Check alle échte Black Friday-deals Ook zo moe van nepaanbiedingen? Wij laten alleen échte deals zien
Toon posts:

[OL2003] Afbeelding per e-mail verzenden - optie

Pagina: 1
Acties:

dinsdag 11 maart 2008 18:08

Acties:

Verwijderd

Topicstarter
Op een Windows 2003 Terminal Server willen gebruikers deze optie gaan gebruiken.
Als Administrator werkt dit prima, maar als gebruiker gebeurd er simpel weg niks.

Dit zou kunnen zijn doordat er verkeerde of te weinig rechten aanwezig zijn voor die gebruiker.
Maar zoals ieder ander moet je wel weten waar je die rechten toe moet passen.

Via Google kwam ik op enorm veel links uit m.b.t. Outlook Express.
Regedit heb ik nagekeken voor de bekende locaties van Office en Root Classes, etc.

Maar heb tot op heden nog niks gevonden en vroeg mij af of iemand hier er iets meer van weet?

Iemand enig idee?

dinsdag 11 maart 2008 18:33

Acties:
  • F_J_K
  • Registratie: Juni 2001
  • Niet online

F_J_K

Moderator CSA/PB

Front verplichte underscores

Iemand enig idee?
Log de boel eens als het foutloopt en scan op errors. http://technet.microsoft....ysinternals/bb896645.aspx

'Multiple exclamation marks,' he went on, shaking his head, 'are a sure sign of a diseased mind' (Terry Pratchett, Eric)

dinsdag 11 maart 2008 20:32

Acties:

Verwijderd

Topicstarter
F_J_K schreef op dinsdag 11 maart 2008 @ 18:33:
[...]

Log de boel eens als het foutloopt en scan op errors. http://technet.microsoft....ysinternals/bb896645.aspx
Het volgende kwam ik tegen met de programma\s File Monitor en Process Monitor in een kale VMware omgeving.

File Monitor
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

20:23:26    explorer.exe:1480   OPEN    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Options: Open  Access: Read 
20:23:26    explorer.exe:1480   QUERY INFORMATION   C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS FileFsVolumeInformation 
20:23:26    explorer.exe:1480   QUERY INFORMATION   C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    BUFFER OVERFLOW FileAllInformation  
20:23:26    explorer.exe:1480   READ    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0 Length: 4096  
20:23:26    explorer.exe:1480   READ    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0 Length: 4096  
20:23:26    explorer.exe:1480   READ    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0 Length: 4096  
20:23:26    explorer.exe:1480   READ    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0 Length: 4096  
20:23:26    explorer.exe:1480   READ    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0 Length: 4096  
20:23:26    explorer.exe:1480   READ    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0 Length: 4096  
20:23:26    explorer.exe:1480   CLOSE   C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS     
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\system32\Msimtf.dll  SUCCESS Attributes: A   
20:23:27    explorer.exe:1480   OPEN    C:\WINDOWS\system32\Msimtf.dll  SUCCESS Options: Open  Access: 00100020 
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\system32\Msimtf.dll  SUCCESS Length: 159232  
20:23:27    explorer.exe:1480   CLOSE   C:\WINDOWS\system32\Msimtf.dll  SUCCESS     
20:23:27    explorer.exe:1480   READ    C:  SUCCESS Offset: 193536 Length: 8192 
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\system32\MSCTF.dll   SUCCESS Attributes: A   
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\system32\Msimtf.dll  SUCCESS Attributes: A   
20:23:27    explorer.exe:1480   OPEN    C:\WINDOWS\system32\Msimtf.dll  SUCCESS Options: Open  Access: 00100020 
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\system32\Msimtf.dll  SUCCESS Length: 159232  
20:23:27    explorer.exe:1480   CLOSE   C:\WINDOWS\system32\Msimtf.dll  SUCCESS     
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\Explorer.EXE SUCCESS Attributes: A   
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\Explorer.EXE SUCCESS Attributes: A   
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\Explorer.EXE SUCCESS Attributes: A   
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\Explorer.EXE SUCCESS Attributes: A   
20:23:27    explorer.exe:1480   QUERY INFORMATION   C:\WINDOWS\Explorer.EXE SUCCESS Attributes: A


