ComboFix 16-11-06.01 - maison 10/11/2016 19:21:51.1.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.1900.717 [GMT 1:00] Lancé depuis: c:\users\maison\Desktop\PLOP.com SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\LIL516D.tmp c:\users\maison\ZHPDiag3.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2016-10-10 au 2016-11-10 )))))))))))))))))))))))))))))))))))) . . 2016-11-10 18:27 . 2016-11-10 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-11-09 16:46 . 2016-11-10 13:31 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2016-11-09 16:45 . 2016-11-09 18:20 -------- d-----w- c:\programdata\RogueKiller 2016-11-09 06:49 . 2016-10-27 18:28 25763328 ----a-w- c:\windows\system32\mshtml.dll 2016-11-08 12:01 . 2016-11-08 12:01 -------- d-----w- c:\users\maison\AppData\Local\ESET 2016-11-07 18:32 . 2016-11-07 18:35 -------- d-----w- C:\FRST 2016-11-07 11:39 . 2016-11-07 11:39 -------- d-----w- c:\program files\VS Revo Group 2016-11-06 13:00 . 2016-11-09 18:57 -------- d-----w- c:\program files (x86)\ZHPFix 2016-11-06 10:52 . 2016-11-06 10:52 -------- d-----w- c:\program files (x86)\Evernote 2016-11-06 10:44 . 2016-11-06 10:44 -------- d-----w- c:\programdata\Kaspersky Lab 2016-11-06 10:44 . 2016-11-06 10:44 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2016-11-06 10:07 . 2016-11-09 15:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-11-06 10:06 . 2016-03-10 13:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-11-06 10:06 . 2016-03-10 13:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-11-06 10:06 . 2016-03-10 13:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-11-06 10:06 . 2016-11-09 15:36 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-11-05 16:41 . 2016-11-10 11:55 -------- d-----w- c:\users\maison\AppData\Roaming\ZHP 2016-11-05 16:27 . 2016-11-07 13:17 -------- d-----w- C:\AdwCleaner 2016-11-04 14:06 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0126D74D-DA3D-466F-8E2B-D295EED727F2}\mpengine.dll 2016-10-22 15:11 . 2016-10-22 15:11 -------- d-----w- c:\program files (x86)\Common Files\Skype 2016-10-12 16:07 . 2016-08-12 17:02 14632960 ----a-w- c:\windows\system32\wmp.dll 2016-10-12 16:07 . 2016-06-14 17:16 4121600 ----a-w- c:\windows\system32\mf.dll 2016-10-12 16:07 . 2016-06-14 15:21 3209216 ----a-w- c:\windows\SysWow64\mf.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2016-11-09 16:14 . 2012-07-24 12:51 141011376 -c--a-w- c:\windows\system32\MRT.exe 2016-10-26 15:29 . 2010-11-21 03:27 485032 ------w- c:\windows\system32\MpSigStub.exe 2016-10-07 15:12 . 2016-11-09 06:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2016-08-16 17:36 . 2016-09-25 19:30 1009152 ----a-w- c:\windows\system32\user32.dll 2016-08-16 02:48 . 2016-09-25 19:30 833024 ----a-w- c:\windows\SysWow64\user32.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-10-17 27021952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2016-08-08 1009632] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [2016-5-24 3677104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-22 984736] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-22 799904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-07-08 167704] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-07-08 416024] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\maison\AppData\Roaming\Mozilla\Firefox\Profiles\4suoaj22.default-1478777039051\ . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKLM-Run- - (no file) Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Common Files\Java\Java Update\jusched.exe SafeBoot-MBAMSwissArmy HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Songbird-release-2288 - c:\program files (x86)\Songbird\Songbird-Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd] @DACL=(02 0000) "update_url"="https://clients2.google.com/service/update2/crx" "install_parameter"="SKY2" . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1257253267-3921607629-919814608-1000\Software\SweetIM] @DACL=(02 0000) @SACL=(02 0001) . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] @DACL=(02 0000) @SACL=(02 0001) "ITBar7Height"=dword:0000001a "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:e3,ef,eb,7f,19,6b,49,43,98,d2,ff, b0,9d,4b,49,ca,00,3a,05,00,00 "ITBar7Layout"=hex:13,00,00,00,00,00,00,00,00,00,00,00,20,00,00,00,10,00,01,00, 1a,00,00,00,01,00,00,00,00,07,00,00,5e,01,00,00,06,00,00,00,41,01,00,00,00,\ "{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}"=hex:b8,c1,aa,4b,00,08,c9,42,8f,a6,08, b2,11,f3,56,b8 . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}] @DACL=(02 0000) "Flags"=dword:00000001 "Version"="*" . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000_Classes\bndle] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1257253267-3921607629-919814608-1000_Classes\bndle\VideoDownloader] @DACL=(02 0000) "subid"="20s5gT3BV.gfCJ6t1v3DAX1wBVYl000." . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonHelper.EXE] @DACL=(02 0000) "AppID"="{6536801B-F50C-449B-9476-093DFD3789E3}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ScriptHelper.EXE] @DACL=(02 0000) "AppID"="{BB711CB0-C70B-482E-9852-EC05EBD71DBB}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @DACL=(02 0000) @="BabylonHelper" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] @DACL=(02 0000) @="ScriptHelper" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.updatepm.oneclickctrl.9] @DACL=(02 0000) "CLSID"="{89449F37-4AB2-46ED-A566-BB3A7797701B}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.updatepm.update3webcontrol.3] @DACL=(02 0000) "CLSID"="{F509ADC2-B40E-470F-A7B7-45191486B5CB}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}\1.0] @DACL=(02 0000) @="WorkerModule 1.0 Type Library" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0] @DACL=(02 0000) @="GenericWndApi 1.0 Type Library" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}] @DACL=(02 0000) @="AVG Rewards" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\InprocServer32] @DACL=(02 0000) @="c:\\Program Files (x86)\\Common Files\\AVG Secure Search\\RewardsInstaller\\17.1.2\\AVGRewardsWorker.dll" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\ProgID] @DACL=(02 0000) @="AVGRewards.AVGRewardsWorker.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\Programmable] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\TypeLib] @DACL=(02 0000) @="{07CAC314-E962-4f78-89AB-DD002F2490EE}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\VersionIndependentProgID] @DACL=(02 0000) @="AVGRewards.AVGRewardsWorker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}] @DACL=(02 0000) @="Intel® Hardware VC-1 Decoder MFT" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\fiHmt] @DACL=(02 0000) @="wRQ{Oseut^OSQ]gL@[" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\fmQmoOmqYpcgd] @DACL=(02 0000) @="KLpvkpM@Cf\\Ro]m`[\\\\bXYp[aidhJ" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\gnybDbn] @DACL=(02 0000) @="{mZrRHHth^ctsaq{" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\InprocServer32] @DACL=(02 0000) @="c:\\Program Files (x86)\\Common Files\\Intel\\Media SDK\\s1\\2.0\\mfx_mft_vc1vd_32.dll" "ThreadingModel"="Both" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\mRnegcfBn] @DACL=(02 0000) @="BPcD`L^\\uirj~vUlncTPssp" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\NpIWerpbIJO] @DACL=(02 0000) @="PS}~mfkQazWDTVU~[ZSec}_W" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\rfwzsbQJr] @DACL=(02 0000) @="G{xR}{AE]lk|pZSvT`@cd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\tsjzRywbmpr] @DACL=(02 0000) @="qJmrEkMkotKfnCtrf_" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\uswOsTrdp] @DACL=(02 0000) @="JQKb{^TDOyf|mzgo" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\XmlcDk] @DACL=(02 0000) @="@jMdVF\\mZ{X}]HV]" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\xwczyKO] @DACL=(02 0000) @="\\ZujKirYdLP`gNoIjKVe[YbRj" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\Ynngvvyuehmbo] @DACL=(02 