ComboFix 17-07-07.01 - gerald 21/07/2017  10:35:18.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Basique   6.0.6002.2.1252.33.1036.18.2814.2155 [GMT 2:00]
Lancé depuis: c:\users\gerald\Downloads\ComboFix.exe
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AL37GB77.tmp
c:\users\gerald\AppData\Roaming\.#
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2017-06-21 au 2017-07-21  ))))))))))))))))))))))))))))))))))))
.
.
2017-07-21 08:40 . 2017-07-21 08:41	--------	d-----w-	c:\users\gerald\AppData\Local\temp
2017-07-21 08:40 . 2017-07-21 08:40	--------	d-----w-	c:\users\nathalie\AppData\Local\temp
2017-07-21 08:40 . 2017-07-21 08:40	--------	d-----w-	c:\users\Invité\AppData\Local\temp
2017-07-21 06:46 . 2017-07-21 06:49	--------	d-----w-	C:\FRST
2017-07-21 05:45 . 2017-07-21 05:46	--------	d-----w-	c:\users\gerald\AppData\Roaming\ZHP
2017-07-21 05:44 . 2017-07-21 05:45	--------	d-----w-	c:\users\gerald\AppData\Local\ZHP
2017-07-21 05:21 . 2017-07-21 05:22	--------	d-----w-	c:\program files\AVAST Software
2017-07-21 04:43 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2017-07-21 04:43 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2017-07-21 04:43 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2017-07-21 04:43 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2017-07-21 04:43 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2017-07-21 04:43 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2017-07-21 04:43 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2017-07-21 04:43 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2017-07-21 04:43 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2017-07-20 09:46 . 2017-07-20 09:46	--------	d-----w-	c:\windows\system32\ca-ES
2017-07-20 09:46 . 2017-07-20 09:46	--------	d-----w-	c:\windows\system32\eu-ES
2017-07-20 09:46 . 2017-07-20 09:46	--------	d-----w-	c:\windows\system32\vi-VN
2017-07-20 09:25 . 2017-07-20 09:25	--------	d-----w-	c:\windows\system32\EventProviders
2017-07-20 07:12 . 2017-07-20 07:12	--------	d-----w-	c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-20 07:08 . 2016-06-17 06:33	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-20 05:26 . 2012-06-06 13:05	803328	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2017-07-20 05:26 . 2012-06-06 13:05	144896	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-20 05:13 . 2017-04-07 09:02	116344	----a-w-	c:\windows\system32\drivers\aswefb498872357808c.tmp
2017-07-20 05:12 . 2017-04-07 09:02	195128	----a-w-	c:\windows\system32\drivers\aswdc44f91a03c86a06.tmp
2017-07-20 05:12 . 2017-04-07 09:02	288728	----a-w-	c:\windows\system32\drivers\asw85feba0893fcbb39.tmp
2017-07-20 05:12 . 2017-04-07 09:02	489416	----a-w-	c:\windows\system32\drivers\aswdd8d31ce9a824dde.tmp
2017-07-20 05:12 . 2017-04-07 09:02	63280	----a-w-	c:\windows\system32\drivers\asw e0f09768be86ed2.tmp
2017-07-20 05:12 . 2017-04-07 09:02	62528	----a-w-	c:\windows\system32\drivers\asw76e8b5137664b417.tmp
2017-07-20 05:12 . 2017-04-07 09:02	35264	----a-w-	c:\windows\system32\drivers\aswd4e9d1e06210a4d9.tmp
2017-07-20 05:12 . 2017-04-07 09:02	766728	----a-w-	c:\windows\system32\drivers\aswaa6c26e8e3727fd5.tmp
2017-07-20 05:12 . 2017-04-07 09:02	43992	----a-w-	c:\windows\system32\drivers\asw2f22dbc733ffa186.tmp
2017-07-20 05:12 . 2017-04-07 09:02	270344	----a-w-	c:\windows\system32\drivers\aswf6c1b8295f993d77.tmp
2017-07-20 05:12 . 2017-04-07 09:02	151024	----a-w-	c:\windows\system32\drivers\aswe84578a569ba1573.tmp
2017-07-20 05:12 . 2017-04-07 09:02	260616	----a-w-	c:\windows\system32\drivers\aswc796829844f7d267.tmp
2017-07-20 05:12 . 2017-04-07 09:02	135872	----a-w-	c:\windows\system32\drivers\asw10ba05255908f986.tmp
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-09-28 6889176]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
c:\users\gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
La Solution Ciel.lnk - c:\program files\Ciel\Starter.exe [2012-6-13 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_SZ         	autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28	2153472	----a-w-	c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AVG-Secure-Search-Update_1213b"=c:\users\gerald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=baeb7ad018ab47d3a4b7d156a4d8ddd9-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=1213b
"AVG-Secure-Search-Update_0214c"=c:\users\gerald\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=baeb7ad018ab47d3a4b7d156a4d8ddd9-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=0214c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"VX3000"="c:\windows\vVX3000.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" boot
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"Skytel"="Skytel.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2014-04-18 c:\windows\Tasks\0414bUpdateInfo.job
- c:\programdata\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-18 07:48]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\gerald\AppData\Roaming\Mozilla\Firefox\Profiles\jawxgekj.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-21 10:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1560)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2017-07-21  10:42:31
ComboFix-quarantined-files.txt  2017-07-21 08:42
.
Avant-CF: 76 607 508 480 octets libres
Après-CF: 77 543 075 840 octets libres
.
- - End Of File - - A8450CAA86E2F84F9E1E210C50ED22F6
EF9CDC51B437D322D54016B68F003416