Process Monitor
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

15722   20:27:51,5380321    Explorer.EXE    1480    CreateFile  C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15723   20:27:51,5381685    Explorer.EXE    1480    QueryInformationVolume  C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS VolumeCreationTime: 26-7-2007 10:53:22, VolumeSerialNumber: 38D6-8D68, SupportsObjects: True, VolumeLabel: 
15724   20:27:51,5382344    Explorer.EXE    1480    QueryAllInformationFile C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    BUFFER OVERFLOW CreationTime: 26-7-2007 9:17:28, LastAccessTime: 11-3-2008 20:23:26, LastWriteTime: 7-9-2001 11:00:00, ChangeTime: 26-7-2007 9:17:28, FileAttributes: A, AllocationSize: 28.672, EndOfFile: 28.521, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x2000000001924, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word
15725   20:27:51,5382777    Explorer.EXE    1480    ReadFile    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0, Length: 4.096
15727   20:27:51,5384654    Explorer.EXE    1480    ReadFile    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0, Length: 4.096
15728   20:27:51,5385286    Explorer.EXE    1480    ReadFile    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0, Length: 4.096
15729   20:27:51,5385839    Explorer.EXE    1480    ReadFile    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0, Length: 4.096
15730   20:27:51,5387074    Explorer.EXE    1480    ReadFile    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0, Length: 4.096
15731   20:27:51,5388306    Explorer.EXE    1480    ReadFile    C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS Offset: 0, Length: 4.096
15732   20:27:51,5402391    Explorer.EXE    1480    CloseFile   C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg    SUCCESS 
15733   20:27:51,5413046    Explorer.EXE    1480    RegOpenKey  HKCU    SUCCESS Desired Access: Maximum Allowed
15734   20:27:51,5413773    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Policies\Microsoft\Control Panel\Desktop  NAME NOT FOUND  Desired Access: Read
15735   20:27:51,5414016    Explorer.EXE    1480    RegOpenKey  HKCU\Control Panel\Desktop  SUCCESS Desired Access: Read
15736   20:27:51,5414387    Explorer.EXE    1480    RegQueryValue   HKCU\Control Panel\Desktop\MultiUILanguageId    NAME NOT FOUND  Length: 256
15737   20:27:51,5414669    Explorer.EXE    1480    RegCloseKey HKCU\Control Panel\Desktop  SUCCESS 
15738   20:27:51,5414954    Explorer.EXE    1480    RegCloseKey HKCU    SUCCESS 
15739   20:27:51,5415756    Explorer.EXE    1480    RegOpenKey  HKCU    SUCCESS Desired Access: Maximum Allowed
15740   20:27:51,5416136    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Policies\Microsoft\Control Panel\Desktop  NAME NOT FOUND  Desired Access: Read
15741   20:27:51,5416323    Explorer.EXE    1480    RegOpenKey  HKCU\Control Panel\Desktop  SUCCESS Desired Access: Read
15742   20:27:51,5416625    Explorer.EXE    1480    RegQueryValue   HKCU\Control Panel\Desktop\MultiUILanguageId    NAME NOT FOUND  Length: 256
15743   20:27:51,5416834    Explorer.EXE    1480    RegCloseKey HKCU\Control Panel\Desktop  SUCCESS 
15744   20:27:51,5417061    Explorer.EXE    1480    RegCloseKey HKCU    SUCCESS 
15745   20:27:51,5423425    Explorer.EXE    1480    RegOpenKey  HKCU\Keyboard Layout\Toggle SUCCESS Desired Access: Read
15746   20:27:51,5423855    Explorer.EXE    1480    RegQueryValue   HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS Type: REG_SZ, Length: 4, Data: 1
15747   20:27:51,5424081    Explorer.EXE    1480    RegQueryValue   HKCU\Keyboard Layout\Toggle\Language Hotkey SUCCESS Type: REG_SZ, Length: 4, Data: 1
15748   20:27:51,5424285    Explorer.EXE    1480    RegQueryValue   HKCU\Keyboard Layout\Toggle\Layout Hotkey   SUCCESS Type: REG_SZ, Length: 4, Data: 2
15749   20:27:51,5424469    Explorer.EXE    1480    RegQueryValue   HKCU\Keyboard Layout\Toggle\Layout Hotkey   SUCCESS Type: REG_SZ, Length: 4, Data: 2
15750   20:27:51,5424916    Explorer.EXE    1480    RegCloseKey HKCU\Keyboard Layout\Toggle SUCCESS 
15751   20:27:51,5492344    Explorer.EXE    1480    RegOpenKey  HKCU\SOFTWARE\Microsoft\CTF\LangBarAddIn    NAME NOT FOUND  Desired Access: Read
15752   20:27:51,5493207    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\LangBarAddIn    NAME NOT FOUND  Desired Access: Read
15753   20:27:51,5515392    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Desired Access: Read
15754   20:27:51,5515970    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}
15755   20:27:51,5516294    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43} NAME NOT FOUND  Desired Access: Read
15756   20:27:51,5516565    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}
15757   20:27:51,5516791    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43} SUCCESS Desired Access: Read
15758   20:27:51,5517202    Explorer.EXE    1480    RegQueryValue   HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43}\Dword   SUCCESS Type: REG_DWORD, Length: 4, Data: 12
15759   20:27:51,5517719    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43} SUCCESS 
15760   20:27:51,5518001    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS 
15761   20:27:51,5518247    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Desired Access: Read
15762   20:27:51,5518554    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}
15763   20:27:51,5518811    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31} NAME NOT FOUND  Desired Access: Read
15764   20:27:51,5519046    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}
15765   20:27:51,5519275    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31} SUCCESS Desired Access: Read
15766   20:27:51,5519610    Explorer.EXE    1480    RegQueryValue   HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31}\Dword   SUCCESS Type: REG_DWORD, Length: 4, Data: 10
15767   20:27:51,5519954    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31} SUCCESS 
15768   20:27:51,5520216    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS 
15769   20:27:51,5520423    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Desired Access: Read
15770   20:27:51,5520672    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}
15771   20:27:51,5520917    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09} NAME NOT FOUND  Desired Access: Read
15772   20:27:51,5521158    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}
15773   20:27:51,5521381    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09} SUCCESS Desired Access: Read
15774   20:27:51,5521708    Explorer.EXE    1480    RegQueryValue   HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09}\Dword   SUCCESS Type: REG_DWORD, Length: 4, Data: 14
15775   20:27:51,5522038    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09} SUCCESS 
15776   20:27:51,5522292    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS 
15777   20:27:51,5522510    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Desired Access: Read
15778   20:27:51,5522758    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}
15779   20:27:51,5522996    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3} NAME NOT FOUND  Desired Access: Read
15780   20:27:51,5523225    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}
15781   20:27:51,5523451    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3} SUCCESS Desired Access: Read
15782   20:27:51,5523781    Explorer.EXE    1480    RegQueryValue   HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3}\Dword   SUCCESS Type: REG_DWORD, Length: 4, Data: 15
15783   20:27:51,5524113    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3} SUCCESS 
15784   20:27:51,5524373    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS 
15785   20:27:51,5524583    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Desired Access: Read
15786   20:27:51,5524834    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}
15787   20:27:51,5525074    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14} NAME NOT FOUND  Desired Access: Read
15788   20:27:51,5525301    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}
15789   20:27:51,5525527    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14} SUCCESS Desired Access: Read
15790   20:27:51,5525859    Explorer.EXE    1480    RegQueryValue   HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14}\Dword   SUCCESS Type: REG_DWORD, Length: 4, Data: 11
15791   20:27:51,5526186    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14} SUCCESS 
15792   20:27:51,5526443    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS 
15793   20:27:51,5526656    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Desired Access: Read
15794   20:27:51,5526901    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}
15795   20:27:51,5527145    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04} NAME NOT FOUND  Desired Access: Read
15796   20:27:51,5527371    Explorer.EXE    1480    RegEnumKey  HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}
15797   20:27:51,5527594    Explorer.EXE    1480    RegOpenKey  HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04} SUCCESS Desired Access: Read
15798   20:27:51,5527930    Explorer.EXE    1480    RegQueryValue   HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04}\Dword   SUCCESS Type: REG_DWORD, Length: 4, Data: 13
15799   20:27:51,5528293    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04} SUCCESS 
15800   20:27:51,5528550    Explorer.EXE    1480    RegCloseKey HKLM\SOFTWARE\Microsoft\CTF\TIP SUCCESS 
15820   20:27:52,5096126    Explorer.EXE    1480    RegQueryKey HKCU\Software\Classes   SUCCESS Query: Name
15821   20:27:52,5097724    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\Explorer.EXE NAME NOT FOUND  Desired Access: Maximum Allowed
15822   20:27:52,5097978    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\Explorer.EXE  SUCCESS Desired Access: Maximum Allowed
15823   20:27:52,5098492    Explorer.EXE    1480    RegQueryKey HKCR\Applications\explorer.exe  SUCCESS Query: Name
15824   20:27:52,5098906    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\explorer.exe NAME NOT FOUND  Desired Access: Maximum Allowed
15825   20:27:52,5099135    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\explorer.exe  SUCCESS Desired Access: Maximum Allowed
15826   20:27:52,5099749    Explorer.EXE    1480    RegCloseKey HKCR\Applications\explorer.exe  SUCCESS 
15827   20:27:52,5099965    Explorer.EXE    1480    RegQueryKey HKCR\Applications\explorer.exe  SUCCESS Query: Name
15828   20:27:52,5100235    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\explorer.exe NAME NOT FOUND  Desired Access: Maximum Allowed
15829   20:27:52,5100515    Explorer.EXE    1480    RegQueryValue   HKCR\Applications\explorer.exe\TaskbarGroupIcon SUCCESS Type: REG_EXPAND_SZ, Length: 58, Data: %SystemRoot%\Explorer.exe,13
15830   20:27:52,5101060    Explorer.EXE    1480    RegCloseKey HKCR\Applications\explorer.exe  SUCCESS 
15831   20:27:52,5102185    Explorer.EXE    1480    RegQueryKey HKCU\Software\Classes   SUCCESS Query: Name
15832   20:27:52,5102445    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\Explorer.EXE NAME NOT FOUND  Desired Access: Maximum Allowed
15833   20:27:52,5102613    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\Explorer.EXE  SUCCESS Desired Access: Maximum Allowed
15834   20:27:52,5102990    Explorer.EXE    1480    RegQueryKey HKCR\Applications\explorer.exe  SUCCESS Query: Name
15835   20:27:52,5103281    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\explorer.exe\shell   NAME NOT FOUND  Desired Access: Maximum Allowed
15836   20:27:52,5103582    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\explorer.exe\shell    NAME NOT FOUND  Desired Access: Maximum Allowed
15837   20:27:52,5103895    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache    SUCCESS Desired Access: Maximum Allowed
15838   20:27:52,5104189    Explorer.EXE    1480    RegQueryValue   HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE    SUCCESS Type: REG_SZ, Length: 36, Data: Windows Verkenner
15839   20:27:52,5104663    Explorer.EXE    1480    RegCloseKey HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache    SUCCESS 
15840   20:27:52,5104962    Explorer.EXE    1480    RegCloseKey HKCR\Applications\explorer.exe  SUCCESS 
15841   20:27:52,5109636    Explorer.EXE    1480    RegQueryKey HKCU\Software\Classes   SUCCESS Query: Name
15842   20:27:52,5109902    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\Explorer.EXE NAME NOT FOUND  Desired Access: Maximum Allowed
15843   20:27:52,5110100    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\Explorer.EXE  SUCCESS Desired Access: Maximum Allowed
15844   20:27:52,5110499    Explorer.EXE    1480    RegQueryKey HKCR\Applications\explorer.exe  SUCCESS Query: Name
15845   20:27:52,5110849    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\explorer.exe NAME NOT FOUND  Desired Access: Maximum Allowed
15846   20:27:52,5111064    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\explorer.exe  SUCCESS Desired Access: Maximum Allowed
15847   20:27:52,5111508    Explorer.EXE    1480    RegCloseKey HKCR\Applications\explorer.exe  SUCCESS 
15848   20:27:52,5111720    Explorer.EXE    1480    RegQueryKey HKCR\Applications\explorer.exe  SUCCESS Query: Name
15849   20:27:52,5111983    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\explorer.exe NAME NOT FOUND  Desired Access: Maximum Allowed
15850   20:27:52,5112259    Explorer.EXE    1480    RegQueryValue   HKCR\Applications\explorer.exe\TaskbarGroupIcon SUCCESS Type: REG_EXPAND_SZ, Length: 58, Data: %SystemRoot%\Explorer.exe,13
15851   20:27:52,5112695    Explorer.EXE    1480    RegCloseKey HKCR\Applications\explorer.exe  SUCCESS 
15852   20:27:52,5116905    Explorer.EXE    1480    RegQueryKey HKCU\Software\Classes   SUCCESS Query: Name
15853   20:27:52,5117215    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\Explorer.EXE NAME NOT FOUND  Desired Access: Maximum Allowed
15854   20:27:52,5117400    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\Explorer.EXE  SUCCESS Desired Access: Maximum Allowed
15855   20:27:52,5117819    Explorer.EXE    1480    RegQueryKey HKCR\Applications\explorer.exe  SUCCESS Query: Name
15856   20:27:52,5118123    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Classes\Applications\explorer.exe\shell   NAME NOT FOUND  Desired Access: Maximum Allowed
15857   20:27:52,5118355    Explorer.EXE    1480    RegOpenKey  HKCR\Applications\explorer.exe\shell    NAME NOT FOUND  Desired Access: Maximum Allowed
15858   20:27:52,5118643    Explorer.EXE    1480    RegOpenKey  HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache    SUCCESS Desired Access: Maximum Allowed
15859   20:27:52,5118942    Explorer.EXE    1480    RegQueryValue   HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE    SUCCESS Type: REG_SZ, Length: 36, Data: Windows Verkenner
15860   20:27:52,5119470    Explorer.EXE    1480    RegCloseKey HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache    SUCCESS 
15861   20:27:52,5119774    Explorer.EXE    1480    RegCloseKey HKCR\Applications\explorer.exe  SUCCESS 
15862   20:27:52,5120830    Explorer.EXE    1480    RegCreateKey    HKCU\SessionInformation SUCCESS Desired Access: Set Value
15863   20:27:52,5122029    Explorer.EXE    1480    RegSetValue HKCU\SessionInformation\ProgramCount    SUCCESS Type: REG_DWORD, Length: 4, Data: 2
15864   20:27:52,5122275    Explorer.EXE    1480    RegCloseKey HKCU\SessionInformation SUCCESS


Ik heb geen idee wat je eventueel met deze informatie zou kunnen bereiken.
Ik heb vaker met deze tools dingen geprobeert te vinden, maar met de informatie hieruit kom ik geen stap verder. Waarschijnelijk zie ik iets over het hoofd of met wat tips dat ik het heldere licht wel in één keer zie.

woensdag 12 maart 2008 00:04

Acties:
  • F_J_K
  • Registratie: Juni 2001
  • Niet online

F_J_K

Moderator CSA/PB

Front verplichte underscores

en scan op errors.
Haal eerst eens alles dat succesvol verliep weg. daar ben je niet in geteinterreseerd en is met 1 vinkje weggetoverd. Die hele lijst ga ik iig ook niet doornemen, bedtijd ;)

'Multiple exclamation marks,' he went on, shaking his head, 'are a sure sign of a diseased mind' (Terry Pratchett, Eric)

woensdag 12 maart 2008 08:50

Acties:

Verwijderd

Topicstarter
F_J_K schreef op woensdag 12 maart 2008 @ 00:04:
[...]

Haal eerst eens alles dat succesvol verliep weg. daar ben je niet in geteinterreseerd en is met 1 vinkje weggetoverd. Die hele lijst ga ik iig ook niet doornemen, bedtijd ;)
Misschien is dat niet zo heel erg handig, aangezien dit in een VMware is gestart en daar alles wel prima werkt. Dan zou ik Process Monitor op de Terminal Server als een gebruiker moeten starten en dan vervolgens de succesvolle acties verbergen.

Is er geen andere manier?
Ik kan geen enkele regisrty entry vinden of welke executable hiervoor wordt gebruikt vinden.
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq