Sujet Précédent Sujet Suivant

Virus Live Security Platinum

Résolu/Fermé
Abos - 15 oct. 2012 à 16:27
 Utilisateur anonyme - 16 oct. 2012 à 16:06
Bonjour,

Mon amie a récupéré Live Security Platinum en allant sur un site apparemment anodin.
J'ai réussi à débloquer mon ordinateur en le désinstallant avec ccleaner en mode sans échec, puis j'ai lancé MalwareByte's Anti-Malware pour essayer de l'éradiquer (j'ai conservé les 2 rapports : avant et après la suppression des programmes malveillants) mais il semble que je sois toujours infecté car mon antivirus MSE est toujours inactif et je suis bloqué sur certains téléchargements...

Je ne sais pas si c'est Live Security Platinum qui me fait encore des siennes ou si j'ai également eu la chance de récupérer le rootkit ZeroAccess...

Bref, j'aurai besoin d'un coup de main ; merci d'avance pour votre aide !!!

J'ai également préparé un scan avec combofix, je peux vous transmettre les rapports.



A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
serguey33 Messages postés 121 Date d'inscription dimanche 14 octobre 2012 Statut Membre Dernière intervention 8 novembre 2012 18
15 oct. 2012 à 16:34
Je vous renvoie au tres bon site
www.anti-spyware-101.com/fr/enlever-live-security-platinum
0
Abos
15 oct. 2012 à 16:55
Merci pour la réponse, mais vu les avis sur internet je préférerai me passer de spyhunter...
0
Réponse 2 / 23
serguey33 Messages postés 121 Date d'inscription dimanche 14 octobre 2012 Statut Membre Dernière intervention 8 novembre 2012 18
15 oct. 2012 à 17:00
connaissez vous regedit ?
0
Réponse 3 / 23
Abos
15 oct. 2012 à 17:12
oui oui
0
Réponse 4 / 23
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
15 oct. 2012 à 17:15
Oulah stop

Abos

je préviens de suite un contributeur séurité

seguey33 spyhunter est un rogue désolé
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
Utilisateur anonyme
15 oct. 2012 à 17:23
Bonjour,

http://www.security-helpzone.com/Thread-Supprimer-Live-Security-Platinium

Merci d'utiliser Pre_Scan :-)
0
Réponse 6 / 23
serguey33 Messages postés 121 Date d'inscription dimanche 14 octobre 2012 Statut Membre Dernière intervention 8 novembre 2012 18
15 oct. 2012 à 17:27
ok vu
0
Réponse 7 / 23
Utilisateur anonyme
15 oct. 2012 à 17:47
J'attends donc le rapport,

Edit:: Tutoriel mis à jour.
0
Réponse 8 / 23
Abos
15 oct. 2012 à 17:52
suis bloqué par "le filtre SmartScreen" pour télécharger pre scan sur le lien joint...

je peux le trouver différement ?...
0
Réponse 9 / 23
Utilisateur anonyme
15 oct. 2012 à 17:53
Nope,

Désactive le filtre :-)
0
Réponse 10 / 23
Abos
15 oct. 2012 à 18:03
ah oui !!!

c'est mieux !!! =)

je le lance
0
Réponse 11 / 23
Utilisateur anonyme
15 oct. 2012 à 18:04
;-)
0
Réponse 12 / 23
Abos
15 oct. 2012 à 18:20
il ne se lançait pas automatiquement donc j'ai cliqué sur DIAG

est-ce que ça te convient ?

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Diag | 2.1014 | g3n-h@ckm@n & Saachaa | ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 14/10/2012 | 13.50 by g3n-h@ckm@n
~ Informations | Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil
~ Informations for the switches Pre_Script : http://gen-hackman.forum-pro.fr/t89-les-switchs
~ Feedback Pre_scan : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505
~ Thx to C_XX , Slyk for their help for the evolution of the tool

~ User : Didier (Administrateurs) | SID = S-1-5-21-306748999-3055044387-3561720646-1001
~ Computer : DIDIER-PC

~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
~ InstallationType : Client
~ RegisteredOwner : Didier
~ RegisteredOrganization :
~ ProcessorNameString : Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
~ Identifier : Intel64 Family 6 Model 42 Stepping 7
18:09:36

¤¤¤¤¤¤¤¤¤¤ | Run

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SunJavaUpdateSched] : "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[IgfxTray] : C:\Windows\system32\igfxtray.exe [20/04/2011 10:18:54]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[HotKeysCmds] : C:\Windows\system32\hkcmd.exe [20/04/2011 10:18:19]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Persistence] : C:\Windows\system32\igfxpers.exe [20/04/2011 10:18:47]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[RtHDVBg] : C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[AmIcoSinglun64] : C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [11/08/2010 08:21:40]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ETDCtrl] : %ProgramFiles%\Elantech\ETDCtrl.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[MSC] : "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Sidebar] : %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ISUSPM] : C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Connexion SFR 9props.exe] : "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]|[mctadmin] : C:\Windows\System32\mctadmin.exe [14/07/2009 01:54:49]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Syncables] : C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [19/07/2010 21:26:00]
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Sidebar] : %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ISUSPM] : C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Connexion SFR 9props.exe] : "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]|[mctadmin] : C:\Windows\System32\mctadmin.exe [14/07/2009 01:54:49]
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Syncables] : C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [19/07/2010 21:26:00]
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] -> Adobe ARM -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] -> Adobe Reader Speed Launcher -> "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] -> ASUS Screen Saver Protector -> C:\Windows\AsScrPro.exe [15/07/2011 14:44:57]
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSPRP] -> ASUSPRP -> "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage] -> ASUSWebStorage -> C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray] -> AthBtTray -> "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack] -> AtherosBtStack -> "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKMEDIA] -> ATKMEDIA -> C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [07/10/2010 23:05:14]
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKOSD2] -> ATKOSD2 -> C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [17/08/2010 23:55:42]
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CANAL+ CANALSAT A LA DEMANDE] -> CANAL+ CANALSAT A LA DEMANDE -> "C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] -> CLMLServer -> "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Connexion SFR 9props.exe] -> Connexion SFR 9props.exe -> "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HControlUser] -> HControlUser -> C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [19/06/2009 19:29:42]
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Transfer Monitor] -> Nikon Transfer Monitor -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [15/09/2009 18:47:36]
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] -> RtHDVCpl -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut] -> UpdateLBPShortCut -> "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] -> UpdateP2GoShortCut -> "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wireless Console 3] -> Wireless Console 3 -> C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [24/09/2010 01:53:16]

[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk] :
[HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Didier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de détection de support PMB.lnk] :


¤¤¤¤¤¤¤¤¤¤ | Others

[HKLM\System\CurrentControlSet\Control\SecurityProviders]|[SecurityProviders] : credssp.dll
[HKLM\System\CurrentControlSet\Control\Terminal Server]|[AllowRemoteRPC] : 0
[HKLM\System\CurrentControlSet\Control\Session Manager]|[BootExecute] : autocheck autochk *
[HKLM\System\ControlSet001\Control]|[FirmwareBootDevice] : multi(0)disk(0)rdisk(0)partition(2)
[HKLM\System\ControlSet001\Control]|[SystemBootDevice] : multi(0)disk(0)rdisk(0)partition(2)
[HKLM\system\currentcontrolset\control\lsa]|[SecureBoot] : 1
[HKLM | Winlogon]|[VMApplet] : SystemPropertiesPerformance.exe /pagefile
[HKLM64 | Winlogon]|[VMApplet] : SystemPropertiesPerformance.exe /pagefile
[HKLM64 | Winlogon]|[AutoAdminLogon] : 0
[HKLM64 | Winlogon]|[SFCDisable] : 0
[HKLM64 | Winlogon]|[WinStationsDisabled] : 0

[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]|[DllName] : igfxdev.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]|[WebCheck] : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKLM64\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]|[WebCheck] : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKU\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :
[HKU\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :
[HKU64\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :
[HKU64\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\URLSearchHooks]|[{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] :

