WINDOWS\system32\drivers\ha20x2k.sys - Creative Audio Product.
26.09.2009 07:30:04.862 : C:\WINDOWS\system32\drivers\emupia2k.sys - Creative Audio, E-mu Plug-in Architecture Driver (WDM).
26.09.2009 07:30:04.890 : C:\WINDOWS\system32\drivers\ctsfm2k.sys - Creative Audio, SoundFont(R) Manager (WDM).
26.09.2009 07:30:05.249 : C:\WINDOWS\system32\drivers\ctac32k.sys - Creative Audio, AC3 SW Decoder Device Driver (WDM).
26.09.2009 07:30:05.274 : C:\WINDOWS\system32\DRIVERS\flpydisk.sys - Floppy Driver.

26.09.2009 07:30:10.011 : C:\Program Files\Symantec AntiVirus\savrt.sys

 

 
26.09.2009 07:30:10.284 : C:\Program Files\Symantec\SYMEVENT.SYS
26.09.2009 07:30:10.318 : C:\Program Files\Symantec AntiVirus\Savrtpel.sys
26.09.2009 07:30:10.334 : C:\WINDOWS\system32\Drivers\Fastfat.SYS - Fast FAT File System Driver.
26.09.2009 07:30:41.534 : C:\WINDOWS\system32\DRIVERS\tifsfilt.sys - Acronis True Image File System Filter.
26.09.2009 07:30:53.274 : C:\WINDOWS\system32\DRIVERS\AegisP.sys - IEEE 802.1X Protocol Driver, WLan, WiFi Network Driver.
26.09.2009 07:31:04.231 : C:\WINDOWS\system32\DRIVERS\ndisuio.sys - NDIS User Mode I/O (NDISUIO) NDIS protocol driver. WiFi Network Driver.
26.09.2009 07:31:04.248 : C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft WDM Virtual Wave Driver (WDM).
26.09.2009 07:31:21.421 : C:\WINDOWS\system32\drivers\sysaudio.sys - System Audio WDM Filter - Microsoft Kernel System Audio Device.
26.09.2009 07:31:21.436 : C:\WINDOWS\system32\drivers\splitter.sys - Microsoft Kernel Audio Splitter.
26.09.2009 07:31:21.536 : C:\WINDOWS\system32\drivers\aec.sys - Microsoft Kernel Acoustic Echo Canceller.
26.09.2009 07:31:21.550 : C:\WINDOWS\system32\drivers\swmidi.sys - Microsoft GS Wavetable Synthesizer.
26.09.2009 07:31:21.564 : C:\WINDOWS\system32\drivers\DMusic.sys - Microsoft Windows Kernel DLS audio synthesizer file.

The Microsoft Kernel DLS Synthesizer component provides the DMusic port class miniport driver, contained in the dmusic.sys file. The DMusic driver is a system-supplied kernel-streaming filter that supports the synthesis of high-quality downloadable sound (DLS). This component also includes the wdmaudio.inf file, which provides for the installation of core audio components.
26.09.2009 07:31:21.579 : C:\WINDOWS\system32\drivers\kmixer.sys - Kernel Mode Audio Mixer.
26.09.2009 07:31:21.595 : C:\WINDOWS\system32\drivers\drmkaud.sys - Microsoft Kernel DRM Audio Descrambler Filter.
26.09.2009 07:31:21.608 : C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Windows NT WebDav Minirdr. Web Distributed Authoring and Versioning (WebDAV).
26.09.2009 07:31:30.308 : C:\WINDOWS\system32\Drivers\ParVdm.SYS - VDM (Virtual MS-DOS Machine) Parallel Driver.
26.09.2009 07:31:34.065 : C:\WINDOWS\system32\drivers\amon.sys - Amon monitor Eset Nod32 Antivirus.
26.09.2009 07:31:37.577 : C:\WINDOWS\system32\DRIVERS\srv.sys - Server Driver. Network Driver.
26.09.2009 07:32:51.937 : C:\WINDOWS\system32\Drivers\HTTP.sys - HTTP Protocol Stack.
26.09.2009 07:33:22.012 : C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090925.002\navex15.sys
26.09.2009 07:33:43.159 : C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090925.002\naveng.sys
26.09.2009 07:33:43.161 : C:\WINDOWS\system32\Drivers\SYMREDRV.SYS  - driver related to Symantec antiviral software.
26.09.2009 07:33:46.267 }

 

ProcessId 1324 : C:\WINDOWS\system32\nv4_disp.dll - 26.09.2009 07:30:39.752 - 7,818 sec

 
{ C:\WINDOWS\system32\nv4_disp.dll - module lié à NVIDIA Display driver.
26.09.2009 07:30:39.752 : C:\WINDOWS\system32\nv4_disp.dll
26.09.2009 07:30:39.893 : C:\WINDOWS\system32\vga.dll
26.09.2009 07:30:40.049 : C:\WINDOWS\system32\nv4_disp.dll
26.09.2009 07:30:40.070 : C:\WINDOWS\system32\nv4_disp.dll
26.09.2009 07:30:40.082 : C:\WINDOWS\system32\sxs.dll - employé pour enregistrer l'information liée aux fichiers "manifest" de Windows.

Part of Manifest Logging DLL - Manifests are XML files that accompany and describe side-by-side assemblies or isolated applications.

26.09.2009 07:30:47.570 : C:\WINDOWS\system32\advapi32.dll - une partie d'une bibliothèque avancée de services d'API.

Windows API ou WinAPI est le nom donné par Microsoft à l'Interface de programmation (API) sur les systèmes d'exploitation Microsoft Windows.

Elle est conçue pour les langages de programmation C et C++ et est la manière la plus directe pour une application d'interagir avec le système d'exploitation Windows.

Exemple : permet d'accéder aux ressources pour l'affichage sur les moniteurs, imprimantes, ... Elle est stockée dans le fichier gdi.exe sur les systèmes 16-bits et gdi32.dll sur les systèmes 32-bits.
26.09.2009 07:30:47.571 : C:\WINDOWS\system32\rpcrt4.dll - Remote Procedure Call (RPC) API

Employé par des applications de Windows pour le réseau et la communication Internet.
26.09.2009 07:30:47.571 : C:\WINDOWS\system32\secur32.dll - une bibliothèque qui contient des fonctions de protection Windows.

Security Support Provider Interface statically linked to ADVAPI32.dll - KERNEL32.dll - ntdll.dll
26.09.2009 07:30:47.571 }

 

ProcessId 1356 - C:\WINDOWS\system32\winlogon.exe - 26.09.2009 07:30:41.607 - 50,79 sec

 
{ C:\WINDOWS\system32\winlogon.exe - ouverture de session.
26.09.2009 07:30:41.607 : C:\WINDOWS\system32\ntdll.dll - NT Layer DLL
26.09.2009 07:30:41.607 : C:\WINDOWS\system32\kernel32.dll - NT BASE API {Application Programming Interface} Client DLL
26.09.2009 07:30:46.790 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:30:46.792 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:30:46.792 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:30:46.792 : C:\WINDOWS\system32\authz.dll - Authorization Framework

Allows applications to perform authorization checks against the user account security identifier (SID).

This permits you to use a security model that will perform authorization checks of a user who is not currently logged on to the domain.

26.09.2009 07:30:46.804 : C:\WINDOWS\system32\msvcrt.dll - Microsoft C Runtime Library process which belongs to Microsoft Visual C++
26.09.2009 07:30:46.804 : C:\WINDOWS\system32\crypt32.dll - Microsoft Cryptography API

The Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, or simply CAPI) is an application programming interface included with Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography.
26.09.2009 07:30:46.804 : C:\WINDOWS\system32\msasn1.dll - Abstract Syntax Notation 1 - ASN.1 Runtime API - lié à Cryptography API

Exemple : java.sun.com - CryptoSpec
26.09.2009 07:30:46.805 : C:\WINDOWS\system32\user32.dll - Multi-User Windows USER API Client DLL

Module qui contient des fonctions de Windows API associées à l'interface utilisateur.
26.09.2009 07:30:46.805 : C:\WINDOWS\system32\gdi32.dll - contains Windows API functions related the Windows user interface - Graphics Device Interface

Contient des fonctions pour Windows GDI (interface de périphérique graphique) :  crée les objets à deux dimensions simples (Window handling, basic UI functions, and so forth).
26.09.2009 07:30:46.805 : C:\WINDOWS\system32\nddeapi.dll - Network DDE Share Management APIs

Provides a dynamic-link library that supports network dynamic data exchange (DDE).
26.09.2009 07:30:46.815 : C:\WINDOWS\system32\profmap.dll - Userenv - component associated with Group Policy Object management
26.09.2009 07:30:46.821 : C:\WINDOWS\system32\netapi32.dll - Dynamic-link library for network transport and security for dynamic data exchange (DDE)

Facilities for management of Local Area Network connections.
26.09.2009 07:30:46.821 : C:\WINDOWS\system32\userenv.dll - Contains functions used for managing users’ environment

API used to create and manage user profiles.
26.09.2009 07:30:46.821 : C:\WINDOWS\system32\psapi.dll - Process Status Application Programming Interface

Provides the Process Status Helper dynamic-link library. This DLL helps obtain information about running processes and device drivers.

PSAPI makes it easier for developers to obtain information about processes and device drivers.
26.09.2009 07:30:46.828 : C:\WINDOWS\system32\regapi.dll - provides the Registry Configuration API
26.09.2009 07:30:46.836 : C:\WINDOWS\system32\setupapi.dll - Windows Setup API

Provides functions that are used to create installer and setup applications.
26.09.2009 07:30:46.848 : C:\WINDOWS\system32\version.dll - Contains functions that are used to retrieve file version information

Version Checking and File Installation Libraries.
26.09.2009 07:30:46.848 : C:\WINDOWS\system32\winsta.dll - Winstation Library

Supplies the core functions that are required to work with window station objects that contain clipboards, global atoms, or a group of desktop objects.
26.09.2009 07:30:46.854 : C:\WINDOWS\system32\wintrust.dll - Trust Verification APIs

Provides functions to verify that trust is not broken in entities such as files, catalogs, signatures, memory BLOBs (binary large objects), and certificates that have been issued by third parties.
26.09.2009 07:30:46.854 : C:\WINDOWS\system32\imagehlp.dll - Image Helper application

A module containing the Windows Debug Help library used for debugging and error handling on Windows NT operating systems and later. This program is important for the stable and secure running of your computer and should not be terminated. imagehlp.dll is also a process belonging to an advertising program by WebSearch. This module monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system.
26.09.2009 07:30:46.854 : C:\WINDOWS\system32\ws2_32.dll - WinSock - Windows Sockets

Contains the Windows Sockets API used by most Internet and network applications to handle and route network connections and traffic. Provides entry points for installation applets and service providers.

Contains the Windows Sockets API used by most Internet and network applications to handle network connections.

WINdows SOCKet est une bibliothèque dynamique de fonctions DLL dont le but est d'implémenter TCP/IP.

Elle prend notamment en charge l'envoi et la réception des paquets de données via des socket BSD (Berkeley sockets)
26.09.2009 07:30:46.861 : C:\WINDOWS\system32\ws2help.dll - Windows Sockets 2.0 NT Helper

Provides support for Windows Sockets. Supplies the Winsock 2.0 Helper dynamic-link library.
26.09.2009 07:30:46.867 : C:\WINDOWS\system32\imm32.dll - Windows Input Method Manager (IMM) API client

The Input Method Manager (IMM) is a system component which allows users to modify their configuration for entering characters that are not found on their input device.

This feature is useful for entering non-latin characters when using a Western keyboard.
26.09.2009 07:30:46.899 : C:\WINDOWS\system32\kbdbe.dll - Belgian Keyboard Layout
26.09.2009 07:30:47.319 : C:\WINDOWS\system32\kbdus.dll - United States Keyboard Layout

Options régionales et linguistiques : a été supprimé

26.09.2009 07:30:47.330 : C:\WINDOWS\system32\kbdfr.dll - French Keyboard Layout

Options régionales et linguistiques : a été supprimé

26.09.2009 07:30:47.368 : C:\WINDOWS\system32\msgina.dll - Authentication Policy

Module chargé par Winlogon pour mettre en application la politique d'authentification; il exécute toutes les interactions d'identification de l'utilisateur et d'authentification.
26.09.2009 07:30:47.481 : C:\WINDOWS\system32\comctl32.dll - Graphical User Interface : Common Controls

Contient les composants communs de l'environnement graphique (GUI) employés par des applications Windows. Interface fenêtrée "Homme-Machine".

Aussi appelé WIMP, acronyme anglais pour Windows (fenêtres), Icons (icônes), Menus (menus) and Pointing device (dispositif de pointage), ce type d’interface graphique a été inventé par la firme Xerox et rendu célèbre par le Macintosh. Windows Vista utilise Aero comme interface graphique qui puise dans la puissance du processeur graphique afin d’avoir des effets 3D mais il n’est pas nécessaire au système et il est possible de le désactiver.
26.09.2009 07:30:47.481 : C:\WINDOWS\system32\odbc32.dll - Microsoft Data Access - ODBC Driver Manager

Contient des fonctions pour la norme de requête de base de données ODBC (Open DataBase Connectivity = une API permettant à des applications clientes de communiquer avec des bases de données utilisant le langage SQL).

Structured query language (SQL), ou langage structuré de requêtes, est un pseudo-langage informatique (de type requête) standard et normalisé, destiné à interroger ou à manipuler une base de données relationnelle.
26.09.2009 07:30:47.492 : C:\WINDOWS\system32\comdlg32.dll - Windows Common Dialogs Library

Module qui contient les boîtes de dialogue communes employées par des applications de Windows.

Provides common windows dialog boxes (such as the 'open file' and 'print' dialog boxes etc) to programs written in the Visual Basic language.
26.09.2009 07:30:47.492 : C:\WINDOWS\system32\shell32.dll - Windows Shell Common Library

The shell system is important for handling many windows tasks. Contains most of the system icons and dialog boxes that are used by the Windows operating system.
26.09.2009 07:30:47.492 : C:\WINDOWS\system32\shlwapi.dll - Microsoft Shell Light-weight Utility Library

Bibliothèque contenant des fonctions pour des chemins (path) d'UNC et d'URL, des entrées de registre, et des configurations de couleur.

Essential in the construction of Uniform Resource Locators (URL). UNC (Universal Naming Convention or Uniform Naming Convention) specifies a common syntax to describe the location of a network resource, such as a shared file, directory, or printer. The UNC syntax for Windows systems has the generic form : \\ComputerName\SharedFolder\Resource.

shlwapi.dll is related to netshell.dll, shdoc401.dll, shdoclc.dll, shdocvw.dll, shfolder.dll, stobject.dll, url.dll
26.09.2009 07:30:47.492 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

Side-by-side (SxS) assemblies : keeps multiple versions of a DLL in the WinSxS folder and runs them on demand to the appropriate application keeping applications isolated from each other and not using common dependencies.

 

Note : dans la même machine, sous Vista (O:\) et sous Seven (Q:\) :

Mais : Demystifying the WinSxS directory in XP - Facebook Group - Win Vista Club - winsxs just contains links to real file !

 
26.09.2009 07:30:47.817 : C:\WINDOWS\system32\odbcint.dll - Microsoft ODBC Resource DLL

Contient des fonctions pour la norme de requête de base de données ODBC.
26.09.2009 07:30:47.853 : C:\WINDOWS\system32\shsvcs.dll - Windows Shell Services
26.09.2009 07:30:47.861 : C:\WINDOWS\system32\sfc.dll - System File Checker is associated with Windows File Protection (WFP)

Contains functions used to monitor system files for validity. It pertains to computer network security. File system security features can include encrypting and decrypting local files, authorizing file access with access control lists (ACLs), and protecting system files (with Sfcfiles.dll, Sfc_os.dll). Windows File Protection prevents the corruption or loss of key system files.
26.09.2009 07:30:47.877 : C:\WINDOWS\system32\sfc_os.dll - Part of Windows File Protection (WFP), associated with sfc.dll
26.09.2009 07:30:47.884 : C:\WINDOWS\system32\ole32.dll - Contains core OLE functions

Used when performing OLE (Object Linking and Embedding) operations.

OLE allows objects created in one application to be embedded in documents/objects created by a different applications e.g. embedding an Excel spreadsheet inside a Word document.

Construit sur les Dynamic Data Exchange (DDE) et introduit par Word et Excel en 1991 et dans Windows 3.1 un an plus tard. De même en 1991, Microsoft introduisit les contrôles Visual Basic, ou VBX grâce à Visual Basic 1.0.
En 1993, Microsoft sortit les OLE 2 et créa le COM (Component Object Model, aussi connu sous le nom de ActiveX) comme modèle objet.

En 1994, les contrôles OLE (OCX) furent introduits en tant que successeurs des VBX.
26.09.2009 07:30:47.884 : C:\WINDOWS\system32\apphelp.dll - Application Compatibility Client Library - Help Module
26.09.2009 07:30:47.932 : C:\WINDOWS\system32\msctfime.ime - Text Frame Work Service IME (Input Method Editor)

IME permet de taper des caractères complexes et des symboles (tels que les caractères chinois, coréen, japonais ou d'origine indiennes) à l'aide d'un clavier occidental classique.

The Text Services Framework is designed to offer advanced language and word processing features to applications. It supports features such as multilingual support, keyboard drivers, handwriting recognition, speech recognition, as well as spell checking and other text and natural language processing functions.
26.09.2009 07:30:51.768 : C:\WINDOWS\system32\sfcfiles.dll - Part of Windows File Protection (WFP), associated with sfc.dll
26.09.2009 07:30:51.975 : C:\WINDOWS\system32\basesrv.dll - Windows NT BASE API {Application Programming Interface} Server DLL
26.09.2009 07:30:52.115 : C:\WINDOWS\system32\winscard.dll - Microsoft Smart Card API

Smart Card (PC/SC)  : lecteurs de carte à puce.
26.09.2009 07:30:52.831 : C:\WINDOWS\system32\wtsapi32.dll - Windows Terminal Server SDK APIs

File that contains application programming interface (API) functions that enable application programs to (1) manage terminal services, (2) set and retrieve user configuration information that is specific to terminal services, (3) use terminal services virtual channels, and more, in a terminal services environment.
26.09.2009 07:30:52.886 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:30:55.071 : C:\WINDOWS\system32\ATMFD.DLL - a process which belongs to Adobe Type Manager (ATM)
26.09.2009 07:31:00.318 : C:\WINDOWS\system32\cscdll.dll - Microsoft Offline Network Agent

The Offline Application Block builds on the capabilities of the .NET Framework and the encapsulating smart client application to help users perform tasks when offline as easily and efficiently as they can perform them online.
26.09.2009 07:31:04.249 : C:\WINDOWS\system32\dimsntfy.dll - service d'informations d’identification itinérantes; DIMS (Digital Identity Management Service)

Related to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

26.09.2009 07:31:04.268 : C:\WINDOWS\system32\wlnotify.dll - Common Dll To Receive Winlogon Notifications

Related to msgina.dll {qui exécute toutes les interactions d'identification de l'utilisateur} - pertains to computer network security.

Winlogon notification package = # Crypt32chain: crypt32.dll # Cryptnet: cryptnet.dll # Cscdll: cscdll.dll # ScCertProp/Schedule/Senslogn/Termsrv/Wlballoon: wlnotify.dll # Sclgntfy: sclgntfy.dll

Whenever you have a concern about a file like wlnotify.dll, feel free to visit our Anonymous Surfing section to help verify your file you are not giving away too much personal information.

auditmypc.com/anonymous-surfing results :

 

 

 

 

 

 

 

 

 

 

 In Windows Vista and later, Winlogon notification packages are no longer supported.

 

 

 

 

 

 

 

 

 
26.09.2009 07:31:04.304 : C:\WINDOWS\system32\mpr.dll - Multiple Provider Router Library

Contains software components to allow connection to multiple network protocols simultaneously e.g. connection to a windows and novell network at the same time.

This process will manage the communication between the differing protocols. Pertains to computer network security.
26.09.2009 07:31:04.306 : C:\WINDOWS\system32\winmm.dll - A module for the Windows Multimedia API (low-level audio and joystick functions).

Used when communicating and/or controlling multimedia devices (e.g. a Joystick, Audio etc).

26.09.2009 07:31:04.316 : C:\WINDOWS\system32\winspool.drv - Printer Spooler
26.09.2009 07:31:04.343 : C:\WINDOWS\system32\serwvdrv.dll - Unimodem Serial Wave driver (Subtype: Sound.drv)
26.09.2009 07:31:04.352 : C:\WINDOWS\system32\umdmxfrm.dll - Unimodem Tranform Module
26.09.2009 07:31:04.361 ; C:\WINDOWS\system32\uxtheme.dll - Bibliothèque de thèmes UX {User Experience}
26.09.2009 07:31:04.421: C:\WINDOWS\system32\rsaenh.dll - Enhanced Cryptographic Provider

A module that implements the Microsoft enhanced cryptographic service provider (CSP). Used to perform 128-bit RSA encryption and decryption.

If you access encrypted files, use VPN or any other operation that requires encryption you should leave this file. Otherwise it can be removed/stopped.

File needed to accurately check license for Windows
26.09.2009 07:31:04.434 : C:\WINDOWS\system32\msapsspc.dll - DPA Client for 32 bit platforms
26.09.2009 07:31:04.628 : C:\WINDOWS\system32\msvcrt40.dll - contains program code used to run programs written using Microsoft Visual C++

26.09.2009 07:31:04.634 : C:\WINDOWS\system32\schannel.dll - TLS / SSL Security Provider Library

Contains program code used by Internet Explorer when communicating with websites using 128-bit SSL (Secured Sockets Layer); typically the sites that you have to 'log in' to.

 

 

26.09.2009 07:31:04.670 : C:\WINDOWS\system32\digest.dll - Authentification Digest

Concerne les applications qui dépendent de l'interface API WinINet comme : Microsoft Internet Explorer - Microsoft Outlook Express - Applications Personnalisées.
26.09.2009 07:31:04.688 : C:\WINDOWS\system32\msnsspc.dll - Accès MSN Internet
26.09.2009 07:31:04.697 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:31:04.704 : C:\WINDOWS\system32\samlib.dll - Microsoft Security Authority Manager API library - Regulates the security policy
26.09.2009 07:31:05.165 : C:\WINDOWS\system32\kbdbe.dll
26.09.2009 07:31:07.337 : C:\WINDOWS\system32\kbdus.dll
26.09.2009 07:31:07.367 : C:\WINDOWS\system32\kbdfr.dll
26.09.2009 07:31:07.390 : C:\WINDOWS\system32\msv1_0.dll - Microsoft Authentication Package v1.0

The Windows NT default logon process for interactive logons is called Winlogon (WINLOGON.EXE) , it intercepts logon attempts from the keyboard. At startup, WinLogon registers itself to the LSA as a logon process calling the function LsaRegisterLogonProcess. This gives it back a Lsa logon process handle and establishes a LPC connection with the LSA authentication port (LsaAuthenticationPort) that will be used for exchanging information during logon, logoff, and password operations. Then it obtains an association ID for the default authentication package, MSV1_0.DLL by calling LsaLookupAuthenticationPackage. This is the package that it will use to authenticate the user’s credentials.
26.09.2009 07:31:08.906 : C:\WINDOWS\system32\cryptdll.dll - Cryptography Manager

The Cryptography Manager manages services to enable developers to secure Windows-based applications using cryptography.
26.09.2009 07:31:08.912 : C:\WINDOWS\system32\iphlpapi.dll - IP Helper Api LIbrary

Internet Protocol Helper (IP Helper) API is applicable in any computing environment where programmatically manipulating network and TCP/IP configuration is useful. Typical applications include IP routing protocols and Simple Network Management Protocol (SNMP) agents. IP Helper assists network administration of the local computer by enabling applications to retrieve information about the network configuration of the local computer, and to modify that configuration. IP Helper also provides notification mechanisms to ensure that an application is notified when certain aspects of the local computer network configuration change.

26.09.2009 07:31:08.920 : C:\WINDOWS\system32\cscui.dll - Client Side Caching UI

When using UI Automation, clients often need to retrieve multiple properties for multiple automation elements. A client could retrieve individual properties one element at a time by using the property retrieval methods such as IUIAutomationElement::CurrentName or CurrentAccessKey. However, this method is slow and inefficient because it requires a cross-process call for each property being retrieved. To improve performance, clients can use the caching (also called bulk fetching) capabilities of UI Automation. Caching enables a client to retrieve all of the desired properties for all of the desired elements with a single method call. The client can then retrieve the individual properties from the cache as needed, and can get a new snapshot of the cache periodically, generally in response to events that signify changes in the user interface (UI).
26.09.2009 07:31:09.128 : C:\WINDOWS\system32\powrprof.dll - Power Profile Helper Library

The windows power management system is used to perform actions such as powering down your pc and/or switching to hibernate mode. Not required if power management is not used.
26.09.2009 07:31:09.350 : C:\WINDOWS\system32\dpcdll.dll - Dpcdll Module - peu documenté

There are no services associated with this component - No other components interact with this component - There are no configurable settings for this component - ???

Non présent sous Vista ni sous Seven. Les codes d'erreur 0x800705aa, 0x8007007e et 0x80004005 s'affichent au démarrage de XP lorsque le fichier Dpcdll.dll est endommagé ou manquant.

Peut-être en raport avec l'authentification via une carte à puce (avec Koc.dll, Licdll.dll, Winlogon.exe en XP SP3) ?

Invoqué fréquemment dans des soucis de validation de la licence XP. Wga Hardware check ?

26.09.2009 07:31:09.454 : C:\WINDOWS\system32\mprapi.dll - Windows NT Multiple Provider Router Administration DLL

This library supplies functions that are used to manage routers on a Windows-based network.
26.09.2009 07:31:09.915 : C:\WINDOWS\system32\activeds.dll - ADs Router Layer DLL - Active Directory Service Interfaces

Contient des fonctions et des méthodes d'objet, ou des composants de COM, pour les interfaces de services d'annuaire actifs (ADSI) api.

Enables common administrative tasks, such as adding new users, managing printers, and locating resources in a distributed computing environment.

26.09.2009 07:31:09.922 : C:\WINDOWS\system32\adsldpc.dll - DLL C du fournisseur LDAP AD

Lightweight Directory Access Protocol est à l'origine un protocole permettant l'interrogation et la modification des services d'annuaire. Ce protocole repose sur TCP/IP. Il a cependant évolué pour représenter une norme pour les systèmes d'annuaires, incluant un modèle de données, un modèle de nommage, un modèle fonctionnel basé sur le protocole LDAP, un modèle de sécurité et un modèle de réplication.

Files that are statically linked to ADs LDAP Provider C DLL : activeds.dll - adsldp.dll - adsmsext.dll - appmgmts.dll - dsauth.dll - mprdim.dll

26.09.2009 07:31:09.938 : C:\WINDOWS\system32\wldap32.dll - Win32 LDAP API DLL

Provides the Lightweight Directory Access Protocol (LDAP) API.

The LDAP API provides methods for connecting to and working with Internet directories that make it easier to write Internet directory service applications.
26.09.2009 07:31:09.939 : C:\WINDOWS\system32\atl.dll - ATL Module for Windows NT (contains both Unicode and ANSI)

The Active Template Library (ATL) is a set of template-based C++ classes developed by Microsoft that simplify the programming of Component Object Model (COM) objects.

The COM support in Visual C++ allows developers to create a variety of COM objects, OLE Automation servers, and ActiveX controls.
26.09.2009 07:31:09.976 : C:\WINDOWS\system32\oleaut32.dll - Microsoft OLE DLL

Dynamic-link library of functions for Object Linking and Embedding Automation.
26.09.2009 07:31:09.977 : C:\WINDOWS\system32\rtutils.dll - Routing Utilities

Contains functions used by a tracing API that provides a uniform mechanism for generating diagnostic output for the Routing and Remote Access Service (RRAS) components.

Functions and procedures which facilitiate routing of internet traffic.
26.09.2009 07:31:09.986 : C:\WINDOWS\system32\xpsp2res.dll - Service Pack 2 Messages

 

 
26.09.2009 07:31:10.116 : C:\WINDOWS\system32\dpcdll.dll - peu documenté - ?
26.09.2009 07:31:10.216 : C:\WINDOWS\system32\NavLogon.dll - Part of Norton Antivirus
26.09.2009 07:31:10.340 : C:\WINDOWS\system32\ntmarta.dll - Windows NT MARTA provider - Multiple Access RouTing Authority

The Windows NT MARTA Provider component supports the security Win32 API to manage the permissions of various objects, such as files, keys and services.
26.09.2009 07:31:10.528 : C:\WINDOWS\system32\wdmaud.drv - WDM Audio Driver Mapper

The user-mode WDMAud system driver (Wdmaud.drv) is paired with the kernel-mode WDMAud system driver (Wdmaud.sys). Together, the WDMAud system drivers translate between WinMM API calls and kernel-streaming I/O requests. The kernel-mode mode WDMAud driver is a client of the SysAudio system driver.
26.09.2009 07:31:21.409 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:31:21.669 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:31:21.684 : C:\WINDOWS\system32\msacm32.drv - Microsoft Sound Mapper
26.09.2009 07:31:21.840 : C:\WINDOWS\system32\msacm32.dll - Microsoft ACM Audio Filter

Module containing functions for audio compression for 32-bit.
26.09.2009 07:31:21.850 : C:\WINDOWS\system32\midimap.dll - Audio - Mappeur MIDI

En 1983 apparaît la norme MIDI, avec une connexion intégrée sur les Atari ST dès 1985. Le Musical Instrument Digital Interface ou MIDI est un protocole de communication et de commande permettant l’échange de données entre instruments de musique électronique, un ou plusieurs de ces « instruments » pouvant être des ordinateurs.

26.09.2009 07:31:21.921 : C:\WINDOWS\system32\es.dll - COM+ EventSystem Library

Provides automatic distribution of events to subscribing COM (Component Object Model) components. COM+ Events extend the COM+ programming model to support late-bound events or method calls between the publisher or subscriber and the event system. Instead of repeatedly polling the server, the event system notifies interested parties as information becomes available. COM+ Events handle most of the event semantics for the publisher and subscriber. Publishers offer to publish event types, and subscribers request event types from specific publishers. Subscriptions are maintained outside both the publisher and subscriber and are retrieved when needed. This simplifies the programming model. The subscriber does not need to contain the logic for building subscriptions—building a subscription is as easy as building a COM component. The life cycle of the subscription is separate from that of either the publisher or the subscriber. Subscriptions can be built prior to either the subscriber or publisher being made active (svchost.exe -k netsvcs).

26.09.2009 07:31:31.721 : C:\WINDOWS\system32\comres.dll - Microsoft Communications Module / COM+ Services

COM+ is an evolution of Microsoft Component Object Model (COM) and Microsoft Transaction Server (MTS). COM+ builds on and extends applications written using COM, MTS, and other COM-based technologies. COM+ handles many of the resource management tasks that you previously had to program yourself, such as thread allocation and security. COM+ also makes your applications more scalable by providing thread pooling, object pooling, and just-in-time object activation. COM+ also helps protect the integrity of your data by providing transaction support, even if a transaction spans multiple databases over a network.

26.09.2009 07:31:31.975 : C:\WINDOWS\system32\clbcatq.dll - module associated with COM+ Services
26.09.2009 07:31:32.397 }
 

ProcessId 1412 - C:\WINDOWS\system32\services.exe - 26.09.2009 07:30:48.183 - 144349 ms (2,4 minutes)

 

Note : les lignes en grisé concernent des processus déjà évoqués plus haut dans la page (càd plus tôt dans la boot sequence).

 
{ C:\WINDOWS\system32\services.exe - Windows Service Controller

Permet de reconnaître et d'adapter les modifications matérielles du système sans intervention de l'utilisateur.
26.09.2009 07:30:48.183 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:30:48.183 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:30:49.052 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:30:49.053 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:30:49.053 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:30:49.054 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:30:49.054 : C:\WINDOWS\system32\ncobjapi.dll - peu documenté

ncobjapi.dll is statically linked to the following files : ADVAPI32.dll - KERNEL32.dll - MSVCP60.dll - msvcrt.dll.

Ncobjapi component provides the Ncobjapi dynamic-link library :-) - There are no services associated with this component. - No other components interact with this component. There are no configurable settings for this component.

 

 
26.09.2009 07:30:49.062 : C:\WINDOWS\system32\msvcp60.dll - a Microsoft C++ Runtime Library
26.09.2009 07:30:49.071 : C:\WINDOWS\system32\scesrv.dll - Windows Security Configuration Editor Engine
26.09.2009 07:30:49.081 : C:\WINDOWS\system32\authz.dll
26.09.2009 07:30:49.098 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:30:49.098 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:30:49.098 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:30:49.098 : C:\WINDOWS\system32\umpnpmgr.dll - Windows Plug And Play Manager
26.09.2009 07:30:49.108 : C:\WINDOWS\system32\winsta.dll
26.09.2009 07:30:49.117 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:30:49.117 : C:\WINDOWS\system32\shimeng.dll - module associated with Shim Engine DLL (IAT, Importation Adresse Table)

? Invoked in the following technologies : .NET, COM, C++ - L'IAT contient les noms des DLL et de leurs fonctions. Every win32 executable application has an Import Address Table (IAT) residing inside the program. The IAT is used as a lookup table when the application is calling a windows API function.
26.09.2009 07:30:49.130 : C:\WINDOWS\AppPatch\acadproc.dll - a system file that is part of the group of files that handle compatibility for applications in Windows.

Linked to Microsoft Application Compatibility Toolkit. ACT est un outil de gestion du cycle de vie qui permet d'identifier et de gérer votre portefeuille d'applications, de réduire le coût et le temps nécessaires à la résolution des problèmes de compatibilité des applications et de déployer rapidement Windows et ses mises à jour.
26.09.2009 07:30:49.197 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:30:49.239 : C:\WINDOWS\system32\msapsspc.dll
26.09.2009 07:30:52.847 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:52.853 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:30:52.894 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:30:52.894 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:30:52.894 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:30:52.903 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:30:52.911 : C:\WINDOWS\system32\digest.dll
26.09.2009 07:30:52.974 : C:\WINDOWS\system32\msnsspc.dll
26.09.2009 07:30:52.986 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:52.993 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:30:59.523 : C:\WINDOWS\system32\version.dll
26.09.2009 07:30:59.548 : C:\WINDOWS\system32\eventlog.dll - Event Logging Service

Active les messages d'événements émis par les programmes fonctionnant sous Windows et les composants devant être affichés dans l'observateur d'événements.
26.09.2009 07:31:01.048 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:31:01.057 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:01.067 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:01.075 : C:\WINDOWS\system32\wtsapi32.dll
26.09.2009 07:31:04.184 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:33:12.532 }
 

 ProcessId 1428 : C:\WINDOWS\system32\lsass.exe - 26.09.2009 07:30:48.261 - 188598 ms (3,1 minutes)

 
{ C:\WINDOWS\system32\lsass.exe - Local Security Authority Subsystem Service.

Processus système gérant les mécanismes de sécurité locale et d'authentification des utilisateurs via le service WinLogon.
26.09.2009 07:30:48.261 : C:\WINDOWS\system32\ntdll.dll **
26.09.2009 07:30:48.261 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:30:50.923 : C:\WINDOWS\system32\advapi32.dll **
26.09.2009 07:30:50.924 : C:\WINDOWS\system32\rpcrt4.dll **
26.09.2009 07:30:50.925 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:30:50.925 : C:\WINDOWS\system32\lsasrv.dll - Local Security Authority Server

élement important de sécurité : decrypts all local password hashing schemes on the computer.

Note : If a system uses a poorly designed password hashing scheme to protect stored passwords, an attacker can exploit any weaknesses to recover even 'well-chosen' passwords.

One example is the LM hash that Microsoft Windows XP and previous uses by default to store user passwords of less than 15 characters in length.

LAN Manager hash converts the password into all uppercase letters then breaks the password into two 7-character fields which are hashed separately—which allows each half to be attacked individually.
26.09.2009 07:30:50.966 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:30:50.990 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:30:50.990 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:30:50.990 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:30:50.990 : C:\WINDOWS\system32\msvcrt.dll **
26.09.2009 07:30:50.990 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:30:50.991 : C:\WINDOWS\system32\ntdsapi.dll - NT5DS (un type de synchronisation).

Module qui contient un ensemble d'interfaces de COM employées pour accéder aux capacités des services d'annuaire de différents prestataires de réseaux dans un Distributed Computing Environment.

Le fichier est employé pour présenter un ensemble simple d'interfaces de service d'annuaire pour les ressources du réseau de gestion.

Invoqué par exemple pour synchroniser les horloges des controleurs de domaines.

Used by windows when working with Directory Services (a mechanism employed for easily locating devices and resources on a network).
26.09.2009 07:30:50.997 : C:\WINDOWS\system32\dnsapi.dll - DNS Client API DLL

Module qui contient des fonctions employées par le DNS Client API (dynamic IP addresses).

** The following dll's are imported by dnsapi.dll : advapi32.dll - kernel32.dll - msvcrt.dll - ntdll.dll - rpcrt4.dll - ws2_32.dll
26.09.2009 07:30:51.003 : C:\WINDOWS\system32\ws2_32.dll ** - WinSock 2.0 32bit

26.09.2009 07:30:51.010 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:30:51.022 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:30:51.022 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:30:51.032 : C:\WINDOWS\system32\samsrv.dll - SAM Server DLL (Service Availability Monitoring)

SAM is a framework for monitoring grid services. It uses oracle (système de gestion de base de données).
26.09.2009 07:30:51.042 : C:\WINDOWS\system32\cryptdll.dll
26.09.2009 07:30:51.050 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:30:51.056 : C:\WINDOWS\AppPatch\acgenral.dll : a system file that is part of the group of files that handle compatibility for applications in Windows.

26.09.2009 07:30:51.114 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:30:51.121 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:30:51.121 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:30:51.121 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:30:51.129 : C:\WINDOWS\system32\version.dll
26.09.2009 07:30:51.129 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:30:51.129 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:30:51.129 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:30:51.130 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:30:51.194 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:30:51.216 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:30:51.224 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:30:51.230 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:30:51.354 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:30:51.375 : C:\WINDOWS\system32\msapsspc.dll
26.09.2009 07:30:51.406 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:51.412 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:30:51.450 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:30:51.463 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:30:51.627 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:30:51.627 : C:\WINDOWS\system32\digest.dll
26.09.2009 07:30:51.643 : C:\WINDOWS\system32\msnsspc.dll
26.09.2009 07:30:51.663 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:51.668 : C:\WINDOWS\system32\msprivs.dll - Microsoft Privilege Translations

Peu documenté ? en rapport avec ? Device Installer & User Rights ?
26.09.2009 07:30:51.683 : C:\WINDOWS\system32\kerberos.dll - Kerberos Security Package

The Kerberos authentication protocol provides a mechanism for authentication between a client and a server, or between one server and another server.

Kerberos est un protocole d'authentification réseau créé au Massachusetts Institute of Technology (MIT); il utilise un système de tickets au lieu de mots de passe en texte clair.

Ce principe renforce la sécurité du système et empêche que des personnes non autorisées interceptent les mots de passe des utilisateurs.
L'ensemble repose sur des clés secrètes (chiffrement symétrique). À l'origine, il fut employé sur des systèmes distribués Unix. C'est avec Windows 2000 qu'il fit son retour.
26.09.2009 07:30:51.748 : C:\WINDOWS\system32\msv1_0.dll
26.09.2009 07:30:51.774 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:30:51.808 : C:\WINDOWS\system32\netlogon.dll - Net Logon Services DLL

Related to : - authentification des utilisateurs - ouverture de session réseau - Local Security Authority Subsystem
26.09.2009 07:30:51.843 : C:\WINDOWS\system32\w32time.dll - Windows Time Service

L'heure du système peut être synchronisée avec le Temps Internet :

26.09.2009 07:30:51.856 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:30:51.862 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:30:51.883 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:30:51.883 : C:\WINDOWS\system32\wdigest.dll - Microsoft Digest Access Authentication

This dll was introduced in the Windows XP operating system The Digest Authentication protocol is designed for use with Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges. These exchanges require that parties that seek to authenticate must demonstrate their knowledge of secret keys. This process improves upon earlier versions of HTTP authentication, in which users provide passwords that are not encrypted when they are sent to a server, leaving them vulnerable to capture by attackers, or that are encrypted but sent in an expensive, ongoing, Secure Sockets Layer (SSL) session.
26.09.2009 07:30:51.891 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:30:51.932 : C:\WINDOWS\system32\relog_ap.dll - Acronis Relogon Authentication Package
26.09.2009 07:30:52.054 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:30:52.811 : C:\WINDOWS\system32\scecli.dll - Client Interface, Security Settings Architecture

Provides client side interfaces to the security configuration engine and does Resultant Set of Policies (RsoP) logging during policy propagation.

 

 
26.09.2009 07:30:52.834 : C:\WINDOWS\system32\msapsspc.dll
26.09.2009 07:30:53.006 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:53.012 : C:\WINDOWS\system32\digest.dll
26.09.2009 07:30:53.028 : C:\WINDOWS\system32\msnsspc.dll
26.09.2009 07:30:53.037 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:53.045 : C:\WINDOWS\system32\dssenh.dll - Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider

Related to - Kerberos ? - SSL des sites Web sécurisés ? - Internet Explorer (protected mode) ? - Enhanced Decision Support System
26.09.2009 07:33:56.860 }

  
ProcessId 1580 - C:\WINDOWS\system32\nvsvc32.exe - 26.09.2009 07:30:53.621 - 15165 ms : nVidia Service 32-bit
 

{ C:\WINDOWS\system32\nvsvc32.exe - service lié au pilote de la carte graphique
26.09.2009 07:30:53.621 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:30:53.621 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:30:58.138 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:30:58.139 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:30:58.139 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:30:58.140 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:30:58.140 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:30:58.140 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:30:58.140 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:30:58.140 : C:\WINDOWS\system32\powrprof.dll
26.09.2009 07:30:58.151 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:30:58.166 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:30:58.199 : C:\WINDOWS\system32\wtsapi32.dll
26.09.2009 07:30:58.219 : C:\WINDOWS\system32\winsta.dll
26.09.2009 07:30:58.227 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:30:58.227 : C:\WINDOWS\system32\nvcpl.dll - nVidia Display Properties Extension
26.09.2009 07:30:58.243 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:30:58.260 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:30:58.260 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:30:58.260 : C:\WINDOWS\system32\version.dll
26.09.2009 07:30:58.261 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:30:58.261 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:30:58.261 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:30:58.261 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:30:58.294 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:30:58.294 : C:\WINDOWS\system32\oleacc.dll - Microsoft Active Accessibility DLL

Microsoft Active Accessibility is a COM-based technology that provides a standard, consistent mechanism for applications and Active Accessibility clients to exchange information. A dynamic-link library (DLL), OLEACC, provides the Active Accessibility runtime and manages requests from Active Accessibility clients. An Active Accessibility client is any program that uses Active Accessibility to access, identify, or manipulate the user interface (UI) elements of an application. Clients include accessibility aids, automated testing tools, and some computer-based training applications. (Accessibility aids are specialized programs that help people with disabilities use computers more effectively.)

26.09.2009 07:30:58.305 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:30:58.320 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:30:58.330 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:30:58.339 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:30:58.466 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:30:58.632 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:30:58.648 : C:\WINDOWS\system32\nvrsfr.dll - nVidia French Language Resource Library
26.09.2009 07:30:58.657 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:58.663 : C:\WINDOWS\system32\nvapi.dll - nVidia Resource Manager
26.09.2009 07:30:58.683 : C:\WINDOWS\system32\nvdisps.dll - nVidia Display Server
26.09.2009 07:30:58.791 : C:\WINDOWS\system32\nvcpl.dll - nVidia utility for the display control panel (which allows the configuration of extra display options)

 

 
26.09.2009 07:30:58.860 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:30:58.861 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:30:58.879 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:30:58.887 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:30:58.893 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:30:58.943 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:30:58.949 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:58.955 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:58.961 : C:\WINDOWS\system32\nvcpl.dll
26.09.2009 07:30:58.976 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:30:58.977 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:30:59.003 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:30:59.014 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:30:59.022 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:30:59.100 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:30:59.109 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:59.115 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:59.120 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:30:59.129 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:30:59.129 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:30:59.129 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:30:59.129 : C:\WINDOWS\system32\nvcpl.dll
26.09.2009 07:30:59.140 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:30:59.140 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:30:59.166 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:30:59.177 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:30:59.185 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:30:59.263 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:30:59.272 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:59.278 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:59.283 : C:\WINDOWS\system32\msapsspc.dll
26.09.2009 07:30:59.298 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:59.304 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:30:59.337 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:30:59.347 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:30:59.355 : C:\WINDOWS\system32\digest.dll
26.09.2009 07:30:59.372 : C:\WINDOWS\system32\msnsspc.dll
26.09.2009 07:30:59.382 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:30:59.388 : C:\WINDOWS\system32\msv1_0.dll
26.09.2009 07:30:59.407 : C:\WINDOWS\system32\cryptdll.dll
26.09.2009 07:30:59.415 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:30:59.424 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:30:59.434 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:30:59.442 : C:\WINDOWS\system32\nvcpl.dll
26.09.2009 07:30:59.456 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:30:59.456 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:30:59.486 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:30:59.497 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:30:59.505 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:30:59.591 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:30:59.601 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:59.608 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:30:59.615 : C:\WINDOWS\system32\nvdisps.dll
26.09.2009 07:30:59.896 : C:\WINDOWS\system32\nvcpl.dll
26.09.2009 07:31:00.014 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:00.015 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:31:00.051 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:31:00.062 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:31:00.071 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:00.149 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:31:00.158 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:31:00.163 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:31:00.168 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:31:00.304 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:00.322 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:00.322 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:08.786 }
 

ProcessId 1588 - C:\WINDOWS\system32\logonui.exe - 26.09.2009 07:30:54.802 - 4014 ms
 

{ C:\WINDOWS\system32\logonui.exe - LogOn User Interface (Interface utilisateur d'ouverture de session Windows)

The user interface that appears when Windows XP first starts. Sert à gérer l'écran d'ouverture et de fermeture de sessions. Permet de changer d'utilisateur.
26.09.2009 07:30:54.802 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:30:54.802 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:30:57.799 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:30:57.800 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:30:57.800 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:30:57.800 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:30:57.800 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:30:57.800 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:30:57.800 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:30:57.811 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:30:57.811 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:30:57.811 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:30:57.811 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:30:57.811 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:30:57.812 : C:\WINDOWS\system32\duser.dll - Windows DirectUser Engine

Peu documenté - ? DirectUser is used to implement the tabs in Internet Explorer 7 on Windows XP ? - Needed by Add/Remove Module ?
26.09.2009 07:30:57.825 : C:\WINDOWS\system32\msimg32.dll - GDIEXT Client DLL

An extension component for Windows Graphics Device Interface (GDI), which contains new Application Program interfaces to improve the GDI32 functionality.

26.09.2009 07:30:57.830 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:30:58.109 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:30:58.137 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:30:58.151 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:30:58.237 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:30:58.246 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:30:58.260 : C:\WINDOWS\system32\version.dll
26.09.2009 07:30:58.260 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:30:58.260 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:30:58.333 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:30:58.361 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:30:58.580 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:30:58.595 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:30:58.685 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:30:58.757 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:30:58.777 : C:\WINDOWS\system32\shgina.dll - Windows Shell User Logon

This file is needed just to restart the computer from the Desktop.
26.09.2009 07:30:58.817 }
 

ProcessId 1660 - C:\WINDOWS\system32\svchost.exe - 26.09.2009 07:30:59.680 - 143313 ms (2,4 minutes)
 

{ C:\WINDOWS\system32\svchost.exe - Service Host Process.

Sert d'hôte pour les autres processus dont le fonctionnement repose sur des librairies dynamiques (DLLs).

Il existe ainsi autant d'entrées svchost qu'il y a de processus qui l'utilisent.
26.09.2009 07:30:59.680 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:30:59.680 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:00.547 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:00.549 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:00.549 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:00.549 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:00.558 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:00.614 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:00.614 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:00.615 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:00.621 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:00.621 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:00.621 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:00.621 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:00.627 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:00.628 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:00.628 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:00.628 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:00.628 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:00.658 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:00.677 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:00.683 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:00.688 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:00.777 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:00.794 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:31:00.819 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:00.825 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:00.825 : C:\WINDOWS\system32\rpcss.dll
26.09.2009 07:31:00.909 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:00.935 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:00.941 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:00.993 : C:\WINDOWS\system32\msapsspc.dll
26.09.2009 07:31:01.033 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:31:01.038 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:31:01.071 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:01.071 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:01.072 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:01.072 : C:\WINDOWS\system32\digest.dll
26.09.2009 07:31:01.085 : C:\WINDOWS\system32\msnsspc.dll
26.09.2009 07:31:01.092 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:31:01.098 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:28.986 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:29.185 : C:\WINDOWS\system32\wtsapi32.dll
26.09.2009 07:32:37.888 : C:\WINDOWS\system32\winsta.dll
26.09.2009 07:32:37.945 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:37.945 : C:\WINDOWS\system32\msv1_0.dll
26.09.2009 07:32:38.069 : C:\WINDOWS\system32\cryptdll.dll
26.09.2009 07:32:38.137 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:32:38.178 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:33:22.993 }
 

ProcessId 1728 - C:\WINDOWS\system32\svchost.exe - 26.09.2009 07:31:01.784 - 8336 ms
 

{C:\WINDOWS\system32\svchost.exe
26.09.2009 07:31:01.784 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:01.784 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:02.324 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:02.324 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:02.324 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:02.325 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:02.331 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:02.374 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:02.374 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:02.374 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:02.380 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:02.380 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:02.381 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:02.381 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:02.386 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:02.387 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:02.387 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:02.387 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:02.387 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:02.417 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:02.436 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:02.442 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:02.447 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:02.542 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:02.557 : C:\WINDOWS\system32\rpcss.dll
26.09.2009 07:31:02.588 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:02.595 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:02.600 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:02.620 : C:\WINDOWS\system32\msapsspc.dll
26.09.2009 07:31:02.629 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:31:02.633 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:31:02.652 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:02.652 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:02.652 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:02.652 : C:\WINDOWS\system32\digest.dll
26.09.2009 07:31:02.663 : C:\WINDOWS\system32\msnsspc.dll
26.09.2009 07:31:02.669 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:31:02.674 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:31:02.697 : C:\WINDOWS\system32\mswsock.dll - Microsoft Windows Sockets 2.0 Service Provider

Module fournissant des extensions pour le Winsock (WINdows SOCKet) qui est une bibliothèque dynamique de fonctions DLL dont le but est d'implémenter TCP/IP.

Elle prend notamment en charge l'envoi et la réception des paquets de données via des socket BSD; infos : cfr ws2_32.dll plus haut.
26.09.2009 07:31:02.855 : C:\WINDOWS\system32\imon.dll - Nod32 Internet Monitor, Antivirus System (Eset)

 

 

Le meilleur des antivirus que nous avons testés : pour son efficacité de protection, sa faible gourmandise en ressources, ses updates très réguliers et sa capacité à cohabiter sans le moindre souci avec Symantec Antivirus. Dans ce PC, deux antivirus sont résidents : ce Nod32 (toujours en fonctions maximales de protection) et Symantec Norton (que nous n'activons que lorsque nous "prenons des risques" comme par exemple : pomper ou étudier un fichier dont la probabilité que ce soit un malware est garantie ou très importante [email greeting card, publicités Google, images piègées, rootkit, trojan, pilote sur un forum piègé, faux livemessenger ou messenger skinner, Downloader.Agent, faux Microsoft patch, faux message de Facebook, ... ]). Il est à noter que même désactivé(s), ces deux antivirus scannent le courrier de la messagerie électronique. Un autre résident (pour le surf) est "AVG LinkScanner WatchDog". Question protection, d'autres logiciels sont disponibles mais -soit "non résidents au démarrage" (Multi Virus Cleaner, Norman Malware Cleaner, Trojan Remover, ... ), -soit pour "simple" prévention (comme les excellents outils gratuits que sont SpywareBlaster & Spybot).

 

26.09.2009 07:31:02.907 : C:\WINDOWS\system32\wsock32.dll - WinSock API Library, Windows Socket 32-Bit DLL

Contains the Windows Sockets API used by most Internet and network applications to handle network connections.

Pour empêcher certains spywares d'altérer wsock32.dll : le mettre en lecture seule.
26.09.2009 07:31:02.932 : C:\WINDOWS\system32\hnetcfg.dll - Home Networking Configuration Manager

26.09.2009 07:31:03.021 : C:\WINDOWS\system32\wshtcpip.dll - Windows Sockets Helper DLL - infos : cfr ws2_32.dll plus haut
26.09.2009 07:31:03.049 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:31:03.094 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:31:03.122 : C:\WINDOWS\system32\winrnr.dll - Microsoft LDAP RnR Provider

Provides additional functions to the Lightweight Directory Access Protocol (LDAP) qui est à l'origine un protocole permettant l'interrogation et la modification des services d'annuaire. Ce protocole repose sur TCP/IP. Il a cependant évolué pour représenter une norme pour les systèmes d'annuaires, incluant un modèle de données, un modèle de nommage, un modèle fonctionnel basé sur le protocole LDAP, un modèle de sécurité et un modèle de réplication.
26.09.2009 07:31:03.156 : C:\WINDOWS\system32\wldap32.dll - Win32 LDAP API (cfr. ci-dessus LDAP)
26.09.2009 07:31:03.157 : C:\WINDOWS\system32\rasadhlp.dll - Remote Access AutoDial Helper

The easiest way to disable the RAS AutoDial service : Start the services control panel applet (start - settings - control panel - services) - Scroll down to "Remote Access AutoDial Manager" and select - Click the Startup button and change the startup to Manual. Click OK - If you want to stop if now just click the Stop button - Click the Close button.
26.09.2009 07:31:03.175 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:10.095 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:10.121 }
 

ProcessId 1808 - C:\WINDOWS\system32\svchost.exe - 26.09.2009 07:31:03.259 - 173139 ms

 
{C:\WINDOWS\system32\svchost.exe
26.09.2009 07:31:03.259 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:03.259 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:03.804 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:03.805 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:03.805 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:03.805 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:03.811 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:03.854 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:03.855 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:03.855 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:03.862 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:03.862 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:03.862 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:03.862 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:03.868 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:03.868 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:03.868 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:03.868 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:03.869 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:03.898 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:03.917 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:03.923 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:03.928 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:04.018 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:04.034 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:31:04.059 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:04.065 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:04.065 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:04.124 : C:\WINDOWS\system32\shsvcs.dll
26.09.2009 07:31:04.145 : C:\WINDOWS\system32\winsta.dll
26.09.2009 07:31:04.167 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:04.167 : C:\WINDOWS\system32\dhcpcsvc.dll - DHCP Client-service

Used when working with a DHCP server in order to obtain an IP address.
26.09.2009 07:31:04.315 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:31:04.326 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:04.336 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:04.345 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:31:04.355 : C:\WINDOWS\system32\msapsspc.dll
26.09.2009 07:31:04.400 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:31:04.409 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:31:04.443 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:04.444 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:04.444 : C:\WINDOWS\system32\digest.dll
26.09.2009 07:31:04.462 : C:\WINDOWS\system32\msnsspc.dll
26.09.2009 07:31:04.472 : C:\WINDOWS\system32\msvcrt40.dll
26.09.2009 07:31:04.478 : C:\WINDOWS\system32\wzcsvc.dll - Wireless Zero Configuration Service

Fournit la configuration automatique des cartes 802.11.

 

 
26.09.2009 07:31:07.036 : C:\WINDOWS\system32\rtutils.dll
26.09.2009 07:31:07.060 : C:\WINDOWS\system32\wmi.dll - Windows Management Instrumentation

Module responsible for the implementation of the data collection (DC) and data portability (DP) functionalities of the Windows Management Instrumentation (WMI).

26.09.2009 07:31:07.123 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:07.137 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:07.138 : C:\WINDOWS\system32\eapolqec.dll - Microsoft EAPOL NAP Enforcement Client

Network Access Protection (NAP) allows you to control the access of client computers to network resources based on computer identity and compliance with corporate governance policy. To implement NAP, you must configure NAP settings on both servers and client computers.

Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. EAP is not a wire protocol; instead it only defines message formats.

Each protocol that uses EAP defines a way to encapsulate EAP messages within that protocol's messages. In the case of 802.1X, this encapsulation is called EAPOL, "EAP over LANs". EAPOL is used to run 802.1X security.
26.09.2009 07:31:07.211 : C:\WINDOWS\system32\atl.dll
26.09.2009 07:31:07.276 : C:\WINDOWS\system32\qutil.dll - Quarantine Utilities - peu documenté.
26.09.2009 07:31:07.326 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:31:07.338 : C:\WINDOWS\system32\dot3api.dll - 802.3 Autoconfiguration API - LAN Diagnostics
26.09.2009 07:31:07.347 : C:\WINDOWS\system32\wtsapi32.dll
26.09.2009 07:31:07.369 : C:\WINDOWS\system32\esent.dll - Server Database Storage Engine

Needed to enter System Properties by right-clicking on "My Computer" and selecting "Properties" without receiving an error (as for imm32.dll & mspatcha.dll)
26.09.2009 07:31:07.446 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:31:07.872 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:07.976 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:08.031 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:08.055 : C:\WINDOWS\system32\rastls.dll - Remote Access PPP EAP-TLS

Le protocole point à point (PPP : point-to-point protocol) est un protocole de transmission pour l'internet qui permet d'établir une connexion de type liaison entre deux hôtes sur une liaison point à point.

The PPP is a data link protocol commonly used to establish a direct connection between two networking nodes. It can provide connection authentication, transmission encryption privacy, and compression. PPP is used over many types of physical networks including serial cable, phone line, trunk line, cellular telephone, specialized radio links, and fiber optic links such as SONET. Most Internet service providers (ISPs) use PPP for customer dial-up access to the Internet. Two encapsulated forms of PPP, Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM (PPPoA), are used by Internet Service Providers (ISPs) to connect Digital Subscriber Line (DSL) Internet service. PPP is commonly used as a data link layer protocol for connection over synchronous and asynchronous circuits, where it has largely superseded the older, non-standard Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link Access Protocol, Balanced (LAPB) in the X.25 protocol suite). PPP was designed to work with numerous network layer protocols, including Internet Protocol (IP), Novell's Internetwork Packet Exchange (IPX), NBF and AppleTalk. PPP is also used over broadband connections. RFC 2516 describes Point-to-Point Protocol over Ethernet (PPPoE), a method for transmitting PPP over Ethernet that is sometimes used with DSL. RFC 2364 describes Point-to-Point Protocol over ATM (PPPoA), a method for transmitting PPP over ATM Adaptation Layer 5 (AAL5), which is also sometimes used with DSL.

The Extensible Authentication Protocol (EAP) is an extension to PPP that allows for arbitrary authentication mechanisms to be employed for the validation of a PPP connection.

The Transport Layer Security (TLS) protocol, based on the Secure Sockets Layer, allows applications to communicate securely. TLS provides authentication (user and data), data integrity, and data confidentiality services.

26.09.2009 07:31:08.165 : C:\WINDOWS\system32\cryptui.dll - Microsoft Trust UI Provider
26.09.2009 07:31:08.167 : C:\WINDOWS\system32\wininet.dll - Internet Extensions for Win32

The library file wininet.dll, contains program components for a variety of internet related operations. If wininet.dll is unavailable or stopped, internet or network related software will not work on your system.

Related : The Svchost.exe process intermittently crashes with an access violation when the process uses the Wininet.dll file on a Windows XP-based computer (kb899342)
26.09.2009 07:31:08.214 : C:\WINDOWS\system32\normaliz.dll - Unicode Normalization DLL

Is obviously linked to removal of MSIE 7.
26.09.2009 07:31:08.239 : C:\WINDOWS\system32\iertutil.dll - Run time utility for Internet Explorer (MSIE)

Is obviously linked to removal of MSIE 7.
26.09.2009 07:31:08.258 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:31:08.300 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:31:08.300 : C:\WINDOWS\system32\mprapi.dll
26.09.2009 07:31:08.335 : C:\WINDOWS\system32\activeds.dll
26.09.2009 07:31:08.378 : C:\WINDOWS\system32\adsldpc.dll
26.09.2009 07:31:08.415 : C:\WINDOWS\system32\rasapi32.dll - Dial Up Networking API

Remote Access API, used by Windows applications to control modem connections.
26.09.2009 07:31:08.458 : C:\WINDOWS\system32\rasman.dll - Remote Access Server (RAS) Manager

Windows RAS server calls the security DLL's RasSecurityDialogBegin function to begin an authentication of a remote user. The RAS server is blocked and cannot accept any other calls until RasSecurityDialogBegin returns. For this reason, RasSecurityDialogBegin should copy the input parameters, create a thread to perform the authentication, and return as quickly as possible. The thread created by the security DLL uses the RasSecurityDialogSend and RasSecurityDialogReceive functions to communicate with the remote computer. These functions are not available for static import from any library. Instead, the security DLL must use the LoadLibrary and GetProcAddress functions to dynamically link to these functions in RASMAN.DLL.

26.09.2009 07:31:08.476 : C:\WINDOWS\system32\tapi32.dll - Telephony API Client
26.09.2009 07:31:08.504 : C:\WINDOWS\system32\schannel.dll
26.09.2009 07:31:08.524 : C:\WINDOWS\system32\winscard.dll
26.09.2009 07:31:08.531 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:31:08.536 : C:\WINDOWS\system32\riched20.dll - RichEdit DLL

Module containing functions for the Rich Text Edit control.
26.09.2009 07:31:08.676 : C:\WINDOWS\system32\raschap.dll
26.09.2009 07:31:08.796 : C:\WINDOWS\system32\msv1_0.dll
26.09.2009 07:31:08.821 : C:\WINDOWS\system32\cryptdll.dll
26.09.2009 07:31:08.830 : C:\WINDOWS\system32\schedsvc.dll - a module associated with TaskScheduler
26.09.2009 07:31:15.959 : C:\WINDOWS\system32\ntdsapi.dll
26.09.2009 07:31:15.970 : C:\WINDOWS\system32\kbdbe.dll
26.09.2009 07:31:16.034 : C:\WINDOWS\system32\msidle.dll - User Idle Monitor

It monitors the current user's activities and manages the memory to provide the best performance for the programs.
26.09.2009 07:31:16.122 : C:\WINDOWS\system32\audiosrv.dll - Windows Audio Service
26.09.2009 07:31:20.283 : C:\WINDOWS\system32\actxprxy.dll - ActiveX Interface Marshaling

ActiveX Component Object Model (COM) interfaces. Marshalling (similar to serialization) is the process of transforming the memory representation of an object to a data format suitable for storage or transmission. It is typically used when data must be moved between different parts of a computer program or from one program to another.
26.09.2009 07:31:22.167 : C:\WINDOWS\system32\wkssvc.dll - Workstation Service

Is used by windows when working with shared network drives and printer; it will manage the routing of system requests via the network, for example, when accessing a network drive.
26.09.2009 07:31:23.501 : C:\WINDOWS\system32\cryptsvc.dll - Cryptographic Services

Cryptographic Service Provider (ou « CSP ») est une bibliothèque logicielle de fonctions fournie par Microsoft ou un éditeur tiers. Tout programme en C (ou C++) peut utiliser les fonctions cryptographiques fournies le CSP par l'intermédiaire de l'interface de programmation d'application cryptographique (« CAPI »). Le CSP de Microsoft est « purement logiciel », à l'inverse des CSP proposés par les vendeurs tiers, qui exploitent les fonctions cryptographiques d'un matériel dédié (carte à puce, token USB, carte à Cryptoprocesseur).

26.09.2009 07:31:58.329 : C:\WINDOWS\system32\certcli.dll - part of Certificate Services

In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes. There are many commercial CAs that charge for their services. There are also several providers issuing digital certificates to the public at no cost. Institutions and governments may have their own CAs.

26.09.2009 07:31:59.536 : C:\WINDOWS\system32\ersvc.dll - Windows Error Reporting Service

In Windows XP (with SP1), error reporting is enabled by default and users can choose to report errors to Microsoft. When an error occurs, a dialog box is displayed allowing the user to report the problem. When a user chooses to report the problem, technical information about the problem is collected and then sent to Microsoft over the Internet. No information is sent unless the user confirms that the error report is to be sent to Microsoft. A user who is logged on as an administrator can choose to report system and application errors. A user who is not logged on as an administrator can choose to report application errors.

Users with administrative credentials can configure or disable error reporting through Control Panel\System\Advanced.

 

 

They can configure error reporting to send specified information such as system errors (Stop errors) only, or errors for Windows components, such as Windows Explorer or Microsoft Internet Explorer.
26.09.2009 07:32:28.496 : C:\WINDOWS\system32\es.dll
26.09.2009 07:32:28.680 : C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - Microsoft PCHealth Service Holder
26.09.2009 07:32:47.230 : C:\WINDOWS\system32\srvsvc.dll - Server Service
Dépend de TDI. Transport Driver Interface (TDI) provides greater flexibility and functionality than is provided by existing interfaces, such as NetBIOS and Windows Sockets. All Windows transport providers expose TDI. The TDI specification describes the set of primitive functions by which transport drivers and TDI clients communicate and the call mechanisms used for accessing them.
26.09.2009 07:32:51.752 : C:\WINDOWS\system32\netmsg.dll - Net Messages DLL
26.09.2009 07:32:51.819 : C:\WINDOWS\system32\hnetcfg.dll
26.09.2009 07:32:51.865 : C:\WINDOWS\system32\sens.dll - System Event Notification Service (SENS)

Used by windows when performing synchronization with mobile devices using the System Event Notification Service. If you don't perform any form of sychronization between devices, you can safely remove this file.
26.09.2009 07:32:55.055 : C:\WINDOWS\system32\srsvc.dll - Part of System Restore Core (Sr.sys, Srrstr.dll, Srsvc.dll, Srclient.dll)

System Restore takes periodic snapshots of the system, and thereby allows you to restore the system to a previous state. System Restore Core : Sr.sys, Srrstr.dll, Srsvc.dll, Srclient.dll
26.09.2009 07:32:55.198 : C:\WINDOWS\system32\powrprof.dll
26.09.2009 07:32:55.219 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:32:55.438 : C:\WINDOWS\system32\wbem\wmisvc.dll - WMI (Windows Management Instrumentation)

 

 

WMI is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.

WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF).

WMI is the infrastructure for management data and operations on Windows-based operating systems.

You can write WMI scripts or applications to automate administrative tasks on remote computers but WMI also supplies management data to other parts of the operating system and products, for example System Center Operations Manager, formerly Microsoft Operations Manager (MOM), or Windows Remote Management (WinRM).

 
26.09.2009 07:33:08.747 : C:\WINDOWS\system32\vssapi.dll - Volume Shadow Copy Requestor/Writer Services API DLL
26.09.2009 07:33:08.796 : C:\WINDOWS\system32\wuauserv.dll - Windows Update AutoUpdate Service
26.09.2009 07:33:08.856 : C:\WINDOWS\system32\wuaueng.dll - Windows Update AutoUpdate Engine
26.09.2009 07:33:08.977 : C:\WINDOWS\system32\winspool.drv

26.09.2009 07:33:09.011 : C:\WINDOWS\system32\winhttp.dll - Windows HTTP Services

Microsoft Windows HTTP Services provides developers with an HTTP client application programming interface (API) to send requests through the HTTP protocol to other HTTP servers. WinHTTP supports desktop client applications, Windows services, and Windows server-based applications. It is not recommended for applications built on the Microsoft .NET Framework, because .NET Framework applications should use the networking facilities in the System.net classes.
26.09.2009 07:33:09.047 : C:\WINDOWS\system32\cabinet.dll - Microsoft Cabinet File API

Windows Installer - Microsoft uses cabinet files almost exclusively for product distribution, including Windows installation, ActiveX component downloads, and Microsoft Installer packages. A cabinet file (also known as a cab file) is a compressed collection of multiple files, similar in concept to a zip file. Windows XP and later versions can view cabinet files directly, just as they can view files created with WinZip and similar file compression utilities. Operating system versions since at least Windows 98 (and possibly Windows 95) include a DLL, called CABINET.DLL, containing functions that programs use to read and write cabinet files. Most installation programs assume that CABINET.DLL exists on the computer and will fail if it's not there.

26.09.2009 07:33:09.086 : C:\WINDOWS\system32\mspatcha.dll - Microsoft Patch Engine

Needed to enter "System Properties" by right-clicking on "My Computer" and selecting "Properties" without receiving an error.
26.09.2009 07:33:09.113 : C:\WINDOWS\system32\browser.dll - Windows Computer Browser Service

This service runs within the context of SvcHost.exe (Service Host Process).
26.09.2009 07:33:09.170 : C:\WINDOWS\system32\comsvcs.dll - Part of COM+ Services

26.09.2009 07:33:09.404 : C:\WINDOWS\system32\colbact.dll - Module associated with COM Services
26.09.2009 07:33:09.445 : C:\WINDOWS\system32\mtxclu.dll - MS DTC and MTS clustering support DLL

DTC : Distributed Transaction Coordinator - MTS : Microsoft Transaction Services.
26.09.2009 07:33:09.467 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:33:09.484 : C:\WINDOWS\system32\clusapi.dll - Cluster API Library

With the Server Cluster application programming interface (API), developers can write applications and resource DLLs for server clusters. A server cluster is a collection of servers, called nodes that communicate with each other to make a set of services highly available to clients. Server clusters are based on one of the two clustering technologies in the Microsoft Windows Server 2003 operating systems. The other clustering technology is Network Load Balancing. Server clusters are designed for applications that have long-running in-memory state or frequently updated data. Typical uses for server clusters include file servers, print servers, database servers, and messaging servers.

26.09.2009 07:33:09.504 : C:\WINDOWS\system32\resutils.dll - Microsoft Cluster Resource Utility
26.09.2009 07:33:09.526 : C:\WINDOWS\system32\sfc.dll
26.09.2009 07:33:09.647 : C:\WINDOWS\system32\sfc_os.dll
26.09.2009 07:33:09.661 : C:\WINDOWS\system32\wups.dll - Windows Update client proxy stub
26.09.2009 07:33:09.709 : C:\WINDOWS\system32\wups2.dll - Windows Update client proxy stub 2
26.09.2009 07:33:09.762 : C:\WINDOWS\system32\imon.dll
26.09.2009 07:33:09.865 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:33:10.009 : C:\WINDOWS\system32\wshtcpip.dll
26.09.2009 07:33:10.032 : C:\WINDOWS\system32\netman.dll - required by the Network Connections Manager Tool

Prend en charge les objets dans le dossier Connexions réseau et accès à distance.
26.09.2009 07:33:17.149 : C:\WINDOWS\system32\netshell.dll - Network Connections Shell

Contains program used by windows when to provide the network connections shell, which is a fundimental part of windows networking capabilities.

netshell.dll is related to shdoc401.dll, shdoclc.dll, shdocvw.dll, shell.dll, shfolder.dll, shlwapi.dll, stobject.dll, url.dll.
26.09.2009 07:33:17.279 : C:\WINDOWS\system32\credui.dll - Credential Manager User Interface

Authentication function; e.g. : CredUIPromptForCredentials function creates and displays a configurable dialog box that accepts credentials information from a user (login/pass).
26.09.2009 07:33:17.306 : C:\WINDOWS\system32\dot3dlg.dll - 802.3 UI Helper - Wired Balloon UI - Connexion Ethernet câblée.

IEEE 802.3 is a collection of IEEE standards defining the Physical Layer and Data Link Layer's media access control (MAC) sublayer of wired Ethernet. This is generally a LAN technology with some WAN applications. Physical connections are made between nodes and/or infrastructure devices (hubs, switches, routers) by various types of copper or fiber cable. 802.3 is a technology that supports the IEEE 802.1 network architecture.

26.09.2009 07:33:17.341 : C:\WINDOWS\system32\onex.dll - IEEE 802.1X supplicant library

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC)

"port" meaning a single point of attachment to the LAN infrastructure.

It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.

It is used for most wireless 802.11 access points and is based on the Extensible Authentication Protocol (EAP).
26.09.2009 07:33:17.378 : C:\WINDOWS\system32\eappcfg.dll - Extensible Authentication Protocol Peer Config

EAP : mécanisme d'identification universel, fréquemment utilisé dans les réseaux sans fil et les liaisons point à point.
26.09.2009 07:33:17.409 : C:\WINDOWS\system32\eappprxy.dll - EAPHost Peer Client
26.09.2009 07:33:17.462 : C:\WINDOWS\system32\wzcsapi.dll - Wireless Zero Configuration Service API
26.09.2009 07:33:17.557 : C:\WINDOWS\system32\wbem\wbemcore.dll - WMI (Windows Management Instrumentation)
26.09.2009 07:33:18.007 : C:\WINDOWS\system32\wbem\esscli.dll - WMI
26.09.2009 07:33:18.054 : C:\WINDOWS\system32\wbem\wbemcomn.dll - WMI
26.09.2009 07:33:18.081 : C:\WINDOWS\system32\wbem\fastprox.dll - WMI
26.09.2009 07:33:18.111 : C:\WINDOWS\system32\wbem\wbemsvc.dll - WMI
26.09.2009 07:33:18.177 : C:\WINDOWS\system32\upnp.dll - Universal Plug and Play API

This DLL exposes the Windows UPnP API and COM object interfaces for control point applications. Upnp.dll is loaded into every UPnP application
26.09.2009 07:33:18.305 : C:\WINDOWS\system32\ssdpapi.dll
26.09.2009 07:33:18.341 : C:\WINDOWS\system32\wbem\wmiutils.dll - WMI
26.09.2009 07:33:18.413 : C:\WINDOWS\system32\wbem\repdrvfs.dll - WMI
26.09.2009 07:33:18.479 : C:\WINDOWS\system32\wbem\wbemprox.dll - WMI
26.09.2009 07:33:18.556 : C:\WINDOWS\system32\wbem\wmiprvsd.dll - WMI
26.09.2009 07:33:18.927 : C:\WINDOWS\system32\ncobjapi.dll
26.09.2009 07:33:18.948 : C:\WINDOWS\system32\wbem\wbemess.dll - WMI
26.09.2009 07:33:19.106 : C:\WINDOWS\system32\netcfgx.dll
26.09.2009 07:33:20.154 : C:\WINDOWS\system32\wbem\ncprov.dll - Non-COM WMI Event Provision APIs
26.09.2009 07:33:20.332 : C:\WINDOWS\system32\wbem\wbemcons.dll - WMI Standard Event Consumers
26.09.2009 07:33:20.619 : C:\WINDOWS\system32\rasadhlp.dll
26.09.2009 07:33:27.887 : C:\WINDOWS\system32\msi.dll - Windows Installer Library

Required by windows and is used by the Microsoft Installer.

 
26.09.2009 07:33:28.015 : C:\WINDOWS\system32\rasdlg.dll - Remote Access Common Dialog API
26.09.2009 07:33:28.330 : C:\WINDOWS\system32\msxml3.dll - MSXML 3.0 SP 7

Analyseur Microsoft XML (MSXML) - Microsoft XML Parser 3.0 - Microsoft XML Core Services (MSXML) is a set of services that allow applications written in JScript, VBScript, and Microsoft development tools to build Windows-native XML-based applications. - All MSXML products are similar in that they are exposed programmatically as Component Object Model (COM) objects.
26.09.2009 07:33:28.836 : C:\WINDOWS\system32\urlmon.dll - OLE32 Extensions for Win32

Used when performing OLE (Object Linking and Embedding) operations. Internet Explorer uses a componentized architecture built around the Component Object Model (COM) technology. It is made up of six major components, each of which is contained in a separate .dll and exposes a set of COM interfaces that enables it to be hosted by the Internet Explorer main executable, iexplore.exe; urlmon.dll is one of the major components : responsible for MIME-type handling and download of web content, and provides a thread-safe wrapper around WinInet.dll and other protocol implementations. Other major components are WinInet.dll, MSHTML.dll, IEFrame.dll, ShDocVw.dll, BrowseUI.dll.

26.09.2009 07:33:29.019 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:33:55.310 : C:\WINDOWS\system32\wups2.dll
26.09.2009 07:33:56.399 }
 

ProcessId 1920 - C:\WINDOWS\system32\svchost.exe - 26.09.2009 07:31:04.523 - 103385 ms

 

{C:\WINDOWS\system32\svchost.exe
26.09.2009 07:31:04.523 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:04.523 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:05.406 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:05.407 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:05.407 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:05.407 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:05.413 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:05.459 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:05.459 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:05.459 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:05.465 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:05.466 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:05.466 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:05.466 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:05.472 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:05.472 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:05.472 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:05.472 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:05.473 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:05.507 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:05.526 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:05.532 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:05.538 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

26.09.2009 07:31:05.747 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:05.765 : C:\WINDOWS\system32\dnsrslvr.dll - DNS Caching Resolver Service

Service that caches local TCPIP address information and name resolution query results from DNS.

26.09.2009 07:31:06.899 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:31:06.955 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:06.962 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:06.968 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:31:06.975 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:32:47.179 : C:\WINDOWS\system32\imon.dll
26.09.2009 07:32:47.478 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:32:47.508 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:32:47.816 : C:\WINDOWS\system32\hnetcfg.dll
26.09.2009 07:32:47.859 : C:\WINDOWS\system32\wshtcpip.dll
26.09.2009 07:32:47.909 }
 

 ProcessId 2020 - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe - 26.09.2009 07:31:08.827 - 132370 ms - 02:12

 
{C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe - Norton Antivirus, Symantec Common Client Settings Manager Service
26.09.2009 07:31:08.827 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:08.827 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:08.828 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:08.864 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:08.864 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:08.864 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:08.864 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:08.865 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:08.865 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:08.865 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:08.865 : C:\WINDOWS\system32\msvcp71.dll - Part of Microsoft C Runtime Library
26.09.2009 07:31:08.925 : C:\WINDOWS\system32\msvcr71.dll - Part of Microsoft C Runtime Library

Module containing standard C library functions such as printf, memcpy, and cos.
26.09.2009 07:31:09.154 : C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll - Symantec Client and Host Security Platform

Belonging to Client and Host Security Platform.
26.09.2009 07:31:09.206 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:09.236 : C:\WINDOWS\system32\dbghelp.dll - Windows Image Helper

Module that contains functions used for the symbol engine and for the symbol and module enumeration.
26.09.2009 07:31:09.306 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:09.328 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:09.416 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll - Symantec Common Client Trust Validation Engine
26.09.2009 07:31:09.701 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:09.716 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:31:09.724 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:09.734 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:09.742 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:09.765 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:09.765 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:31:09.792 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:31:09.792 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:09.979 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:10.012 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:10.028 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:31:11.925 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:31:12.016 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:31:12.234 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:31:12.279 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:12.423 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:12.427 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:31:16.533 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:14.239 : C:\PROGRA~1\FICHIE~1\SYMANT~1\ccSetEvt.dll - Symantec Common Client Settings Manager Event Factory
26.09.2009 07:32:20.145 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:22.172 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:33:21.197 }
 

 ProcessId 500 - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe - 26.09.2009 07:31:10.242 - 5039 ms
 

{C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe - Norton Antivirus, Symantec Event Manager Service
26.09.2009 07:31:10.242 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:10.242 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:10.243 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:10.264 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:10.264 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:10.264 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:10.264 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:10.264 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:10.264 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:10.265 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:10.265 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:31:10.274 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:31:10.287 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:10.310 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:10.320 : C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll
26.09.2009 07:31:10.342 : C:\WINDOWS\system32\dbghelp.dll
26.09.2009 07:31:10.353 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:10.353 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:10.651 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll
26.09.2009 07:31:10.672 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:10.682 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:31:10.688 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:10.695 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:10.702 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:10.722 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:10.722 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:31:10.796 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:31:10.796 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:31:10.879 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:11.069 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:11.081 : C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll - Symantec Common Client Settings Manager Engine
26.09.2009 07:31:11.276 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll
26.09.2009 07:31:11.300 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:11.318 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:31:11.326 : C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll
26.09.2009 07:31:11.396 : C:\WINDOWS\system32\clbcatq.dll - a module associated with COM Services
26.09.2009 07:31:11.449 : C:\WINDOWS\system32\comres.dll - a module associated with COM Services
26.09.2009 07:31:11.465 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:31:12.058 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:31:12.069 : C:\PROGRA~1\FICHIE~1\SYMANT~1\SPBBC\SPBBCEvt.dll - SPBBC Events (Update Manager)

SPBBC Service is a core component of Symantec Internet Security. This process will attempt to prevent unauthorised access to your computer from the internet.

Assists in keeping your computer upto date from Internet. Part of Norton Antivirus. Related : Symantec Tamper Protection.
26.09.2009 07:31:13.958 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:14.028 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:14.121 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:14.139 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:31:14.388 : C:\PROGRA~1\FICHIE~1\SYMANT~1\ccSetEvt.dll
26.09.2009 07:31:15.282 }
 

ProcessId 552 - C:\WINDOWS\system32\userinit.exe - 26.09.2009 07:31:10.720 - 883 ms
 

{C:\WINDOWS\system32\userinit.exe - Manages the different start up sequences needed.

Such as establishing network connection and starting up the Windows shell.
26.09.2009 07:31:10.720 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:10.720 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:10.721 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:10.748 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:10.748 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:10.748 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:10.748 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:10.749 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:10.749 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:10.749 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:10.749 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:31:10.796 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:10.796 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:10.796 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:10.803 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:10.882 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:10.893 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:10.893 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:10.893 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:10.903 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:10.903 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:10.903 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:10.903 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:10.904 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:10.957 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:10.982 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:10.990 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:10.997 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:11.108 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:11.125 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:31:11.339 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:11.604 }
 

ProcessId 636 - C:\WINDOWS\explorer.exe - 26.09.2009 07:31:11.594 - 137237 ms
 

{C:\WINDOWS\explorer.exe - Processus gérant l'interface utilisateur (shell) ainsi que l'interface graphique de Windows (le bureau)
26.09.2009 07:31:11.594 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:11.594 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:11.617 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:11.676 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:11.676 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:11.676 : C:\WINDOWS\system32\browseui.dll - Shell Browser UI Library

Required by the Internet Explorer browser. Contains functions and resources for browser UI management.

Related to OLE32 Extensions. Statically linked to the following files : ADVAPI32.dll - GDI32.dll - KERNEL32.dll - msvcrt.dll - ole32.dll - SHLWAPI.dll - USER32.dll
26.09.2009 07:31:11.732 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:11.776 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:11.776 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:11.776 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:11.777 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:11.777 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:11.777 : C:\WINDOWS\system32\shdocvw.dll - Microsoft Shell Doc Object and Control Library

Used by Windows applications to add basic file and networking operations. Related to OLE32 Extensions. IExplorer.exe directly hosts the Shdocvw.dll component.
26.09.2009 07:31:11.777 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:11.819 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:11.819 : C:\WINDOWS\system32\cryptui.dll
26.09.2009 07:31:11.819 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:11.835 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:11.836 : C:\WINDOWS\system32\wininet.dll
26.09.2009 07:31:11.836 : C:\WINDOWS\system32\normaliz.dll
26.09.2009 07:31:11.836 : C:\WINDOWS\system32\iertutil.dll
26.09.2009 07:31:11.836 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:31:11.836 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:31:11.837 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:11.837 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:11.837 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:11.875 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:11.882 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:11.938 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:11.945 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:11.952 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:11.952 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:12.032 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:12.091 : C:\WINDOWS\system32\riched20.dll
26.09.2009 07:31:12.131 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:12.260 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:12.297 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:12.305 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:31:12.489 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:31:14.281 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:14.314 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:14.330 : C:\WINDOWS\system32\cscui.dll
26.09.2009 07:31:14.361 : C:\WINDOWS\system32\cscdll.dll
26.09.2009 07:31:14.370 : C:\WINDOWS\system32\FPAP-EXL600\FileptcIconOverlay.dll - un module de Arachnoid Biometrics Identification Group

"JetFlash 220" inclut 4 fonctions : Protect Files, Mobile Favorites, Website Auto-Login et Repartition Tool - PdtGuide - FingerPrint - USB Transcend Paolo

 

 
26.09.2009 07:31:14.514 : C:\WINDOWS\system32\security.dll - Security Support Provider Interface (SSPI)

The Microsoft Security Support Provider Interface (SSPI) is the well-defined common API for obtaining integrated security services for authentication, message integrity, message privacy, and security quality of service for any distributed application protocol. Application protocol designers can take advantage of this interface to obtain different security services without modification to the protocol itself.
26.09.2009 07:31:14.879 : C:\WINDOWS\system32\desk.cpl - Windows Control Panel Extension

Ouvre les paramètres d'affichage : run "control.exe desk.cpl"
26.09.2009 07:31:14.962 : C:\WINDOWS\system32\themeui.dll - Windows Desktop Theme API

Needed by Display Properties.
26.09.2009 07:31:15.060 : C:\WINDOWS\system32\msimg32.dll
26.09.2009 07:31:15.076 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:15.237 : C:\WINDOWS\system32\actxprxy.dll
26.09.2009 07:31:22.191 : C:\WINDOWS\system32\urlmon.dll
26.09.2009 07:31:23.359 : C:\WINDOWS\system32\ntshrui.dll - Shell extensions for sharing

Relevé des Shell Extensions XP de ce PC.

26.09.2009 07:31:24.161 : C:\WINDOWS\system32\atl.dll
26.09.2009 07:31:24.273 : C:\WINDOWS\system32\linkinfo.dll - Windows Volume Tracking

Sound System ? - Linkinfo.dll is a 32-bit Dynamic Linked Library of code components for a graphics UI (User Interface) style application.

The newest version of Linkinfo.dll requires a C library, and was likely written in Micorsoft Visual C. It was likely built using Visual Studio 2008.

When linkinfo.dll is loaded, these files are automatically loaded too : ADVAPI32.dll - KERNEL32.dll - msvcrt.dll - USER32.dll.
26.09.2009 07:31:24.355 : C:\WINDOWS\system32\ieframe.dll - Internet Explorer Browser UI Library

Also used to display an error page for dns errors.
26.09.2009 07:31:27.772 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:31:27.803 : C:\WINDOWS\system32\winsta.dll
26.09.2009 07:31:27.956 : C:\WINDOWS\system32\webcheck.dll - Web Site Monitor (MSIE)
This file is part of the mechanism that keeps up-to-date local copies of the Web pages that you chose to make available offline.

Related : integrates a web page as your win98 desktop background (Active Desktop). There are some worms which replace webcheck.dll as MyDoom.
26.09.2009 07:31:28.211 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:28.495 : C:\WINDOWS\system32\stobject.dll - Microsoft Systray Shell Service Object

Contains resources for the system tray such as icons.

Related to netshell.dll, shdoc401.dll, shdoclc.dll, shdocvw.dll, shfolder.dll, shlwapi.dll, url.dll, irmon.exe, dmremote.exe, hotplug.dll, lights.exe, rsrcmtr.exe, sndvol32.exe, wscntfy.exe.
26.09.2009 07:31:28.592 : C:\WINDOWS\system32\batmeter.dll - Battery Meter Helper DLL

Displayed in the notification area of the Windows taskbar, the battery meter helps the Windows user manage the computer's power consumption by indicating the degree of charge remaining on the battery and which power plan the computer is using.
26.09.2009 07:31:28.638 : C:\WINDOWS\system32\powrprof.dll
26.09.2009 07:31:28.647 : C:\WINDOWS\system32\wtsapi32.dll
26.09.2009 07:31:28.656 : C:\WINDOWS\system32\WPDShServiceObj.dll - Windows Portable Device Shell Service Object

Windows Portable Devices is a new way for a computer to communicate with attached media and storage devices. This system supersedes both Windows Media Device Manager and Windows Image Acquisition by providing a flexible, robust way for a computer to communicate with music players, storage devices, mobile phones, cameras and many other types of connected devices. Attached to Windows Media Player 10 & 11.
26.09.2009 07:31:28.770 : C:\WINDOWS\system32\winhttp.dll
26.09.2009 07:31:28.863 : C:\WINDOWS\system32\PortableDeviceTypes.dll - Windows Portable Device (Parameter) Types Component
26.09.2009 07:31:29.226 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:31:29.284 : C:\WINDOWS\system32\PortableDeviceApi.dll - Windows Portable Device API Components - WPD

Microsoft COM (Component Object Model) technology in the Microsoft Windows-family of Operating Systems enables software components to communicate.

Microsoft provides COM interfaces for many Windows application programming interfaces such as Direct Show, Media Foundation, Packaging API, Windows Animation Manager, Windows Portable Devices, and Microsoft Active Directory.
26.09.2009 07:31:29.496 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:31:29.603 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:31:30.991 : C:\WINDOWS\system32\msacm32.drv
26.09.2009 07:31:32.845 : C:\WINDOWS\system32\midimap.dll
26.09.2009 07:31:32.892 : C:\WINDOWS\system32\netshell.dll
26.09.2009 07:31:34.801 : C:\WINDOWS\system32\credui.dll
26.09.2009 07:31:35.577 : C:\WINDOWS\system32\dot3api.dll
26.09.2009 07:31:35.631 : C:\WINDOWS\system32\rtutils.dll
26.09.2009 07:31:35.666 : C:\WINDOWS\system32\dot3dlg.dll
26.09.2009 07:31:35.697 : C:\WINDOWS\system32\onex.dll
26.09.2009 07:31:36.071 : C:\WINDOWS\system32\eappcfg.dll
26.09.2009 07:31:36.656 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:31:36.861 : C:\WINDOWS\system32\eappprxy.dll
26.09.2009 07:31:37.042 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:31:37.100 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:37.112 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:37.121 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:31:48.287 : C:\WINDOWS\system32\mlang.dll - Multi Language Support DLL (MSIE)

Provides multi-language support functions. Contains functions for translation of current Internet character sets to Unicode and back.
26.09.2009 07:31:50.828 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:31:54.395 : C:\WINDOWS\system32\msisip.dll - Microsoft Windows Installer (Unicode) - MSI Signature SIP Provider/Handler
26.09.2009 07:31:54.663 : C:\WINDOWS\system32\wshext.dll - Microsoft Shell Extension for Windows Script Host
26.09.2009 07:31:54.859 : C:\PROGRA~1\MICROS~4\OFFICE11\MCPS.DLL - Office 2003 SP2 (Artgalry - Media Catalog Proxy/Stub)
26.09.2009 07:31:55.085 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:32:16.272 : C:\WINDOWS\system32\drprov.dll - Microsoft Terminal Server Network Provider

A Terminal Server (or Serial Server) enable companies to connect devices with an RS232, RS422 or RS485 serial interface to a local area network (LAN). Products marketed as terminal servers can be very simple devices that do not offer any security functionality, such as data encryption and user authentication. The primary application scenario is to enable serial devices to access network server applications, or vice versa, where security of the data on the LAN is not generally an issue. There are also many terminal servers on the market that have highly advanced security functionality to ensure that only qualified personnel can access various servers and that any data that is transmitted across the LAN, or over the Internet, is encrypted. Usually companies who need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network.

26.09.2009 07:32:16.366 : C:\WINDOWS\system32\ntlanman.dll - Microsoft Lan Manager

The DFS client provider is implemented in \Windows\System32\Ntlanman.dll (Distributed File System).

26.09.2009 07:32:16.435 : C:\WINDOWS\system32\netui0.dll - NT LM UI Common Code - GUI Classes
26.09.2009 07:32:16.496 : C:\WINDOWS\system32\netui1.dll - NT LM UI Common Code - Networking classes
26.09.2009 07:32:16.540 : C:\WINDOWS\system32\netrap.dll - Used when communicating with other systems using Net Remote Admin Protocol

Contains functions used for talking to or from downlevel systems and support routines for Rpcxlate and Xactsrv.
26.09.2009 07:32:16.568 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:32:16.587 : C:\WINDOWS\system32\davclnt.dll - Web DAV Client

WebDAV (Web-based Distributed Authoring and Versioning) est un protocole (plus précisément, une extension du protocole HTTP).
26.09.2009 07:32:16.658 : C:\Program Files\TClockEx\TCLOCKEX.DLL

Enhances the standard Windows clock, freeware

 

 

26.09.2009 07:32:25.362 : C:\WINDOWS\system32\msctf.dll - Text Service Module
26.09.2009 07:32:31.457 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll

Microsoft IntelliPoint 2002 (v4.1), permet la fonction roulette dans de vieux logiciels comme Office 1995, Microsoft Money 1997, ...
26.09.2009 07:32:38.965 : C:\WINDOWS\system32\fxsst.dll - Fax Service
26.09.2009 07:33:28.621 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:33:28.687 : C:\WINDOWS\system32\fxsapi.dll - Microsoft Fax API
26.09.2009 07:33:28.753 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:33:28.831 }

 
ProcessId 756 - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe - 26.09.2009 07:31:15.519 - 142478 ms (2,4 minutes)

 

 
{C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe - Norton Antivirus  : Symantec Internet Security Service, Symantec Tamper Protection.

 

 
26.09.2009 07:31:15.519 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:15.519 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:15.520 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:31:15.581 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:15.581 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:15.581 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:15.581 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:15.581 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:15.581 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:15.582 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:15.582 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:15.582 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:15.582 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:31:15.588 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:31:15.596 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:15.627 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:15.627 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:15.644 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:15.732 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:15.748 : C:\WINDOWS\system32\dbghelp.dll
26.09.2009 07:31:15.790 : C:\WINDOWS\system32\dbghelp.dll
26.09.2009 07:31:15.838 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll - Common Client Trust Validation Engine
26.09.2009 07:31:15.866 : C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll
26.09.2009 07:31:15.877 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:15.890 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:31:15.898 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:15.908 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:15.916 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:15.939 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:15.939 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:31:15.965 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:31:15.965 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:31:16.004 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:16.108 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:16.154 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:16.159 : C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll - Common Client Settings Manager Engine
26.09.2009 07:31:16.281 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:16.322 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:16.339 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:31:16.395 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll
26.09.2009 07:31:16.686 : C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll
26.09.2009 07:31:16.703 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:16.745 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:31:16.759 : C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll
26.09.2009 07:31:16.844 : C:\PROGRA~1\FICHIE~1\SYMANT~1\SPBBC\SPBBCEvt.dll - SPBBC Events
26.09.2009 07:31:17.005 : C:\WINDOWS\system32\msxml3.dll
26.09.2009 07:33:26.683 : C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\bbRGen.dll - Rule Preprocessor

This file is part of BASH (acronyme de Bourne-again shell) qui est le shell du projet GNU. Il a été porté sous Windows par le projet Cygwin.

Cygwin rend possible en particulier l'exécution d'un shell (bash le plus souvent) dans un environnement Windows, ce qui permet d'utiliser un PC sous Windows de manière très similaire à un ordinateur sous une version d'Unix.

26.09.2009 07:33:37.998 }

 
ProcessId 816 - C:\WINDOWS\system32\spoolsv.exe - 26.09.2009 07:31:16.312 - 14102 ms (print services)

 
{C:\WINDOWS\system32\spoolsv.exe - Printer Spooler Service (spouleur d'impression)
26.09.2009 07:31:16.312 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:16.312 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:18.544 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:18.545 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:18.545 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:18.545 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:18.545 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:18.545 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:18.545 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:18.553 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:18.598 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:18.605 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:18.606 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:18.606 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:18.614 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:18.614 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:18.614 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:18.614 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:18.614 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:18.644 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:18.665 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:18.671 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:18.677 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:20.182 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:20.205 : C:\WINDOWS\system32\spoolss.dll - Printer Spooler Subsystem

This process deals with the printing process from disk to local printer.
26.09.2009 07:31:26.680 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:26.754 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:26.763 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:31:27.007 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:31:27.019 : C:\WINDOWS\system32\winrnr.dll
26.09.2009 07:31:27.062 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:27.062 : C:\WINDOWS\system32\rasadhlp.dll
26.09.2009 07:31:27.075 : C:\WINDOWS\system32\localspl.dll - Local Printer Spooler
26.09.2009 07:31:27.361 : C:\WINDOWS\system32\sfc_os.dll
26.09.2009 07:31:27.465 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:31:27.465 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:27.466 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:27.466 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:31:27.466 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:31:27.508 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:27.508 : C:\WINDOWS\system32\cnbjmon.dll - Langage Monitor for Canon Bubble-Jet Printer

Moniteur de langage pour imprimante Bubble-Jet Canon. Proablement un vestige de test en atelier de réparation car cette imprimante n'est pas active dans cette machine.
26.09.2009 07:31:27.680 : C:\WINDOWS\system32\cpwmon2k.dll - CutePDF Writer Monitor

CutePDF Writer installs itself as a "printer subsystem". This enables virtually any Windows applications to create PDF documents.
26.09.2009 07:31:27.744 : C:\WINDOWS\system32\mdimon.dll - associated with Microsoft Office Document Imaging
26.09.2009 07:31:27.804 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:31:27.845 : C:\WINDOWS\system32\fxsmon.dll - Microsoft Fax Print Monitor
26.09.2009 07:31:27.957 : C:\WINDOWS\system32\fxsevent.dll - Microsoft Fax EventLog Support
26.09.2009 07:31:28.269 : C:\WINDOWS\system32\pjlmon.dll - PJL Printer Language Monitor

Printer Job Language (PJL) is a method developed for switching printer languages at the job level, and for status readback between the printer and the host computer. PJL adds job level controls, such as printer language switching, job separation, environment, status readback, device attendance and file system commands. PJL is supported by most PostScript printers.

26.09.2009 07:31:28.314 : C:\WINDOWS\system32\tcpmon.dll - Standard TCP/IP Printer Port Monitor
26.09.2009 07:31:28.392 : C:\WINDOWS\system32\usbmon.dll - USB Printer Port Monitor
26.09.2009 07:31:28.436 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:28.459 : C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - Microsoft Office Document Imaging
26.09.2009 07:31:28.590 : C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - Print Filter Pipeline Proxy

Related : 1/ _$filterpipelineprintproc.dll : appartient à Cost Recovery (Cost Management Solutions de Technesis)

2/ After you install the .NET Framework 3.5 SP1 in Windows XP, there is an arbitrary folder that is generated in the root of a drive of the computer. This folder contains two subfolders that are named amd64 and i386. These two subfolders both include the following files : * filterpipelineprintproc.dll * msxpsdrv.cat * msxpsdrv.inf * msxpsinc.gpd * msxpsinc.ppd * mxdwdrv.dll *  xpssvcs.dll
26.09.2009 07:31:28.742 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:31:28.986 : C:\WINDOWS\system32\winrnr.dll
26.09.2009 07:31:29.092 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:29.092 : C:\WINDOWS\system32\win32spl.dll - related to Printer Spooler - DLL d'API du spouleur 32 bits

Win32spl.dll is the remote print provider on a Windows-based network. This DLL sends jobs to print servers running Windows NT 4.0 or Windows for Workgroups. For a print server running Windows Server 2003, Win32spl.dll makes an RPC to the spooler on the server (Spoolsv.exe), which makes a call to the print router (Spoolss.dll). The print router receives the job over the network and passes it to the local print provider as if a local client had submitted it.

26.09.2009 07:31:29.256 : C:\WINDOWS\system32\netrap.dll
26.09.2009 07:31:29.400 : C:\WINDOWS\system32\ntdsapi.dll
26.09.2009 07:31:29.432 : C:\WINDOWS\system32\inetpp.dll - Performs specific processing on Internet Print Servers.

For an Internet print server, Inetpp.dll recognizes the printer name by its URL and submits the print job to the appropriate printer by using IPP (Internet Printing Protocol)
26.09.2009 07:31:29.694 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:30.135 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:30.167 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:30.194 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:30.341 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:30.415 }

 

ProcessId 908 - C:\Program Files\Creative\Shared Files\CTAudSvc.exe - 26.09.2009 07:31:20.491 - 992 ms

 

 

Selon TUT :

Le service a été désactivé dans ce PC.

 
{C:\Program Files\Creative\Shared Files\CTAudSvc.exe - Creative Audio Service installed by the drivers for Creative Sound Blaster X-FI Sound Cards.
26.09.2009 07:31:20.491 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:20.491 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:21.237 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:21.238 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:21.238 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:31:21.253 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:21.253 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:21.253 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:21.253 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:21.253 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:21.254 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:21.254 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:21.254 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:21.254 : C:\WINDOWS\system32\dsound.dll - Microsoft Direct Sound Library (DirectX)
26.09.2009 07:31:21.260 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:21.260 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:21.267 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:31:21.274 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:31:21.279 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:21.280 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:21.280 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:21.297 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:21.384 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:21.401 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:21.441 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:21.450 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:21.483 }

 
ProcessId 972 - C:\WINDOWS\system32\scardsvr.exe - 26.09.2009 07:31:21.865 - 1509 ms

 
{C:\WINDOWS\system32\scardsvr.exe - Part of Microsoft Smartcard-Ressource Server.
26.09.2009 07:31:21.865 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:21.865 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:22.869 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:22.870 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:22.876 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:22.937 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:22.937 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:22.937 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:22.937 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:22.937 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:22.937 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:22.945 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:22.945 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:22.946 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:22.957 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:22.957 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:22.957 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:22.958 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:22.958 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:23.076 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:23.123 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:23.130 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:23.135 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:23.273 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:23.293 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:23.360 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:23.375 }

 
ProcessId 532 - C:\Program Files\Cool Beans System Info\Cool Beans System Info.exe - 26.09.2009 07:31:27.230 - 72512 ms

 
{C:\Program Files\Cool Beans System Info\Cool Beans System Info.exe - freeware, displays CPU, physical memory, network, and swap file usage

 

 

26.09.2009 07:31:27.230 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:27.230 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:30.063 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:30.065 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:30.066 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:30.066 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:31:30.097 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:30.107 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:30.116 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:30.116 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:30.116 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:30.117 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:31:30.144 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:31:30.154 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:30.241 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:30.560 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:31:31.204 : C:\WINDOWS\system32\perfos.dll - Performance Counter (Cache, Memory, Object, Paging File, Processor, System)

In Windows XP, system counters are defined in the following libraries :

PerfOs.dll : Cache, Memory, Object, Paging File, Processor, System

PerfDisk.dll : LogicalDisk, PhysicalDisk
PerfNet.dll : Browser, Redirector, Server
PerfProc.dll : Job Object, Job Object Details, Process, Thread, Thread Details
TapiPerf.dll : Telephony
Perfctrs.dll : IP, ICMP, NBT Connection, Network Interface, TCP, UDP
26.09.2009 07:31:32.252 : C:\WINDOWS\system32\mprapi.dll
26.09.2009 07:31:32.479 : C:\WINDOWS\system32\activeds.dll
26.09.2009 07:31:32.486 : C:\WINDOWS\system32\adsldpc.dll
26.09.2009 07:31:32.496 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:31:32.496 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:32.496 : C:\WINDOWS\system32\atl.dll
26.09.2009 07:31:32.518 : C:\WINDOWS\system32\rtutils.dll
26.09.2009 07:31:32.524 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:32.530 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:32.540 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:33.305 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:31:33.765 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:31:33.774 : C:\WINDOWS\system32\winrnr.dll
26.09.2009 07:31:33.791 : C:\WINDOWS\system32\rasadhlp.dll
26.09.2009 07:31:33.800 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:31.920 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll - Microsoft IntelliPoint - related to mouse cursors ?
26.09.2009 07:32:39.742 }

 
ProcessId 1488 - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe - 26.09.2009 07:31:29.285 - 69820 ms

 

 
{C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

Sauvegarde incrémentale d'une image du disque système sur un autre disque dur physiquement différent.

Cette pratique est à l'origine du terme "secure workstation" qui affecte quasiment tous les ordinateurs que nous avons livrés depuis fin 2006.
26.09.2009 07:31:29.285 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:29.285 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:35.427 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:35.427 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:35.427 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:35.428 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:35.428 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:35.428 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:35.428 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:35.428 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:35.428 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:35.428 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:35.429 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:31:35.429 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:35.429 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:35.429 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:31:35.436 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:31:35.446 : C:\WINDOWS\system32\snapapi.dll - Acronis Snapshot
26.09.2009 07:31:35.454 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:35.454 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:35.474 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:35.610 : C:\Program Files\Fichiers communs\Acronis\Common\resource.dll
26.09.2009 07:31:35.736 : C:\Program Files\Fichiers communs\Acronis\Common\gc.dll
26.09.2009 07:31:35.782 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:31:35.846 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:31:52.534 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:31:56.773 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:56.796 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:56.797 : C:\Program Files\Fichiers communs\Acronis\Fomatik\tdrpapi.dll - Acronis Try&Decide and Restore Points Volume Library
26.09.2009 07:31:57.175 : C:\Program Files\Fichiers communs\Acronis\Common\rpc_client.dll - Acronis Dynamic RPC Client (Remote Procedure Call)
26.09.2009 07:31:57.944 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:31.322 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:39.106 }
 

ProcessId 1852 - C:\WINDOWS\system32\svchost.exe - 26.09.2009 07:31:30.473 - 1757 ms

 
{C:\WINDOWS\system32\svchost.exe
26.09.2009 07:31:30.473 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:30.473 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:30.474 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:30.475 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:30.475 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:30.475 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:31:30.485 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:31:30.579 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:30.579 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:30.579 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:31:30.590 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:30.590 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:30.590 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:30.590 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:31:30.599 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:30.599 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:30.599 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:30.600 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:31:30.600 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:30.655 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:30.684 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:31:30.693 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:31:30.701 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:30.819 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:30.834 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:31:30.859 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:30.864 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:30.864 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:30.906 : C:\WINDOWS\system32\webclnt.dll - Web DAV Service
Web Distributed Authoring and Versioning est un protocole (plus précisément, une extension du protocole HTTP) défini par le groupe de travail IETF homonyme. WebDAV permet de simplifier la gestion de fichiers avec des serveurs distants. Il permet de récupérer, déposer, synchroniser et de publier des fichiers (et dossiers) rapidement et facilement. L'objectif principal de WebDAV est de rendre possible l'écriture à travers le web et pas seulement la lecture de données. WebDAV permet à plusieurs utilisateurs d'éditer le contenu d'un dossier web simultanément. Il saura gérer les droits d'accès aux fichiers (ou dossiers), en verrouillant momentanément les fichiers et dossiers édités.
26.09.2009 07:31:31.954 : C:\WINDOWS\system32\wininet.dll
26.09.2009 07:31:32.217 : C:\WINDOWS\system32\normaliz.dll
26.09.2009 07:31:32.218 : C:\WINDOWS\system32\iertutil.dll
26.09.2009 07:31:32.218 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:31:32.225 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:31:32.230 }

 
ProcessId 1888 - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe - 26.09.2009 07:31:31.150 - 72485 ms

 
{C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
26.09.2009 07:31:31.150 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:31.150 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:37.531 : C:\Program Files\Acronis\TrueImageHome\fox.dll
26.09.2009 07:31:37.540 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:37.540 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:37.540 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:37.540 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:37.541 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:37.541 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:37.541 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:37.541 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:37.541 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:37.541 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:37.542 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:31:37.552 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:31:37.566 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:31:37.567 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:37.567 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:37.567 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:37.589 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:37.728 : C:\WINDOWS\system32\hhctrl.ocx : a Microsoft ActiveX which supports all functions of the user help interface
26.09.2009 07:31:37.762 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:37.762 : C:\WINDOWS\system32\mui\000C\hhctrlui.dll - Microsoft HTML Help Control

Microsoft Compiled HTML Help is a proprietary format for online help files, developed by Microsoft and first released in 1997 as a successor to the Microsoft WinHelp format. It was first introduced with the release of Windows 98, and is still supported and distributed through Windows XP and Vista platforms.
26.09.2009 07:31:37.790 : C:\WINDOWS\system32\msimg32.dll
26.09.2009 07:31:37.794 : C:\Program Files\Fichiers communs\Acronis\Common\icu34.dll - Module belonging to International Components for Unicode

Les "International Components for Unicode" (ICU) est un projet open source qui fournit des bibliothèques de traitement utilisables dans les langages informatiques C/C++ et Java, afin de prendre en charge les textes utilisant le répertoire universel de caractères codés (UCS, normalisé dans la norme ISO/CEI 10646 et le standard informatique Unicode), l’internationalisation et la localisation des logiciels. ICU est largement portable vers de nombreux systèmes d’exploitations et environnements. Il donne aux applications les mêmes comportements et résultats sur toutes les plateformes et entre les langages de programmation fournissant une interface avec les langages C, C++ ou Java.

26.09.2009 07:31:37.832 : C:\Program Files\Fichiers communs\Acronis\Common\icudt34.dll - Module belonging to International Components for Unicode

International Components for Unicode (ICU) is an open source project of mature C/C++ and Java libraries for Unicode support, software internationalization and software globalization.
26.09.2009 07:31:37.841 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:31:37.912 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:43.265 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:43.636 }
 

ProcessId 1532 - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe - 26.09.2009 07:31:32.949 - 67336 ms

 
{C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe - True Image Component : part of the Scheduler

Ce processus est installé avec le logiciel de sauvegarde Acronis True Image. Celui-ci permet de sauvegarder et de restaurer des données de votre ordinateur.
26.09.2009 07:31:32.949 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:32.949 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:34.173 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:34.174 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:34.174 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:34.174 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:34.174 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:34.174 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:34.174 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:34.175 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:34.175 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:34.175 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:34.175 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:34.175 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:34.193 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:34.598 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:40.286 }

 
ProcessId 2100 - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe - 26.09.2009 07:31:35.452 - 1216 ms

 
{C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe - True Image Scheduler Process

26.09.2009 07:31:35.452 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:35.452 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:36.197 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:36.198 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:36.198 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:36.198 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:36.198 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:36.198 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:36.198 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:36.199 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:36.199 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:36.199 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:36.199 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:31:36.199 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:36.199 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:36.199 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:36.218 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:36.308 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:31:36.663 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:36.668 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:36.668 }

 
ProcessId 2164 - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - 26.09.2009 07:31:38.261 - 61361 ms

 
{C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - diminue le temps de chargement pour le lecteur PDF de Adobe
26.09.2009 07:31:38.261 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:38.261 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:41.454 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:41.454 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:41.454 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:41.455 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:41.455 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:41.455 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:41.455 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:41.455 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:41.455 : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll

Microsoft C++ Runtime Library - Process associated with Microsoft Visual Studio 2005. Related to Adobe Acrobat Reader.
26.09.2009 07:31:41.462 : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll

Microsoft C++ Runtime Library - Process associated with Microsoft Visual Studio 2005. Related to Adobe Acrobat Reader.
26.09.2009 07:31:41.469 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:41.486 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:41.595 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:41.617 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:42.056 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:31:42.099 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:42.138 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:32.072 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:39.622 }

 
ProcessId 2208 - C:\Program Files\ESET\nod32kui.exe - 26.09.2009 07:31:40.472 - 93839 ms

 

 
{C:\Program Files\ESET\nod32kui.exe - ESET Nod32 Antivirus (v2.7) qui cohabite sans problème avec Norton Antivirus (Corporate, v10.1)
26.09.2009 07:31:40.472 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:40.472 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:44.459 : C:\WINDOWS\system32\mfc42u.dll - module that contains the Microsoft Foundation Classes (MFC) functions used by applications created in Visual C++.

The "Microsoft Foundation Classes" is a library that wraps portions of the Windows API in C++ classes, including functionality that enables them to use a default application framework. Classes are defined for many of the handle-managed Windows objects and also for predefined windows and common controls.
26.09.2009 07:31:44.550 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:44.550 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:44.550 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:44.550 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:44.551 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:44.551 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:44.551 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:44.551 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:31:44.627 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:44.627 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:44.627 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:44.720 : C:\WINDOWS\system32\mfc42loc.dll - module that contains specific localized resources to be used by MFC applications.
26.09.2009 07:31:44.757 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:49.431 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:31:49.689 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:49.846 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:31:50.045 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:31:50.182 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:31:50.234 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:31:50.234 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:43.310 : C:\WINDOWS\system32\msctf.dll

 

 

 

26.09.2009 07:32:43.858 : C:\Program Files\ESET\pu_amon.dll : File System Monitor
26.09.2009 07:33:13.187 : C:\Program Files\ESET\pu_dmon.dll : Microsoft Office Document Monitor
26.09.2009 07:33:13.315 : C:\Program Files\ESET\pu_emon.dll : Microsoft Outlook Email Monitor
26.09.2009 07:33:13.420 : C:\Program Files\ESET\pu_imon.dll : Internet Monitor
26.09.2009 07:33:13.493 : C:\Program Files\ESET\pu_nod32.dll : On Demand Scanner
26.09.2009 07:33:13.620 : C:\WINDOWS\system32\ctagent.dll
26.09.2009 07:33:13.656 : C:\Program Files\ESET\pu_upd.dll : Automatic Update

 

 

 

26.09.2009 07:33:13.722 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:33:14.311 }

 
ProcessId 2216 - C:\WINDOWS\system32\Ctxfihlp.exe - 26.09.2009 07:31:41.041 - 59288 ms

 
{C:\WINDOWS\system32\Ctxfihlp.exe - Creative Audio Helper
26.09.2009 07:31:41.041 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:41.041 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:47.122 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:47.123 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:47.123 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:47.123 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:47.123 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:47.123 : C:\WINDOWS\system32\mfc42.dll
26.09.2009 07:31:47.251 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:47.251 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:31:47.252 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:31:47.360 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:47.479 : C:\WINDOWS\system32\mfc42loc.dll
26.09.2009 07:31:47.518 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:47.558 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:47.648 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:31:47.790 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:31:47.809 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:31:47.810 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:31:47.810 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:31:47.810 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:31:47.915 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:31:48.050 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:31:48.050 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:48.050 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:31:48.618 : C:\WINDOWS\system32\cttele32.dll - belonging to Creative Sound Drivers
26.09.2009 07:32:28.763 : C:\WINDOWS\system32\ctagent.dll - Creative Soundcard Software Module
26.09.2009 07:32:29.261 : C:\WINDOWS\system32\CTxfiSpk.dll - Creative Sound Blaster X-Fi Audio
26.09.2009 07:32:29.383 : C:\WINDOWS\system32\dsound.dll
26.09.2009 07:32:29.437 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:29.468 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:29.548 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:29.597 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:32:30.353 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:32:30.413 : C:\WINDOWS\system32\wdmaud.drv
26.09.2009 07:32:30.463 : C:\WINDOWS\system32\msacm32.drv
26.09.2009 07:32:30.841 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:32:30.861 : C:\WINDOWS\system32\midimap.dll
26.09.2009 07:32:30.928 : C:\WINDOWS\system32\ksuser.dll - Microsoft User CSA Library

A library which transports latency sensitive, time-stamped data between user peripherals and system peripherals.
26.09.2009 07:32:31.702 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:35.872 : C:\WINDOWS\system32\CTxfiBtn.dll - Creative Sound Blaster X-Fi Audio
26.09.2009 07:32:35.966 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:35.967 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:35.968 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:38.972 : C:\WINDOWS\CTXFIFRN.DLL - Creative Sound Blaster X-Fi Fatality
26.09.2009 07:32:39.063 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:40.329 }

 
ProcessId 2236 - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe - 26.09.2009 07:31:42.766 - 28458 ms

Volume Control Panel from Creative Technology belonging to Xi-Fi Creative Sound Utilities

 
{C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
26.09.2009 07:31:42.766 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:42.766 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:02.507 : C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSeu.dll
26.09.2009 07:32:02.533 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:02.533 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:02.533 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:02.533 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:02.533 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:02.534 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:02.534 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:02.534 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:02.534 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:02.554 : C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CTAudEp.dll
26.09.2009 07:32:02.616 : C:\WINDOWS\system32\dsound.dll
26.09.2009 07:32:02.638 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:02.638 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:32:02.736 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:02.736 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:02.736 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:02.736 : C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CTIniFu.dll
26.09.2009 07:32:02.781 : C:\WINDOWS\system32\mfc42u.dll
26.09.2009 07:32:02.849 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:02.849 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:32:02.867 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:02.923 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:02.944 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:02.960 : C:\WINDOWS\system32\mfc42loc.dll
26.09.2009 07:32:02.990 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:11.182 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:11.225 }

 
ProcessId 2244 - C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe - 26.09.2009 07:31:43.001 - 30446 ms

 

 
{C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe - WebCam Engine Application
26.09.2009 07:31:43.001 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:43.001 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:03.684 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:03.685 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:03.685 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:03.685 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:03.685 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:03.685 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:03.686 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:03.686 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:03.820 : C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll - EyeCatcher Engine
26.09.2009 07:32:03.902 : C:\Program Files\Creative\Creative Live! Cam\VideoFX\cxcore097.dll - belongs to Intel Open Source Computer Vision Library
26.09.2009 07:32:03.944 : C:\Program Files\Creative\Creative Live! Cam\VideoFX\cv097.dll - belongs to Intel Open Source Computer Vision Library
26.09.2009 07:32:03.991 : C:\Program Files\Creative\Creative Live! Cam\VideoFX\highgui097.dll - belongs to Intel Open Source Computer Vision Library
26.09.2009 07:32:04.012 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:04.013 : C:\WINDOWS\system32\avifil32.dll - Microsoft AVI File support library
26.09.2009 07:32:04.031 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:04.052 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:04.052 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:32:04.082 : C:\WINDOWS\system32\msvfw32.dll - Microsoft Video for Windows

Contains bitmap compression and decompression routines used for Microsoft Video for Windows.
26.09.2009 07:32:04.105 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:04.105 : C:\WINDOWS\system32\avicap32.dll - capture images from a webcamera

Contains functions for the Windows API that is used to capture AVI movies and video from web cameras and other video hardware.
26.09.2009 07:32:04.208 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:04.208 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:04.246 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:04.246 : C:\WINDOWS\system32\mfc71.dll
26.09.2009 07:32:04.288 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:32:04.316 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:32:04.337 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:04.434 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:04.450 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:13.212 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:13.447 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:13.448 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:13.448 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:13.448 }

 
ProcessId 2256 - C:\Program Files\Startup Delayer\Startup Launcher GUI.exe - 26.09.2009 07:31:43.612 - 62124 ms

 
{C:\Program Files\Startup Delayer\Startup Launcher GUI.exe (freeware)

Startup Delayer vous permet de choisir, dans la liste de ces logiciels, ceux dont vous souhaitez retarder manuellement le lancement, afin d'éviter la saturation.
26.09.2009 07:31:43.612 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:43.612 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:05.046 : C:\WINDOWS\system32\msvbvm60.dll
26.09.2009 07:32:05.083 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:05.083 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:05.083 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:05.084 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:05.084 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:05.084 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:05.084 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:05.084 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:05.085 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:05.145 : C:\WINDOWS\system32\VB6FR.DLL - Visual Basic Runtime Library (French Version)

Visual Basic (VB) est un langage de programmation événementiel de troisième génération ainsi qu'un environnement de développement intégré, créé par Microsoft. Visual Basic est directement dérivé du BASIC [Beginner's All-purpose Symbolic Instruction Code] et permet le développement rapide d'applications, la création d'interfaces utilisateur graphiques, l'accès aux bases de données, ainsi que la création de contrôles ou objets ActiveX. La dernière mise à jour de Visual Basic est la version 6.0, sortie en 1998. Le support étendu Microsoft a pris fin en 2008. À partir de la version 7, le Visual Basic subit des changements substantiels le rapprochant de la plate-forme « dot Net », et qui amènent Microsoft à le commercialiser sous le nom de Visual Basic .NET.

26.09.2009 07:32:05.178 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:32:05.239 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:05.240 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:05.412 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:05.528 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:05.600 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:05.600 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:32:05.686 : C:\WINDOWS\system32\MSCOMCTL.OCX - Visual Basic 6 Common Controls - ActiveX Control
26.09.2009 07:32:05.985 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:05.986 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:06.027 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:06.028 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:06.028 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:32:17.462 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:17.697 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:32.549 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:40.214 : C:\WINDOWS\system32\ctagent.dll
26.09.2009 07:32:45.736 }

 
ProcessId 2268 - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe - 26.09.2009 07:31:43.907 - 122327 ms

 

 
{C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe - Norton Antivirus

Il est en partie responsable des possibilités de l'auto-protection et de la vérification des emails.
26.09.2009 07:31:43.907 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:43.907 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:02.564 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:02.565 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:02.565 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:02.565 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:02.565 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:02.566 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:02.566 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:32:02.585 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:32:02.613 : C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll
26.09.2009 07:32:02.637 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:02.637 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:02.638 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:02.638 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:02.693 : C:\WINDOWS\system32\dbghelp.dll
26.09.2009 07:32:02.785 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:02.785 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:02.947 : C:\WINDOWS\system32\SymNeti.dll - Symantec Network Driver Interface
26.09.2009 07:32:02.997 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:32:03.013 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:03.033 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:03.058 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:03.059 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:03.059 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:11.378 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:11.556 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:11.556 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:11.556 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:11.557 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:11.579 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:32:11.717 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:32:11.996 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:12.051 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:12.056 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll
26.09.2009 07:32:13.161 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:13.278 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:32:13.306 : C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll
26.09.2009 07:32:13.553 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:13.641 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:13.799 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:32:13.968 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:32:13.992 : C:\Program Files\Fichiers communs\Symantec Shared\ccProd.dll - Symantec Product Plugin
26.09.2009 07:32:15.305 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:15.388 : C:\Program Files\Symantec AntiVirus\SAVCProd.dll
26.09.2009 07:32:16.575 : C:\PROGRA~1\FICHIE~1\SYMANT~1\ccAlert.dll - Symantec Common Client Alert and Notification
26.09.2009 07:32:16.853 : C:\PROGRA~1\FICHIE~1\SYMANT~1\ccEmlPxy.dll - Symantec Common Client Email Proxy
26.09.2009 07:32:17.060 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:32:17.311 : C:\WINDOWS\system32\SymRedir.dll - Symantec Redirector Interface
26.09.2009 07:32:17.791 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:32:18.002 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:32:18.033 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:32:18.033 : C:\PROGRA~1\FICHIE~1\SYMANT~1\ccSetEvt.dll - Symantec Common Client Settings Manager Event Factory
26.09.2009 07:32:18.448 : C:\Program Files\Symantec AntiVirus\SavEmail.dll
26.09.2009 07:32:18.569 : C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll - Common Client Proxy Factory
26.09.2009 07:32:19.205 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:43.239 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:43.566 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:33:45.997 : C:\WINDOWS\system32\winrnr.dll
26.09.2009 07:33:46.005 : C:\WINDOWS\system32\rasadhlp.dll
26.09.2009 07:33:46.069 : C:\WINDOWS\system32\imon.dll
26.09.2009 07:33:46.071 : C:\WINDOWS\system32\hnetcfg.dll
26.09.2009 07:33:46.074 : C:\WINDOWS\system32\wshtcpip.dll
26.09.2009 07:33:46.076 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:33:46.235 }

 
ProcessId 2284 - C:\PROGRA~1\SYMANT~1\VPTray.exe - 26.09.2009 07:31:45.198 - 54973 ms

 
{C:\PROGRA~1\SYMANT~1\VPTray.exe - Norton Antivirus icon in System Tray
26.09.2009 07:31:45.198 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:45.321 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:03.849 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:03.850 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:03.850 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:03.851 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:03.851 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:03.851 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:03.851 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:03.851 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:03.851 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:03.852 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:03.852 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:32:03.874 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:32:03.903 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:03.922 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:03.985 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:12.344 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:12.400 : C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll
26.09.2009 07:32:12.692 : C:\WINDOWS\system32\shfolder.dll - Shell Folder Service Library

Contains functions used to display 'special' folders, such as MyDocuments, MyPhotos, etc.

Needed to enter "System Properties" by right-clicking on "My Computer" and selecting "Properties" without receiving an error.
26.09.2009 07:32:12.764 : C:\Program Files\Symantec AntiVirus\SavRT32.dll - Symantec Realtime Library
26.09.2009 07:32:12.977 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:12.980 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:13.322 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll
26.09.2009 07:32:16.384 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:16.463 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:32:16.499 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:16.537 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:16.583 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:16.668 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:16.668 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:16.779 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:16.779 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:32:16.869 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:32:17.755 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:17.808 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:17.812 : C:\PROGRA~1\FICHIE~1\SYMANT~1\ccSetEvt.dll
26.09.2009 07:32:18.471 : C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll
26.09.2009 07:32:18.610 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:18.658 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:32:18.718 : C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll
26.09.2009 07:32:19.259 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:19.710 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:20.036 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:32:20.427 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:32:20.456 : C:\PROGRA~1\FICHIE~1\SYMANT~1\ccAlert.dll
26.09.2009 07:32:21.110 : C:\Program Files\Symantec AntiVirus\Cliscan.dll
26.09.2009 07:32:21.437 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:32:21.438 : C:\WINDOWS\system32\shfolder.dll
26.09.2009 07:32:21.534 : C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
26.09.2009 07:32:21.805 : C:\WINDOWS\system32\sfc.dll
26.09.2009 07:32:21.847 : C:\WINDOWS\system32\sfc_os.dll
26.09.2009 07:32:21.888 : C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll
26.09.2009 07:32:21.986 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:32:22.245 : C:\Program Files\Symantec AntiVirus\Cliproxy.dll
26.09.2009 07:32:22.409 : C:\Program Files\Fichiers communs\Symantec Shared\SSC\ScsComms.dll - Symantec Client Security Management Communications Process
26.09.2009 07:32:22.731 : C:\WINDOWS\system32\nts.dll - Part of Symantec Antivirus
26.09.2009 07:32:23.215 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:32:23.401 : C:\WINDOWS\system32\cba.dll - CBA Interface Library, related to Symantec Antivirus
26.09.2009 07:32:23.571 : C:\WINDOWS\system32\msgsys.dll - Application by Intel which assist with LANdesks Alert management System (AMS), related to Symantec Antivirus
26.09.2009 07:32:23.662 : C:\WINDOWS\system32\pds.dll - Intel LANDesk Management Suite, related to Symantec Antivirus
26.09.2009 07:32:23.724 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:32.197 ; C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:40.172 }

 
ProcessId 2296 - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe - 26.09.2009 07:31:45.938 - 25378 ms

 

 

 
{C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe - AVG, bouclier dans les navigateurs Internet : AVG LinkScanner, freeware
26.09.2009 07:31:45.938 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:46.147 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:57.412 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:57.430 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:57.431 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:57.431 : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
26.09.2009 07:31:57.472 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:57.472 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:57.472 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:57.472 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:57.532 : C:\Program Files\AVG\AVGLS\avglogx.dll : AVG LinkScanner Free Edition
26.09.2009 07:31:57.755 : C:\PROGRA~1\AVG\AVGLS\avgwd.dll : AVG LinkScanner Free Edition
26.09.2009 07:31:58.246 : C:\PROGRA~1\AVG\AVGLS\avgcfgx.dll : AVG LinkScanner Free Edition
26.09.2009 07:31:59.927 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:00.707 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:00.707 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:00.707 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:07.394 ; C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:07.476 : C:\PROGRA~1\AVG\AVGLS\avgamnot.dll : AVG LinkScanner Free Edition
26.09.2009 07:32:08.640 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:09.002 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:32:09.605 : C:\PROGRA~1\AVG\AVGLS\avgsched.dll : AVG LinkScanner Free Edition
26.09.2009 07:32:10.220 : C:\WINDOWS\system32\sensapi.dll - This library contains functions used for System Event Notification Service (SENS).

Service d'avis d'événement de système - Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
26.09.2009 07:32:11.317 }

 
ProcessId 2324 - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe - 26.09.2009 07:31:46.914 - 38004 ms

 

 
{C:\Program Files\NVIDIA Corporation\nView\nwiz.exe - Desktop Manager, graphic card, GeForce 8800 GTS
26.09.2009 07:31:46.914 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:46.914 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:06.312 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:06.313 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:06.313 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:06.313 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:06.347 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:06.347 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:06.347 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:06.348 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:06.348 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:06.348 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:06.348 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:06.405 : C:\Program Files\NVIDIA Corporation\nView\nView.dll - used for the configuration of the nVidia nView Control Panel
26.09.2009 07:32:18.434 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:18.472 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:18.472 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:18.473 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:18.531 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:18.553 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:18.575 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:32:18.692 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:32:18.735 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:32:18.735 : C:\Program Files\NVIDIA Corporation\nView\NVWRSFR.dll - used for the configuration of the nVidia nView Control Panel
26.09.2009 07:32:20.713 : C:\WINDOWS\system32\nvwddi.dll - nVidia nView Display Driver Interface Library
26.09.2009 07:32:20.859 : C:\WINDOWS\system32\nvcpl.dll - nVidia Utility in the Control Panel
26.09.2009 07:32:22.559 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:23.023 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:32:23.118 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:23.119 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:32:23.197 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:32:23.239 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:32:23.531 : C:\WINDOWS\system32\nvrsfr.dll - nVidia French language resource library
26.09.2009 07:32:23.576 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:32:23.588 : C:\WINDOWS\system32\nvapi.dll - NV1 Media Accelerator - nVidia Resource Manager
26.09.2009 07:32:23.667 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:23.742 : C:\WINDOWS\system32\nvdisps.dll - belonging to NVIDIA Display Server
26.09.2009 07:32:24.504 : C:\WINDOWS\system32\riched32.dll - contains functions for the Rich Text Edit control
26.09.2009 07:32:24.863 : C:\WINDOWS\system32\riched20.dll
26.09.2009 07:32:24.919 }

 
ProcessId 2368 - C:\WINDOWS\system32\rundll32.exe - 26.09.2009 07:31:48.673 - 48660 ms

 
{C:\WINDOWS\system32\rundll32.exe - "Run a DLL as a 32-bit application"

Charge les librairies dynamiques (DLLs) en mémoire afin de les rendre utilisables par d'autres programmes.

 

 
26.09.2009 07:31:48.673 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:48.675 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:08.130 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:08.139 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:08.139 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:08.140 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:08.140 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:32:08.161 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:32:08.404 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:08.404 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:08.404 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:08.404 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:08.445 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:08.446 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:08.446 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:32:08.488 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:08.488 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:08.488 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:08.489 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:08.489 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:32:08.641 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:08.835 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:08.890 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:08.908 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:22.792 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:22.829 : C:\WINDOWS\system32\nvcpl.dll - nVidia Display Driver
26.09.2009 07:32:23.054 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:23.055 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:32:23.204 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:32:23.234 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:32:23.256 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:23.442 : C:\WINDOWS\system32\nvrsfr.dll - nVidia Display Driver
26.09.2009 07:32:23.468 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:32:23.494 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:32:23.666 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:23.798 : C:\WINDOWS\system32\nvapi.dll
26.09.2009 07:32:23.925 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:24.166 : C:\WINDOWS\system32\nvdisps.dll
26.09.2009 07:32:25.605 : C:\WINDOWS\system32\ntmarta.dll
26.09.2009 07:32:27.833 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:32:27.866 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:32:27.866 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:37.334 }
 

ProcessId 2376 - C:\WINDOWS\system32\rundll32.exe - 26.09.2009 07:31:49.056 - 54151 ms

 
{C:\WINDOWS\system32\rundll32.exe
26.09.2009 07:31:49.056 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:49.056 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:10.273 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:10.276 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:10.276 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:10.276 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:10.276 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:32:10.309 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:32:10.536 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:10.536 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:10.536 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:10.536 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:10.587 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:10.587 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:10.587 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:32:10.621 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:10.621 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:10.621 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:10.621 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:10.621 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:32:10.816 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:10.965 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:10.985 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:11.003 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:28.170 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:28.251 : C:\WINDOWS\system32\nvmctray.dll - nVidia Media Center Library
26.09.2009 07:32:28.768 : C:\WINDOWS\system32\nvcpl.dll
26.09.2009 07:32:28.839 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:28.850 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:32:28.919 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:32:28.973 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:32:29.008 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:29.121 : C:\WINDOWS\system32\nvrsfr.dll - nVidia Display Driver
26.09.2009 07:32:29.144 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:32:29.170 : C:\WINDOWS\system32\nvapi.dll - nVidia Display Driver
26.09.2009 07:32:29.227 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:29.304 : C:\WINDOWS\system32\nvdisps.dll
26.09.2009 07:32:31.680 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:32.450 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:32:32.617 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:32.706 : C:\WINDOWS\system32\nvcpl.dll
26.09.2009 07:32:32.781 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:32.793 : C:\WINDOWS\system32\winspool.drv
26.09.2009 07:32:32.879 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:32:32.911 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:32:32.936 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:33.055 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:32:33.075 : C:\WINDOWS\system32\nvrsfr.dll
26.09.2009 07:32:33.113 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:43.207 }

 
ProcessId 2416 - C:\WINDOWS\system32\CTxfispi.exe - 26.09.2009 07:31:49.888 - 49433 ms

 
{C:\WINDOWS\system32\CTxfispi.exe - Part of Creative Audio Utility.
26.09.2009 07:31:49.888 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:49.888 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:09.606 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:09.607 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:09.607 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:09.607 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:09.608 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:09.608 : C:\WINDOWS\system32\mfc42.dll
26.09.2009 07:32:09.653 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:09.653 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:09.699 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:09.699 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:09.700 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:09.700 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:09.700 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:09.724 : C:\WINDOWS\system32\ctosuser.dll - Creative Audio OS Services Module
26.09.2009 07:32:09.747 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:09.811 : C:\WINDOWS\system32\mfc42loc.dll
26.09.2009 07:32:09.836 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:23.056 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:23.137 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:23.468 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:23.495 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:24.137 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:24.602 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:24.748 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:25.574 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:25.575 : C:\WINDOWS\system32\ctdproxy.dll - Creative Audio EMU10Kx Driver Proxy
26.09.2009 07:32:25.824 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:25.913 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:25.913 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:25.913 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:25.913 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:32:27.822 : C:\WINDOWS\system32\cttele32.dll - Part of Creative Audio Utility.
26.09.2009 07:32:28.668 : C:\WINDOWS\system32\ctdproxy.dll
26.09.2009 07:32:28.854 : C:\WINDOWS\system32\piaproxy.dll - Creative E-mu Plug-in Architecture Device Driver Proxy
26.09.2009 07:32:29.004 : C:\WINDOWS\system32\ctdproxy.dll
26.09.2009 07:32:29.101 : C:\WINDOWS\system32\piaproxy.dll
26.09.2009 07:32:29.158 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:35.259 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:39.321 }

 
ProcessId 2428 - C:\Program Files\TClockEx\TCLOCKEX.EXE - 26.09.2009 07:31:50.315 - 34986 ms

 
{C:\Program Files\TClockEx\TCLOCKEX.EXE - permet de personnaliser l'horloge Windows, freeware
26.09.2009 07:31:50.315 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:50.315 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:10.268 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:10.269 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:10.269 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:10.269 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:10.269 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:10.269 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:10.269 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:10.270 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:10.270 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:10.270 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:10.270 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:10.387 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:25.132 : C:\Program Files\TClockEx\TCLOCKEX.DLL
26.09.2009 07:32:25.302 }

 
ProcessId 2440 - C:\WINDOWS\system32\ctfmon.exe - 26.09.2009 07:31:51.049 - 49421 ms

 
{C:\WINDOWS\system32\ctfmon.exe - Alternative User Input Services.

Sert à gérer les entrées de saisie texte alternatives telles que les logiciels de reconnaissance de la voix (Speech recognition), les logiciels de reconnaissance d'écriture, les claviers braille ou toute alternative au clavier.
26.09.2009 07:31:51.049 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:51.049 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:12.856 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:12.857 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:12.857 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:12.857 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:12.858 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:12.858 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:12.858 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:12.948 : C:\WINDOWS\system32\msutb.dll - Microsoft MSUTB Server

Semble être invoqué par la "barre de langue Windows", par les "Icônes de barre de langue" ?
26.09.2009 07:32:12.981 : C:\WINDOWS\system32\shimeng.dll
26.09.2009 07:32:13.036 : C:\WINDOWS\AppPatch\acgenral.dll
26.09.2009 07:32:13.287 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:13.320 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:13.320 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:13.321 : C:\WINDOWS\system32\msacm32.dll
26.09.2009 07:32:13.343 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:13.344 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:13.344 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:13.344 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:13.344 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:32:13.484 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:13.577 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:13.602 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:13.628 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:30.768 : C:\WINDOWS\ime\sptip.dll - Microsoft SAPI - Part of TCP/IP Module
26.09.2009 07:32:31.064 : C:\WINDOWS\system32\oleacc.dll
26.09.2009 07:32:31.118 : C:\WINDOWS\system32\msvcp60.dll
26.09.2009 07:32:31.146 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:31.422 : C:\WINDOWS\system32\mlang.dll - Module that provides multi-language support functions
26.09.2009 07:32:32.388 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:40.470 }

 
ProcessId 2468 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
26.09.2009 07:31:53.182 - 44858 ms

 
{C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

sera éliminé

26.09.2009 07:31:53.182 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:53.182 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:17.866 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:17.867 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:17.867 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:17.867 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:17.867 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:17.868 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:17.868 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:17.868 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:17.995 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:17.998 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:17.998 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:34.884 : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\goopdate.dll
26.09.2009 07:32:34.974 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:34.974 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:34.997 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:35.013 : C:\WINDOWS\system32\dbghelp.dll
26.09.2009 07:32:35.035 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:35.036 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:32:35.251 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:35.659 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:36.620 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:36.620 : C:\WINDOWS\system32\mstask.dll - Multi Language Support Library

26.09.2009 07:32:37.824 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:37.930 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:32:37.930 : C:\WINDOWS\system32\ntdsapi.dll
26.09.2009 07:32:37.978 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:32:38.040 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:32:38.040 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:38.040 }

 
ProcessId 2484 - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - 26.09.2009 07:31:53.980 - 51511 ms

 

 
{C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

GoogleToolbarNotifier is a companion to the Google Toolbar.

This executable is necessary to enable the Search Settings Notifier feature of the Toolbar.

This feature lets you keep Google as your default search engine and prevents this setting from being changed without your consent.

sera éliminé

26.09.2009 07:31:53.980 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:53.980 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:13.876 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:13.878 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:13.878 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:13.878 : C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll
26.09.2009 07:32:13.953 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:13.954 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:13.954 : C:\WINDOWS\system32\iphlpapi.dll
26.09.2009 07:32:13.976 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:13.976 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:14.002 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:14.021 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:14.041 : C:\WINDOWS\system32\rasapi32.dll
26.09.2009 07:32:14.085 : C:\WINDOWS\system32\rasman.dll
26.09.2009 07:32:14.176 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:14.176 : C:\WINDOWS\system32\tapi32.dll
26.09.2009 07:32:14.270 : C:\WINDOWS\system32\rtutils.dll
26.09.2009 07:32:14.298 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:14.298 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:14.365 : C:\WINDOWS\system32\wininet.dll
26.09.2009 07:32:14.365 : C:\WINDOWS\system32\normaliz.dll
26.09.2009 07:32:14.365 : C:\WINDOWS\system32\iertutil.dll
26.09.2009 07:32:14.365 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:14.366 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:14.366 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:14.516 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:14.537 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:14.556 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:14.989 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:15.435 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:31.912 : C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
26.09.2009 07:32:32.112 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:32.149 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:32.149 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:32.149 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:32.149 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:32.149 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:32.237 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:35.101 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:35.424 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:35.555 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:36.330 : C:\WINDOWS\system32\rsaenh.dll
26.09.2009 07:32:36.548 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:32:37.708 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:32:38.424 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:32:38.475 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:42.493 : C:\WINDOWS\system32\mprapi.dll
26.09.2009 07:32:45.301 : C:\WINDOWS\system32\activeds.dll
26.09.2009 07:32:45.332 : C:\WINDOWS\system32\adsldpc.dll
26.09.2009 07:32:45.395 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:32:45.395 : C:\WINDOWS\system32\atl.dll
26.09.2009 07:32:45.475 : C:\WINDOWS\system32\samlib.dll
26.09.2009 07:32:45.491 }

 
ProcessId 2512 - C:\Program Files\Microsoft Hardware\Mouse\point32.exe - 26.09.2009 07:31:55.488 - 43384 ms

 

 
{C:\Program Files\Microsoft Hardware\Mouse\point32.exe
26.09.2009 07:31:55.488 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:55.488 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:20.062 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:20.066 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:20.066 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:20.066 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:20.067 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:20.067 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:20.067 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:20.067 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:20.068 : C:\Program Files\Microsoft Hardware\Mouse\cmtool32.dll
26.09.2009 07:32:20.109 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:20.109 : C:\Program Files\Microsoft Hardware\Mouse\mshlocal.dll
26.09.2009 07:32:20.131 : C:\Program Files\Microsoft Hardware\Mouse\MSLNG32.dll
26.09.2009 07:32:20.178 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:20.200 : C:\Program Files\Microsoft Hardware\Mouse\point32.dll
26.09.2009 07:32:20.220 : C:\WINDOWS\system32\wininet.dll
26.09.2009 07:32:20.220 : C:\WINDOWS\system32\normaliz.dll
26.09.2009 07:32:20.221 : C:\WINDOWS\system32\iertutil.dll
26.09.2009 07:32:20.221 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:20.295 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:35.970 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:36.013 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:36.923 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:37.307 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:37.493 : C:\WINDOWS\system32\wtsapi32.dll
26.09.2009 07:32:37.677 : C:\WINDOWS\system32\winsta.dll
26.09.2009 07:32:37.741 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:37.743 : C:\WINDOWS\system32\hid.dll - a library file for the USB interface HID, which processes user interface devices.
26.09.2009 07:32:37.833 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:38.344 : C:\WINDOWS\system32\psapi.dll
26.09.2009 07:32:38.397 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:38.610 : C:\WINDOWS\system32\hid.dll
26.09.2009 07:32:38.641 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:38.644 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:38.645 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:38.645 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:38.645 : C:\WINDOWS\system32\hid.dll
26.09.2009 07:32:38.678 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:38.791 : C:\Program Files\Microsoft Hardware\Mouse\IP4xBatt.dll
26.09.2009 07:32:38.873 }

 
ProcessId 2524 - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe - 26.09.2009 07:31:56.570 - 10119 ms

 
{C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
26.09.2009 07:31:56.570 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:56.570 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:56.640 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:31:56.641 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:31:56.641 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:31:56.641 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:31:56.641 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:31:56.641 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:31:56.642 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:31:56.642 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:31:56.642 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:31:56.642 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:31:56.642 : C:\WINDOWS\system32\version.dll
26.09.2009 07:31:56.643 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:31:56.700 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:06.689 }

 
ProcessId 2572 - C:\Program Files\Symantec AntiVirus\DefWatch.exe - 26.09.2009 07:31:58.270 - 0 ms

 
{C:\Program Files\Symantec AntiVirus\DefWatch.exe
26.09.2009 07:31:58.270 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:58.270 }

 
ProcessId 2592 - C:\Program Files\Greatis\BootLog XP\BootLogXP.exe - 26.09.2009 07:31:59.535 - 154217 ms

 
{C:\Program Files\Greatis\BootLog XP\BootLogXP.exe : utilisé pour obtenir la base de ce log.
26.09.2009 07:31:59.535 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:31:59.535 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:31:59.538 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:01.044 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:01.045 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:01.045 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:32:01.045 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:01.045 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:01.045 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:01.046 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:01.046 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:01.046 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:01.046 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:01.046 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:01.046 : C:\WINDOWS\system32\shfolder.dll
26.09.2009 07:32:01.102 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:01.102 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:01.103 : C:\WINDOWS\system32\olepro32.dll
26.09.2009 07:32:01.147 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:01.205 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:07.772 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:32:08.031 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:08.077 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:08.107 : C:\WINDOWS\system32\msctfime.ime
26.09.2009 07:32:08.671 : C:\WINDOWS\system32\uxtheme.dll
26.09.2009 07:32:08.817 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:08.961 : C:\WINDOWS\system32\perfos.dll
26.09.2009 07:32:10.178 : C:\WINDOWS\system32\msctf.dll
26.09.2009 07:32:31.813 : C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
26.09.2009 07:32:39.265 : C:\WINDOWS\system32\ctagent.dll
26.09.2009 07:32:46.459 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:34:33.166 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:34:33.177 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:34:33.178 : C:\WINDOWS\system32\urlmon.dll
26.09.2009 07:34:33.181 : C:\WINDOWS\system32\iertutil.dll
26.09.2009 07:34:33.181 : C:\WINDOWS\system32\apphelp.dll
26.09.2009 07:34:33.700 : C:\Program Files\Greatis\BootLog XP\LFA.dll
26.09.2009 07:34:33.753 }

 
ProcessId 2720 - C:\PROGRA~1\AVG\AVGLS\avgnsx.exe - 26.09.2009 07:32:09.738 - 34413 ms

 
{C:\PROGRA~1\AVG\AVGLS\avgnsx.exe - AVG Security Toolbar
26.09.2009 07:32:09.738 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:32:09.813 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:37.868 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:37.945 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:37.945 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:37.946 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:37.946 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:37.946 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:38.025 : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
26.09.2009 07:32:38.077 : C:\Program Files\AVG\AVGLS\avglogx.dll
26.09.2009 07:32:38.223 : C:\PROGRA~1\AVG\AVGLS\avgcfgx.dll
26.09.2009 07:32:38.475 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:38.572 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:38.572 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:38.572 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:38.572 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:38.572 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:38.712 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:44.089 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:44.151 }

 
ProcessId 3060 - C:\Program Files\Symantec AntiVirus\DoScan.exe - 26.09.2009 07:32:23.761 - 21256 ms

 
{C:\Program Files\Symantec AntiVirus\DoScan.exe - Analyse rapide au démarrage.
26.09.2009 07:32:23.761 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:32:23.762 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:38.432 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:38.433 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:38.433 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:38.433 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:38.433 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:38.433 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:38.433 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:38.433 : C:\WINDOWS\system32\msvcr71.dll
26.09.2009 07:32:38.485 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:38.641 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:38.784 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:39.258 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:39.258 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:39.258 : C:\WINDOWS\system32\msi.dll
26.09.2009 07:32:39.381 : C:\Program Files\Symantec AntiVirus\Cliscan.dll
26.09.2009 07:32:39.640 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:32:39.640 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:39.641 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:39.641 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:39.641 : C:\WINDOWS\system32\msvcp71.dll
26.09.2009 07:32:39.661 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:44.828 : C:\WINDOWS\system32\shfolder.dll
26.09.2009 07:32:44.906 : C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
26.09.2009 07:32:44.947 : C:\WINDOWS\system32\sfc.dll
26.09.2009 07:32:44.974 : C:\WINDOWS\system32\sfc_os.dll
26.09.2009 07:32:44.995 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:44.996 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:44.996 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:44.996 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:44.996 : C:\WINDOWS\system32\sxs.dll
26.09.2009 07:32:45.018 }

 
ProcessId 4040 - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - 26.09.2009 07:32:29.241 - 19123 ms

 
{C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

sera éliminé

26.09.2009 07:32:29.241 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:32:29.241 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:46.265 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:46.266 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:46.266 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:46.267 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:46.267 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:46.267 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:46.267 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:46.267 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:46.268 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:46.268 : C:\WINDOWS\system32\crypt32.dll
26.09.2009 07:32:46.268 : C:\WINDOWS\system32\msasn1.dll
26.09.2009 07:32:46.268 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:46.268 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:46.268 : C:\WINDOWS\system32\wintrust.dll
26.09.2009 07:32:46.269 : C:\WINDOWS\system32\imagehlp.dll
26.09.2009 07:32:46.269 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:46.338 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:46.960 : C:\WINDOWS\system32\comctl32.dll
26.09.2009 07:32:47.000 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:32:47.397 : C:\WINDOWS\system32\clbcatq.dll
26.09.2009 07:32:47.477 : C:\WINDOWS\system32\comres.dll
26.09.2009 07:32:48.009 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:48.113 : C:\WINDOWS\system32\mstask.dll
26.09.2009 07:32:48.258 : C:\WINDOWS\system32\comdlg32.dll
26.09.2009 07:32:48.283 : C:\WINDOWS\system32\mpr.dll
26.09.2009 07:32:48.283 : C:\WINDOWS\system32\ntdsapi.dll
26.09.2009 07:32:48.303 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:32:48.324 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:48.347 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:48.364 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:48.364 : C:\WINDOWS\system32\wldap32.dll
26.09.2009 07:32:48.365 : C:\WINDOWS\system32\userenv.dll
26.09.2009 07:32:48.365 }

 
ProcessId 3948 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

26.09.2009 07:32:35.368 - 12970 ms

 
{C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

sera éliminé

26.09.2009 07:32:35.368 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:32:35.368 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:35.386 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:35.389 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:35.389 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:35.389 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:35.389 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:35.389 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:35.390 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:35.390 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:35.569 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:35.577 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:35.577 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:38.157 : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\goopdate.dll
26.09.2009 07:32:38.394 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:38.394 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:38.458 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:38.525 : C:\WINDOWS\system32\dbghelp.dll
26.09.2009 07:32:38.574 : C:\WINDOWS\system32\version.dll
26.09.2009 07:32:38.574 : C:\WINDOWS\system32\xpsp2res.dll
26.09.2009 07:32:41.472 : C:\WINDOWS\system32\winhttp.dll
26.09.2009 07:32:41.542 : C:\WINDOWS\system32\wtsapi32.dll
26.09.2009 07:32:41.574 : C:\WINDOWS\system32\winsta.dll
26.09.2009 07:32:41.592 : C:\WINDOWS\system32\setupapi.dll
26.09.2009 07:32:41.633 : C:\WINDOWS\system32\rasapi32.dll
26.09.2009 07:32:41.886 : C:\WINDOWS\system32\rasman.dll
26.09.2009 07:32:41.910 : C:\WINDOWS\system32\tapi32.dll
26.09.2009 07:32:41.934 : C:\WINDOWS\system32\rtutils.dll
26.09.2009 07:32:41.958 : C:\WINDOWS\system32\winmm.dll
26.09.2009 07:32:41.983 : C:\WINDOWS\system32\serwvdrv.dll
26.09.2009 07:32:42.005 : C:\WINDOWS\system32\umdmxfrm.dll
26.09.2009 07:32:42.029 : C:\WINDOWS\system32\imon.dll
26.09.2009 07:32:42.201 : C:\WINDOWS\system32\wsock32.dll
26.09.2009 07:32:42.217 : C:\WINDOWS\system32\mswsock.dll
26.09.2009 07:32:42.585 : C:\WINDOWS\system32\hnetcfg.dll
26.09.2009 07:32:42.618 : C:\WINDOWS\system32\wshtcpip.dll
26.09.2009 07:32:42.651 : C:\WINDOWS\system32\dnsapi.dll
26.09.2009 07:32:42.690 : C:\WINDOWS\system32\rasadhlp.dll
26.09.2009 07:32:48.076 : C:\WINDOWS\system32\oleaut32.dll
26.09.2009 07:32:48.338 }

 
ProcessId 440 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
26.09.2009 07:32:35.558 - 12839 ms

 
{C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe

GoogleCrashHandler.exe runs continuously on your computer if you've selected to send anonymous usage statistics and crash reports to Google for certain Google software, like Google Chrome. It helps send crash details to Google when your Google software unexpectedly shuts down.

sera éliminé

26.09.2009 07:32:35.558 : C:\WINDOWS\system32\ntdll.dll
26.09.2009 07:32:35.558 : C:\WINDOWS\system32\kernel32.dll
26.09.2009 07:32:46.565 : C:\WINDOWS\system32\advapi32.dll
26.09.2009 07:32:46.566 : C:\WINDOWS\system32\rpcrt4.dll
26.09.2009 07:32:46.566 : C:\WINDOWS\system32\secur32.dll
26.09.2009 07:32:46.566 : C:\WINDOWS\system32\ole32.dll
26.09.2009 07:32:46.566 : C:\WINDOWS\system32\gdi32.dll
26.09.2009 07:32:46.567 : C:\WINDOWS\system32\user32.dll
26.09.2009 07:32:46.567 : C:\WINDOWS\system32\msvcrt.dll
26.09.2009 07:32:46.567 : C:\WINDOWS\system32\imm32.dll
26.09.2009 07:32:46.622 : C:\WINDOWS\system32\shlwapi.dll
26.09.2009 07:32:46.625 : C:\WINDOWS\system32\shell32.dll
26.09.2009 07:32:46.625 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
26.09.2009 07:32:47.594 : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\goopdate.dll
26.09.2009 07:32:47.712 : C:\WINDOWS\system32\netapi32.dll
26.09.2009 07:32:47.712 : C:\WINDOWS\system32\ws2_32.dll
26.09.2009 07:32:47.742 : C:\WINDOWS\system32\ws2help.dll
26.09.2009 07:32:47.762 : C:\WINDOWS\system32\dbghelp.dll
26.09.2009 07:32:47.798 : C:\