0000) @="^Ul]nWtVgNlmAvzga}VkkDMyWUc" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\zolkJ] @DACL=(02 0000) @="ZtnKda`UZeBUFORWNSjaVFZlLxPtF" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}\InprocHandler32] @DACL=(02 0000) @="c:\\Program Files (x86)\\PriceMeterLiveUpdate\\Update\\1.3.23.0\\psmachine.dll" "ThreadingModel"="Both" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] @DACL=(02 0000) @="PriceMeterLiveUpdate Core Class" "AppID"="{126C78A0-36E7-4697-A3AB-32706144398B}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}\VersionIndependentProgID] @DACL=(02 0000) @="PriceMeterLiveUpdateUpdate.CoreClass" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}] @DACL=(02 0000) @="GenericWndApi Class" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\InprocServer32] @DACL=(02 0000) @="c:\\Program Files (x86)\\AVG Secure Search\\GenericWndApi.dll" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\ProgID] @DACL=(02 0000) @="GenericWndApi.GenericWndApi.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\Programmable] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\TypeLib] @DACL=(02 0000) @="{13ABD093-D46F-40DF-A608-47E162EC799D}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\VersionIndependentProgID] @DACL=(02 0000) @="GenericWndApi.GenericWndApi" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}] @DACL=(02 0000) @="BrowserWndAPI Class" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\InprocServer32] @DACL=(02 0000) @="c:\\Program Files (x86)\\AVG Secure Search\\13.2.0.5\\AVG Secure Search_toolbar.dll" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\Programmable] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\VersionIndependentProgID] @DACL=(02 0000) @="AVG Secure Search.BrowserWndAPI" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}] @DACL=(02 0000) @="BrowserWndAPI Class" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DA40B75-6FEE-49BF-BDDE-E2598E786C8C}] @Class="REG_SZ" @DACL=(02 0000) @="IAppWeb" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DA40B75-6FEE-49BF-BDDE-E2598E786C8C}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12FF3C6A-56FB-4B3E-858D-0877CD39B025}] @Class="REG_SZ" @DACL=(02 0000) @="IBrowserHttpRequest2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12FF3C6A-56FB-4B3E-858D-0877CD39B025}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{15DDC42D-13A8-432B-B31D-36A8FB50758F}] @Class="REG_SZ" @DACL=(02 0000) @="IAppBundleWeb" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{15DDC42D-13A8-432B-B31D-36A8FB50758F}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="24" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1CD6E593-ABBF-45AC-9F94-21E8F1BDC10B}] @Class="REG_SZ" @DACL=(02 0000) @="ICredentialDialog" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1CD6E593-ABBF-45AC-9F94-21E8F1BDC10B}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2B584AEB-6C8F-4238-89E4-850CFD7B2065}] @Class="REG_SZ" @DACL=(02 0000) @="ICoCreateAsyncStatus" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2B584AEB-6C8F-4238-89E4-850CFD7B2065}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30A2947A-664F-440B-908D-E0FEDFEAE5DE}] @Class="REG_SZ" @DACL=(02 0000) @="IGoogleUpdate3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30A2947A-664F-440B-908D-E0FEDFEAE5DE}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{34BCEF11-CE38-48EC-9D08-5CC0557E8887}] @Class="REG_SZ" @DACL=(02 0000) @="IPackage" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{34BCEF11-CE38-48EC-9D08-5CC0557E8887}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3B06CDDC-2ECB-45DC-B565-D41CC095BE40}] @Class="REG_SZ" @DACL=(02 0000) @="ICoCreateAsync" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3B06CDDC-2ECB-45DC-B565-D41CC095BE40}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3FD7EB0A-96B6-43E0-9D94-44929F3FD1B3}] @Class="REG_SZ" @DACL=(02 0000) @="IOneClickProcessLauncher" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3FD7EB0A-96B6-43E0-9D94-44929F3FD1B3}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4D2525EE-3B7B-44C6-8960-77843DBC67A3}] @Class="REG_SZ" @DACL=(02 0000) @="IAppVersion" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4D2525EE-3B7B-44C6-8960-77843DBC67A3}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{553D53FA-59F3-44D0-ABC4-58F290DB70DC}] @Class="REG_SZ" @DACL=(02 0000) @="IGoogleUpdate3WebSecurity" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{553D53FA-59F3-44D0-ABC4-58F290DB70DC}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59E8D94C-7A20-41AD-83CF-3E156D3AEB2F}] @Class="REG_SZ" @DACL=(02 0000) @="IGoogleUpdate" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59E8D94C-7A20-41AD-83CF-3E156D3AEB2F}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5EF4F032-2DB4-48E9-B5A9-ADAC095E096A}] @Class="REG_SZ" @DACL=(02 0000) @="IProcessLauncher" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5EF4F032-2DB4-48E9-B5A9-ADAC095E096A}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6FE5D7AF-5812-4E08-BA22-9805FFE9F429}] @Class="REG_SZ" @DACL=(02 0000) @="IAppVersionWeb" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6FE5D7AF-5812-4E08-BA22-9805FFE9F429}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{781999CA-3F51-4A56-94CA-0C8A8E0100AF}] @Class="REG_SZ" @DACL=(02 0000) @="IGoogleUpdateCore" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{781999CA-3F51-4A56-94CA-0C8A8E0100AF}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A39B7A1C-F58A-4C22-9015-E2C8EF1C31BA}] @Class="REG_SZ" @DACL=(02 0000) @="IJobObserver" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A39B7A1C-F58A-4C22-9015-E2C8EF1C31BA}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB121BE6-2299-4B9B-8545-9104ABA20717}] @Class="REG_SZ" @DACL=(02 0000) @="IProgressWndEvents" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB121BE6-2299-4B9B-8545-9104ABA20717}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0833ED4-281E-441C-B004-43752001A629}] @Class="REG_SZ" @DACL=(02 0000) @="IApp" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0833ED4-281E-441C-B004-43752001A629}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="40" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DC330A23-4FBE-414C-AB3D-1C42056E5245}] @Class="REG_SZ" @DACL=(02 0000) @="IGoogleUpdate3Web" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DC330A23-4FBE-414C-AB3D-1C42056E5245}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="8" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCD71BA3-32C2-455F-8DF0-37EE26E0C395}] @Class="REG_SZ" @DACL=(02 0000) @="IAppBundle" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCD71BA3-32C2-455F-8DF0-37EE26E0C395}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="39" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9C30691-5CE7-46BF-B940-C0125DA9E05B}] @Class="REG_SZ" @DACL=(02 0000) @="ICurrentState" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9C30691-5CE7-46BF-B940-C0125DA9E05B}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="24" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F654B5BE-1A20-48A6-BED0-7C9E29CB8099}] @Class="REG_SZ" @DACL=(02 0000) @="IRegistrationUpdateHook" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F654B5BE-1A20-48A6-BED0-7C9E29CB8099}\NumMethods] @Class="REG_SZ" @DACL=(02 0000) @="8" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\857df8fe56eeb13] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{89449F37-4AB2-46ED-A566-BB3A7797701B}] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{89449F37-4AB2-46ED-A566-BB3A7797701B}\iexplore] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{F509ADC2-B40E-470F-A7B7-45191486B5CB}\iexplore] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2016-11-10 19:29:38 ComboFix-quarantined-files.txt 2016-11-10 18:29 . Avant-CF: 167.589.183.488 octets libres Après-CF: 167.174.516.736 octets libres . - - End Of File - - 656DE901A25CC3710ECA12A12D99B979