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]|[Locked] : 0
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]|[{F9639E4A-801B-4843-AEE3-03D9DA199E77}] : Incredibar Toolbar
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\Toolbar]|[Locked] : 1
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\Toolbar]|[ShowDiscussionButton] : Yes
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\Toolbar]|[ShowDiscussionButton] : Yes
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\Toolbar]|[Locked] : 1
[HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar]|[ShowDiscussionButton] : Yes
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\Toolbar]|[Locked] : 1
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\Toolbar]|[ShowDiscussionButton] : Yes
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\Toolbar]|[ShowDiscussionButton] : Yes
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\Toolbar]|[Locked] : 1
[HKU64\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar]|[ShowDiscussionButton] : Yes


[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] -> (Google) -> http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] -> (Google) -> http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] -> () ->
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] -> () ->
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] -> (Google) -> http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_frFR450
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}] -> (MyStart Search) -> http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vN5XHJo&i=26
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] -> (Google) -> http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] -> (Google) -> http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] -> () ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] -> () ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] -> (Google) -> http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_frFR450
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}] -> (MyStart Search) -> http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vN5XHJo&i=26

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] -> (Bing) -> http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] -> (Google) -> http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] -> (Google) -> http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
[HKLM64\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] -> (Bing) -> http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
[HKLM64\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] -> (Google) -> http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30E4B230-AC56-4D52-B19E-36E2C3A2804D}] -> () ->
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30E4B230-AC56-4D52-B19E-36E2C3A2804D}] -> () ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30E4B230-AC56-4D52-B19E-36E2C3A2804D}] -> () ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30E4B230-AC56-4D52-B19E-36E2C3A2804D}] -> () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] -> (iexplore.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] -> (Silverlight.Configuration.exe) -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] -> (tabtip.exe) -> C:\Program Files (x86)\Common Files\Microsoft Shared\Ink
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] -> (wpcer.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] -> (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] -> (winfxdocobj.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] -> (wuapp.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] -> (msdt.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] -> (AcroBroker.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] -> (dfsvc.exe) -> C:\Windows\microsoft.net\framework\v2.0.50727
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] -> (agcp.exe) -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] -> () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] -> (wermgr.exe) -> %systemroot%\system32
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] -> (ieinstal.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] -> (AcroRd32Info.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}] -> (wlcomm.exe) -> C:\Program Files (x86)\Windows Live\Contacts\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39A895E9-93DD-4ffa-A4A3-2C14608B5B61}] -> (SwHelper_1161629.exe) -> C:\Windows\SysWOW64\Adobe\Shockwave 11
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}] -> (unpack200.exe) -> C:\Program Files (x86)\Java\jre6\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] -> (wlmail.exe) -> C:\Program Files (x86)\Windows Live\Mail\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] -> (jp2launcher.exe) -> C:\Program Files (x86)\Java\jre6\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] -> (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] -> (javaws.exe) -> C:\Program Files (x86)\Java\jre6\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68934FDE-CDB1-42CC-A38B-A44B43B0785C}] -> (SWDNLD.EXE) -> C:\Windows\SysWOW64\Adobe\Director
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] -> (wmplayer.exe) -> %ProgramFiles%\Windows Media Player
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] -> (wmplayer.exe) -> %ProgramFiles(x86)%\Windows Media Player
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] -> (iedw.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}] -> (incredibarsrv.exe) -> C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}] -> (AdobeARM.exe) -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] -> (CertEnrollCtrl.exe) -> C:\Windows\SysWOW64\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] -> () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] -> (verclsid.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] -> (ctfmon.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] -> (helppane.exe) -> C:\Windows
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] -> (AdobeCollabSync.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}] -> (wlstartup.exe) -> C:\Program Files (x86)\Windows Live\Installer\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] -> (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] -> (AcroRd32.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] -> (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] -> (splwow64.exe) -> C:\Windows
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] -> (xpsviewer.exe) -> C:\Windows\SysWOW64\xpsviewer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C}] -> (OberonBroker.exe) -> C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}] -> () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] -> (cmd.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] -> (TSWbPrxy.exe) -> %systemroot%\system32
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] -> () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] -> (GoogleUpdateBroker.exe) -> C:\Program Files (x86)\Google\Update\1.3.21.123
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] -> (GoogleUpdate.exe) -> C:\Program Files (x86)\Google\Update
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] -> (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] -> (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] -> (ssvagent.exe) -> C:\Program Files (x86)\Java\jre6\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] -> (msnmsgr.exe) -> C:\Program Files (x86)\Windows Live\Messenger\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] -> (WindowsLiveWriter.exe) -> C:\Program Files (x86)\Windows Live\Writer\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB9524B3-24F4-48fa-91C5-B8EEF1C0A14F}] -> () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] -> (notepad.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] -> (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] -> (presentationhost.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] -> (FlashUtil32_11_4_402_287_ActiveX.exe) -> C:\Windows\SysWOW64\Macromed\Flash
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] -> (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] -> (iexplore.exe) -> C:\Program Files\Internet Explorer
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] -> (tabtip.exe) -> C:\Program Files\Common Files\Microsoft Shared\Ink
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] -> (wpcer.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] -> (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] -> (winfxdocobj.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] -> (wuapp.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] -> (msdt.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] -> (dfsvc.exe) -> C:\Windows\microsoft.net\framework64\v2.0.50727
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] -> (dfsvc.exe) -> C:\Windows\microsoft.net\framework64\v2.0.50727
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] -> () ->
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] -> (wermgr.exe) -> %systemroot%\system32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] -> (ieinstal.exe) -> C:\Program Files\Internet Explorer
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] -> (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\reader
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] -> (wmplayer.exe) -> %ProgramFiles%\Windows Media Player
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] -> (wmplayer.exe) -> %ProgramFiles(x86)%\Windows Media Player
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] -> (iedw.exe) -> C:\Program Files\Internet Explorer
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] -> (CertEnrollCtrl.exe) -> C:\Windows\system32\
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] -> () ->
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] -> (verclsid.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] -> (ctfmon.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] -> (helppane.exe) -> C:\Windows
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] -> (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] -> (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] -> (xpsviewer.exe) -> C:\Windows\SysWOW64\xpsviewer
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B020FD-E04B-4e67-B65A-E7DEED25B2CF}] -> (wisptis.exe) -> %SystemRoot%\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] -> (cmd.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] -> (TSWbPrxy.exe) -> %systemroot%\system32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] -> () ->
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] -> (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] -> (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] -> (notepad.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] -> (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\reader
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] -> (presentationhost.exe) -> C:\Windows\System32
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] -> (FlashUtil64_11_4_402_287_ActiveX.exe) -> C:\Windows\system32\Macromed\Flash
[HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] -> (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat

¤¤¤¤¤¤¤¤¤¤ | BHO

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -> (Adobe PDF Link Helper) -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [27/07/2012 22:51:32]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] -> (Web Assistant) -> C:\Program Files\Web Assistant\Extension32.dll [29/08/2012 14:38:46]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] -> (Incredibar.com Helper Object) -> C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [14/10/2012 14:17:32]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}] -> (CIESpeechBHO Class) -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [13/03/2011 19:58:54]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010 23:08:38]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [14/10/2012 14:17:32]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010 23:08:38]

¤¤¤¤¤¤¤¤¤¤ | Firefox


¤¤¤¤¤¤¤¤¤¤ | DNS

[HKLM\SYSTEM\CCS | Tcpip\Parameters]|[DhcpNameServer] : 212.27.40.241 212.27.40.240
[HKLM\SYSTEM\ControlSet001 | Interfaces\{2FF58F48-9FD0-4E13-963A-2B067AA9EDF7}]|[DhcpNameServer] : 212.27.40.241 212.27.40.240
[HKLM\SYSTEM\ControlSet002 | Interfaces\{2FF58F48-9FD0-4E13-963A-2B067AA9EDF7}]|[DhcpNameServer] : 212.27.40.241 212.27.40.240
[HKLM\SYSTEM\CurrentControlSet | Interfaces\{2FF58F48-9FD0-4E13-963A-2B067AA9EDF7}]|[DhcpNameServer] : 212.27.40.241 212.27.40.240

¤¤¤¤¤¤¤¤¤¤ | ActiveX

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> (WMPACCESS) -> Microsoft Windows Media Player
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -> (IEACCESS) -> Internet Explorer
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> (BRANDING.CAB) -> Browser Customizations
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] -> (JAVAVM) -> Java (Sun)
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> () -> Microsoft Windows Media Player 12.0
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> (Theme Component) -> Themes Setup
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] -> (MobilePk) -> Offline Browsing Pack
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> (MailNews) -> Microsoft Windows
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] -> (DirectDrawEx) -> DirectDrawEx
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] -> (HelpCont) -> Internet Explorer Help
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{47B3BDBB-F2AE-4B55-95C8-921C25DB3B76}] -> (.NETFramework) -> .NET Framework
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] -> (MSVBScript) -> Microsoft Windows Script 5.6
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5A604D2C-E968-429B-8327-62B5CE52126D}] -> (.NETFramework) -> .NET Framework
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] -> (GenSetup) -> Internet Explorer Setup Tools
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] -> (ExtraPack) -> Browsing Enhancements
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> (Microsoft Windows Media Player) -> Microsoft Windows Media Player
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] -> (MSN_Auth) -> MSN Site Access
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> (WebFolders) -> Dossiers Web
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] -> () -> Address Book 7
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] -> (.NETFramework) -> .NET Framework
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -> (IE4_SHELLID) -> Windows Desktop Update
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -> (BASEIE40_W2K) -> Web Platform Customizations
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> (DOTNETFRAMEWORKS) ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] -> (Tridata) -> Dynamic HTML Data Binding
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9793EDE2-499E-4A14-8220-523691D8F91B}] -> (.NETFramework) -> .NET Framework
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] -> (.NETFramework) -> .NET Framework
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] -> (Fontcore) -> Internet Explorer Core Fonts
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387}] -> (.NETFramework) -> .NET Framework
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] -> (HTMLHelp) -> HTML Help
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] -> (ADSI) -> Active Directory Service Interface
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}] -> (.NETFramework) -> .NET Framework
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FE600E50-2C69-46D5-ACAA-2B617006245C}] -> (.NETFramework) -> .NET Framework
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> (WMPACCESS) -> Microsoft Windows Media Player
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -> (IEACCESS) -> Internet Explorer
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> (BRANDING.CAB) -> Browser Customizations
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> () -> Microsoft Windows Media Player 12.0
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> (Theme Component) -> Themes Setup
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] -> (MobilePk) -> Offline Browsing Pack
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> (MailNews) -> Microsoft Windows
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] -> (DirectDrawEx) -> DirectDrawEx
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] -> (HelpCont) -> Internet Explorer Help
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] -> (MSVBScript) -> Microsoft Windows Script 5.6
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] -> (GenSetup) -> Internet Explorer Setup Tools
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] -> (ExtraPack) -> Browsing Enhancements
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> (Microsoft Windows Media Player) -> Microsoft Windows Media Player
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] -> (MSN_Auth) -> MSN Site Access
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] -> () -> Address Book 7
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -> (IE4_SHELLID) -> Windows Desktop Update
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -> (BASEIE40_W2K) -> Web Platform Customizations
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> (DOTNETFRAMEWORKS) ->
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] -> (Tridata) -> Dynamic HTML Data Binding
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] -> (Fontcore) -> Internet Explorer Core Fonts
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] -> (HTMLHelp) -> HTML Help
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] -> (ADSI) -> Active Directory Service Interface
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}] -> (.NETFramework) -> .NET Framework
[HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] -> (.NETFramework) -> .NET Framework
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -> () -> 9,0,8112,16421
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> () -> 9,0,8112,16421
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> () -> 1,1,1,9
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> () -> 6,1,7601,17514
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> () -> 12,0,7601,17514
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -> () -> 6,1,7601,17514
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -> () -> 9,0,8112,16421
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> () ->
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -> () -> 9,0,8112,16421
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> () -> 9,0,8112,16421
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> () -> 1,1,1,9
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> () -> 6,1,7601,17514
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> () -> 12,0,7601,17514
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -> () -> 6,1,7601,17859
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -> () -> 9,0,8112,16421
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> () ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -> () -> 9,0,8112,16421
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> () -> 9,0,8112,16421
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> () -> 1,1,1,9
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> () -> 6,1,7601,17514
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> () -> 12,0,7601,17514
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -> () -> 6,1,7601,17514
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -> () -> 9,0,8112,16421
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> () ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -> () -> 9,0,8112,16421
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> () -> 9,0,8112,16421
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> () -> 1,1,1,9
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> () -> 6,1,7601,17514
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> () -> 12,0,7601,17514
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -> () -> 6,1,7601,17859
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -> () -> 9,0,8112,16421
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> () ->

[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3CA45906-EF10-4E4E-9BE4-B444D220FCB0}] ->
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}] ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3CA45906-EF10-4E4E-9BE4-B444D220FCB0}] ->
[HKU64\S-1-5-21-306748999-3055044387-3561720646-1001\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}] ->
[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0972B098-DEE9-4279-AC7E-4BAAA029102D}] ->
[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}] ->
[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}] -> Java Runtime Environment 1.6.0
[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}] -> Java Runtime Environment 1.6.0
[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}] -> Java Runtime Environment 1.6.0
[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}] ->

18:09:41

¤¤¤¤¤¤¤¤¤¤ | HKCR\Applications

[HKCR\Applications\BitTorrent.exe\Shell\open\command] -> "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" "%1"
[HKCR\Applications\ehshell.exe\Shell\open\command] -> "C:\Windows\eHome\ehshell.exe" "%1"
[HKCR\Applications\iexplore.exe\Shell\open\command] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[HKCR\Applications\MovieMaker.exe\Shell\open\command] -> "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKCR\Applications\notepad.exe\Shell\open\command] -> %SystemRoot%\system32\NOTEPAD.EXE %1
[HKCR\Applications\OIS.EXE\Shell\open\command] -> C:\PROGRA~2\MICROS~1\OFFICE11\OIS.EXE /shellOpen "%1"
[HKCR\Applications\photoviewer.dll\Shell\open\command] -> %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKCR\Applications\PicasaPhotoViewer.exe\Shell\open\command] -> "C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
[HKCR\Applications\vlc.exe\Shell\open\command] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKCR\Applications\WinRAR.exe\Shell\open\command] -> "C:\Program Files (x86)\WinRAR\WinRAR.exe" "%1"
[HKCR\Applications\WLXPhotoViewer.dll\Shell\open\command] -> "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKCR\Applications\wmplayer.exe\Shell\open\command] -> "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKCR\Applications\wordpad.exe\Shell\open\command] -> "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

¤¤¤¤¤¤¤¤¤¤ | Svchost - Netsvcs

Audiov - :
Tapiv - :
Term - :
[x64]Audiov - :
[x64]Tapiv - :
[x64]Term - :

18:09:42


¤¤¤¤¤¤¤¤¤¤ | HKU\S-1-5-21-306748999-3055044387-3561720646-1000

[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\AppDataLow]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Conduit]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Eidos Interactive]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\eMule]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Enhance Tuning]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Google]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Policies]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Vso]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\WinRAR]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\WinRAR SFX]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Classes]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Active Setup]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\ActiveMovie]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Advanced INF Setup]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\ASF Stream Descriptor File]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Assistance]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Avalon.Graphics]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\BingBar]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Calc]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Command Processor]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\CTF]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Direct3D]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Ease of Access]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\EventSystem]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Fax]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Feeds]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\FTP]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\GDIPlus]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\IAM]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\IdentityCRL]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Ieak]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\IME]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\IMEJP]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\IMEMIP]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Connection Wizard]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Explorer]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Internet Mail and News]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Keyboard]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\MediaPlayer]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Microsoft DVD Wizard Settings]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Microsoft Management Console]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\MPEG2Demultiplexer]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\MS Design Tools]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\MSDAIPP]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\MSF]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\MSNMessenger]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Multimedia]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Notepad]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Office]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\PeerNet]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Protected Storage System Provider]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\RAS AutoDial]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\RAS Phonebook]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Remote Assistance]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\RestartManager]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\SBE]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Scrunch]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Shared]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Shared Tools]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\SideShow]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\SoftGrid]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Speech]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\SQMClient]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\SystemCertificates]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\WAB]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Web Service Providers]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\wfs]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows Live]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows Mail]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows Media]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows NT]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows Script]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows Search]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows Sidebar]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Wisp]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1000\Software\Microsoft\Windows\Windows Error Reporting]


¤¤¤¤¤¤¤¤¤¤ | HKU\S-1-5-21-306748999-3055044387-3561720646-1001

[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Active@ File Preview]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Adobe]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\antiufo]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\AppDataLow]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\ASUS]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Atheros]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\ATK0100]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Aurigma]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\BitTorrent]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Canneverbe Limited]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Clients]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Cocoon Software]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Conduit]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\CyberLink]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Digital River]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\ECAREME]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Eidos Interactive]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Elantech]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Enhance Tuning]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\FLEXnet]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Garmin]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Google]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\HookNetwork]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\IM]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\iMesh]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\ImInstaller]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Intel]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\JavaSoft]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Macromedia]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Malwarebytes' Anti-Malware]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Microsoft]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Mozilla]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Netscape]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Nikon]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\ODBC]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\PC SOFT]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Piriform]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Policies]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Realtek]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Softonic]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\SoftVTU]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\Sony Corporation]
[HKU\S-1-5-21-306748999-3055044387-3561720646-1001\Software\syncables]
0
Réponse 13 / 23
Utilisateur anonyme
15 oct. 2012 à 18:21
Nope...

Relance-le et clique sur Kill.

Utilise ceci pour héberger le rapport :

http://www.security-helpzone.com/Thread-Heberger-ses-documents-gratuitement
0
Réponse 14 / 23
Abos
15 oct. 2012 à 20:32
me revoila, désolé pour le temps de réponse, obligations familiales !!! ;-)

lien du rapport : http://cjoint.com/?BJpuFBdWtlk
0
Réponse 15 / 23
Utilisateur anonyme
15 oct. 2012 à 20:50
On a tous une vie en dehors ;-)

Comment va le pc ?
0
Réponse 16 / 23
Abos
15 oct. 2012 à 20:56
oh bé toujours pareil, avec ce que j'avais fait avant de venir sur le forum, j'arrive à l'utiliser normalement ; sauf que j'ai toujours mon antivirus MSE en carafe... et surement d'autres anomalies dont je ne me suis pas rendu compte...
0
Réponse 17 / 23
Utilisateur anonyme
15 oct. 2012 à 20:58
Réinstalle MSE,

Il n'y a que ça ?
0
Réponse 18 / 23
Abos
15 oct. 2012 à 21:36
nickel, antivirus récupéré !!!

quand je tape live security platinum dans la rubrique rehercher de la barre de démarrage, il me trouve un raccourci avec ce nom censé être sur le bureau, mais je ne voit rien, même en fichier caché...

et sinon, que disait le rapport pre_scan ?

ce n'est peut être qu'une impression, mais j'ai l'impression que le pc a quelques lenteurs par moment.

un redémarrage lui fera peut être du bien
0
Réponse 19 / 23
Utilisateur anonyme
15 oct. 2012 à 21:44
Oui redémarre-le, ensuite on l'optimisera.

Oui, un raccourci Global Startup non géré.

Pre_Scan a tout pété :-D
0
Réponse 20 / 23
Abos
15 oct. 2012 à 22:08
ordi redémarré, merci beaucoup !!!

il existe des logiciels intéressants pour optimiser l'ordi ? adw cleaner, registry booster ?
je me suis déjà inspiré de ce lien que je trouve très bien fait : http://www.commentcamarche.net/faq/3446-windows-mon-pc-rame-que-faire

par contre suis preneur de tuyaux pour mettre à jour plus réguliérement java, adobe... si je peux éviter de récupérer de nouveau ce genre de cochoneries !!!
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Live tiktok
Dialmari -
Laurent -

9 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses