Seven : log des fichiers/dossiers ouverts

Seven : log des fichiers/dossiers ouverts - Sécurité - Systèmes & Réseaux Pro

Marsh Posté le 25-03-2014 à 18:35:40    

un soft comme LastActivityView est apte à lister les fichiers/dossiers ouverts (entre autres).
Je n'arrive pas à trouver sur ce point précis sur quel fichier log de Windows il s'appuie :??:
Quelqu'un a une idée ?
Merci d'avance.


Marsh Posté le 25-03-2014 à 18:35:40   


Marsh Posté le 25-03-2014 à 20:41:10    

haaaa , le fameux outil "magique" qui fait impression la première fois que tu le montre aux utilisateurs :D
y'a pas l'info sur le site ?
Events log of Windows operating system: The following events are taken from the Events log of Windows: User Logon, User Logoff, Windows Installer Started, Windows Installer Ended, System Started, System Shutdown, Resumed from sleep, Restore Point Created, Network Connected, Network Disconnected, Software Crash, Software stopped responding (hang)
Windows operating system doesn't allow you to delete individual items from the events log, but you can easily clear the entire events log. In order to to clear the entire events log, simply go to Control Panel -> Administrative Tools -> Event Viewer , and then choose to clear (Action -> Clear All Events) all major types of events logs (Application, Security, System...)
Windows Prefetch Folder: The Prefetch folder of Windows is usually located under C:\windows\Prefetch and it's used by windows to optimize the performances of running applications. Every time that you run an executable (.exe) file, .pf file is generated under this folder. LastActivityView uses this folder for 'Run .EXE file' event.
In order to delete all 'Run .EXE file' events shown by LastActivityView, simply delete all .pf files under the Prefetch folder.
Open/Save MRU list in the Registry: Every time that you choose a filename in a standard open/save dialog-box of Windows, a new Registry entry is added under the following key:
On Windows XP and previous systems: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
On Windows 7/8/2008: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU
LastActivityView uses the above Registry keys for the 'Select file in open/save dialog-box' event.
If you delete the entries under the above Registry keys (with RegEdit), Windows will not rememeber your last saved file/folder.
Recent Folder: Every time that you open a file, a new shortcut to this file is added to the recent folder of Windows, located under C:\Documents and Settings\[User Profile]\Recent or C:\Users\[User Profile]\Recent
LastActivityView uses the recent folder of Windows to add the 'Open file or folder' event. You can delete this type of event simply by deleting all shortcuts under the recent folder of Windows.

Windows Shell Bags Regsitry key: Windows Explorer remembers the settings (position, Size, columns position, and so on) or every folder you open by storing it under the following Registry keys:
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell
LastActivityView uses the above Registry keys to add the 'View Folder in Explorer' event. If you delete the subkeys under the above Registry keys (With RegEdit), Windows will "forget" the settings of all folders.
Software Uninstall Registry Key: The 'Software Installation' event is taken from the following Registry keys:
Warning !!!!
If you delete any Entry from these Registry keys, you'll not be able to uninstall the software in the future !

Message édité par akizan le 25-03-2014 à 20:43:05

Marsh Posté le 25-03-2014 à 20:45:57    

Bon après recherches, je me réponds à moi même : il s'appuie sur les shellbags.


Marsh Posté le 25-03-2014 à 20:47:13    

akizan -> nos posts se sont croisés. Merci :jap:


Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed