~ ZHPDiag v2015.6.18.56 by Nicolas Coolman (2015\06\01) ~ Run by user (Administrator) (2015/06/19 07:05:53) ~ Site : http://nicolascoolman.com/fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Scanner ~ Report : C:\Users\user\Desktop\ZHPDiag.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Navigateurs Internet (3) - 1s GCIE: Google Chrome v43.0.2357.124 MFIE: Mozilla v38.0.5 MSIE: Internet Explorer v11.0.9600.17843 ---\\ Informations sur les produits Windows (11) - 18s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : HYRR2 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK (Auto) Windows Activation Technologies : OK ---\\ Informations sur le système (6) - 0s ~ Operating System: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel ~ Operating System: 64-bit ~ Boot mode: Normal (Normal boot) ~ Total physical RAM (KB): 4193848 ~ System Restore: Activé (Enable) ~ System drive C: has 17 GB free of 51 GB ---\\ Mode de connexion au système (3) - 0s ~ Computer Name: VBOX ~ User Name: user ~ Logged in as Administrator ---\\ Enumération des unités disques (2) - 0s ~ Drive C: has 17 GB free of 51 GB (System) ~ Drive D: has GB free of 0 GB ---\\ Etat du Centre de Sécurité Windows (13) - 0s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Recherche particulière de fichiers génériques (23) - 1s [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (25/02/2011) -- C:\Windows\Explorer.exe [2871808] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (14/07/2009) -- C:\Windows\SysWOW64\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (14/07/2009) -- C:\Windows\SysWOW64\Wininit.exe [96256] [MD5.E4EB138060BAE0DBAB1A3B71A3141FE7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (23/05/2015) -- C:\Windows\SysWOW64\wininet.dll [1950720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (21/11/2010) -- C:\Windows\SysWOW64\sppcomapi.dll [193536] [MD5.129F80D7868E30DF3E3DE33A1D3132B4] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) (12/04/2011) -- C:\Windows\SysWOW64\fr-FR\user32.dll.mui [20480] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (30/05/2014) -- C:\Windows\System32\drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (14/07/2009) -- C:\Windows\System32\drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (14/07/2009) -- C:\Windows\System32\drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (21/11/2010) -- C:\Windows\System32\drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (21/11/2010) -- C:\Windows\System32\drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (21/11/2010) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (14/07/2009) -- C:\Windows\System32\drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (14/07/2009) -- C:\Windows\System32\drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (27/04/2011) -- C:\Windows\System32\drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (21/11/2010) -- C:\Windows\System32\drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (24/01/2014) -- C:\Windows\System32\drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (14/07/2009) -- C:\Windows\System32\drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (21/11/2010) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (21/11/2010) -- C:\Windows\System32\drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (14/07/2009) -- C:\Windows\System32\drivers\smb.sys [93184] [MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (11/11/2014) -- C:\Windows\System32\drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (21/11/2010) -- C:\Windows\System32\drivers\volsnap.sys [295808] ---\\ Processus lancés (17) - 4s [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - (.Microsoft Corporation - Processus d’exécution client-serveur.) -- C:\Windows\system32\csrss.exe [7680] [PID.376] [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - (.Microsoft Corporation - Processus d’exécution client-serveur.) -- C:\Windows\system32\csrss.exe [7680] [PID.424] [MD5.71C85477DF9347FE8E7BC55768473FCA] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe [328704] [PID.520] [MD5.9662EE182644511439F1C53745DC1C88] - (.Microsoft Corporation - Service du gestionnaire de session locale.) -- C:\Windows\system32\lsm.exe [343040] [PID.536] [MD5.67605E9C96AEC4473F92C1F4D4AA7B08] - (.Oracle Corporation - VirtualBox Guest Additions Service.) -- C:\Windows\system32\VBoxService.exe [1780152] [PID.712] [MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1432] [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\Explorer.EXE [2871808] [PID.1628] [MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.2036] [MD5.D25EEF58831D1CF2054616A85B6E26BC] - (.Oracle Corporation - VirtualBox Guest Additions Tray Application.) -- C:\Windows\System32\VBoxTray.exe [1538656] [PID.1588] [MD5.D7794832C3361BFAF6A3AFB0FB0EB0B4] - (.SHADOWDEFENDER.COM - Shadow Defender Daemon Application.) -- C:\Program Files\Shadow Defender\DefenderDaemon.exe [500608] [PID.1972] [MD5.7E212E742BF06BF678AE35E9C1B74B8F] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6212920] [PID.1472] [MD5.A9F3BFC9345F49614D5859EC95B9E994] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows M.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248] [PID.2196] [MD5.8007AF9F2434F390AA51F0A516B9756F] - (.Tweaking.com - Tweaking.com - Windows Repair Tray Icon.) -- C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [66816] [PID.3980] [MD5.E17E0188BB90FAE42D83E98707EFA59C] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3524608] [PID.3632] [MD5.773212B2AAA24C1E31F10246B15B276C] - (.Microsoft Corporation - Programme d’installation pour les modules W.) -- C:\Windows\servicing\TrustedInstaller.exe [194048] [PID.4068] [MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3664] [MD5.B4408936DA5DA5941D62009C03944742] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\user\Desktop\ZHPDiag3.exe [1834496] [PID.2012] ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) (17) - 1s P2 - EXT: (.Microsoft Corporation - The plugin allows you to have a better expe.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\amazon-france.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bing.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\cnrtl-tlfi-fr.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\eBay-france.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-fr.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo-france.xml P2 - EXT: (.Mozilla - Default.) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (...) -- disabled P2 - FPN: [HKLM] [@microsoft.com/Lync,version=15.0] - (.Microsoft Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (.Microsoft Corporation.) -- c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc..) -- C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc..) -- C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) (15) - 1s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (R5) (3) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Hosts file redirection (O1) (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (21) ---\\ Browser Helper Object de navigateur (BHO) (O2) (3) - 0s O2 - BHO: Skype for Business Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: (no name) [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL ---\\ Applications lancées au démarrage du sytème (O4) (2) - 0s O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ---\\ Modification Domaine/Adresses DNS (O17) (3) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Liste des services NT non Microsoft et non désactivés (O23) (6) - 0s O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: VirtualBox Guest Additions Service (VBoxService) . (.Oracle Corporation - VirtualBox Guest Additions Service.) - C:\Windows\System32\VBoxService.exe O23 - Service: ({0CBD4F48-3751-475D-BE88-4F271385B672}) . (.SHADOWDEFENDER.COM - Shadow Defender Service Application.) - C:\Program Files\Shadow Defender\Service.exe ---\\ Tâches planifiées en automatique (O39) (6) - 1s O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1060] O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1064] O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2770] O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3808] O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4060] O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon [3644] ---\\ Logiciels installés (O42) (37) - 1s O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner O42 - Logiciel: CutePDF Writer 3.0 - (.Acro Software Inc..) [HKLM][64Bits] -- CutePDF Writer Installation O42 - Logiciel: Oracle VM VirtualBox Guest Additions 4.3.28 - (.Oracle Corporation.) [HKLM][64Bits] -- Oracle VM VirtualBox Guest Additions O42 - Logiciel: 7-Zip 9.20 (x64 edition) - (.Igor Pavlov.) [HKLM][64Bits] -- {23170F69-40C1-2702-0920-000001000000} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Shadow Defender - (.ShadowDefender.com.) [HKLM][64Bits] -- {93A07A0D-454E-43d1-86A9-5DE9C5F4411A} O42 - Logiciel: Adobe Flash Player 17 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI O42 - Logiciel: AutoIt v3.3.12.0 - (.AutoIt Team.) [HKLM][64Bits] -- AutoItv3 O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome O42 - Logiciel: Malwarebytes Anti-Malware version 2.1.6.1022 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes Anti-Malware_is1 O42 - Logiciel: Mozilla Firefox 38.0.5 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 38.0.5 (x86 fr) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService O42 - Logiciel: Notepad++ - (.Notepad++ Team.) [HKLM][64Bits] -- Notepad++ O42 - Logiciel: SciTE4AutoIt3 14.801.2025.0 - (.Jos van der Zande.) [HKLM][64Bits] -- SciTE4AutoIt3 O42 - Logiciel: SumatraPDF - (.Krzysztof Kowalczyk.) [HKLM][64Bits] -- SumatraPDF O42 - Logiciel: Tweaking.com - Windows Repair - (.Tweaking.com.) [HKLM][64Bits] -- Tweaking.com - Windows Repair O42 - Logiciel: ZebHelpProcess 2015 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZebHelpProcess_is1 O42 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1 O42 - Logiciel: Skype™ 7.5 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} O42 - Logiciel: Microsoft Access MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Excel MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft PowerPoint MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Publisher MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Outlook MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Word MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: Update for Skype for Business 2015 (KB3054791) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{04ADDEC1-208F-4295-AA61-16789EA56814} O42 - Logiciel: Microsoft InfoPath MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft DCF MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0090-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft OneNote MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00A1-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Groove MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00BA-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Lync MUI (French) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-012B-040C-0000-0000000FF1CE} O42 - Logiciel: Update for Skype for Business 2015 (KB3054791) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{04ADDEC1-208F-4295-AA61-16789EA56814} O42 - Logiciel: Update for Skype for Business 2015 (KB2889853) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{AE1BB975-11D1-49A0-82E8-1D26DD62AFE7} O42 - Logiciel: Update for Skype for Business 2015 (KB3054791) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{04ADDEC1-208F-4295-AA61-16789EA56814} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ---\\ HKCU & HKLM Software Keys (41) - 1s HKLM\SOFTWARE\Wow6432Node\Acro Software Inc HKLM\SOFTWARE\Wow6432Node\AdwCleaner HKLM\SOFTWARE\Wow6432Node\Ammyy HKLM\SOFTWARE\Wow6432Node\AutoIt v3 HKLM\SOFTWARE\Wow6432Node\Borland HKLM\SOFTWARE\Wow6432Node\Cygwin HKLM\SOFTWARE\Wow6432Node\Google HKLM\SOFTWARE\Wow6432Node\GPL Ghostscript HKLM\SOFTWARE\Wow6432Node\IM Providers HKLM\SOFTWARE\Wow6432Node\Intel HKLM\SOFTWARE\Wow6432Node\Macromedia HKLM\SOFTWARE\Wow6432Node\Mozilla HKLM\SOFTWARE\Wow6432Node\mozilla.org HKLM\SOFTWARE\Wow6432Node\MozillaPlugins HKLM\SOFTWARE\Wow6432Node\Notepad++ HKLM\SOFTWARE\Wow6432Node\ODBC HKLM\SOFTWARE\Wow6432Node\OldTimer Tools HKLM\SOFTWARE\Wow6432Node\Oracle HKLM\SOFTWARE\Wow6432Node\Skype HKLM\SOFTWARE\Wow6432Node\RegisteredApplications HKCU\SOFTWARE\7-Zip HKCU\SOFTWARE\Ammyy HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\AutoIt v3 HKCU\SOFTWARE\Borland HKCU\SOFTWARE\Cygwin HKCU\SOFTWARE\Ghisler HKCU\SOFTWARE\Google HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\Skype HKCU\SOFTWARE\SysInternals HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\ZabaraKatranemia Plc HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\Software ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/ (113) - 2s O43 - CFD: 2014/12/61 - 18:00:00 - [] D -- C:\Program Files (x86)\Acro Software O43 - CFD: 2015/06/61 - 45:15:15 - [] D -- C:\Program Files (x86)\AutoIt3 O43 - CFD: 2015/06/20 - 55:49:49 - [] D -- C:\Program Files (x86)\Common Files O43 - CFD: 2015/05/01 - 04:31:31 - [] D -- C:\Program Files (x86)\Google O43 - CFD: 2014/12/61 - 18:23:23 - [] D -- C:\Program Files (x86)\GPLGS O43 - CFD: 2015/06/91 - 58:11:11 - [] D -- C:\Program Files (x86)\Internet Explorer O43 - CFD: 2015/04/12 - 28:00:00 - [] D -- C:\Program Files (x86)\Malwarebytes Anti-Malware O43 - CFD: 2015/03/71 - 32:42:42 - [] D -- C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 2015/03/71 - 33:40:40 - [] D -- C:\Program Files (x86)\Microsoft Office O43 - CFD: 2015/05/31 - 09:29:29 - [] D -- C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 2015/03/71 - 34:29:29 - [] D -- C:\Program Files (x86)\Microsoft SQL Server O43 - CFD: 2015/03/71 - 09:53:53 - [] D -- C:\Program Files (x86)\Microsoft.NET O43 - CFD: 2015/06/40 - 19:49:49 - [] D -- C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 2015/06/40 - 19:49:49 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 2009/07/40 - 32:38:38 - [] D -- C:\Program Files (x86)\MSBuild O43 - CFD: 2014/12/61 - 48:50:50 - [] D -- C:\Program Files (x86)\Notepad++ O43 - CFD: 2009/07/40 - 32:38:38 - [] D -- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 2015/06/20 - 55:49:49 - [] RD -- C:\Program Files (x86)\Skype O43 - CFD: 2014/12/61 - 18:38:38 - [] D -- C:\Program Files (x86)\SumatraPDF O43 - CFD: 2015/03/41 - 54:26:26 - [] D -- C:\Program Files (x86)\Tweaking.com O43 - CFD: 2009/07/40 - 57:06:06 - [0] HD -- C:\Program Files (x86)\Uninstall Information O43 - CFD: 2014/12/61 - 59:22:22 - [] D -- C:\Program Files (x86)\Windows Defender O43 - CFD: 2011/04/21 - 16:36:36 - [] D -- C:\Program Files (x86)\Windows Mail O43 - CFD: 2015/06/91 - 58:13:13 - [] D -- C:\Program Files (x86)\Windows Media Player O43 - CFD: 2009/07/40 - 32:38:38 - [] D -- C:\Program Files (x86)\Windows NT O43 - CFD: 2011/04/21 - 16:36:36 - [] D -- C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 2010/11/10 - 31:38:38 - [] D -- C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 2011/04/21 - 16:36:36 - [] D -- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 2015/06/71 - 13:55:55 - [] D -- C:\Program Files (x86)\ZebHelpProcess O43 - CFD: 2015/05/80 - 53:41:41 - [] D -- C:\Program Files (x86)\ZHPDiag O43 - CFD: 2014/12/61 - 57:21:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip O43 - CFD: 2014/12/61 - 21:57:57 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2014/12/61 - 31:00:00 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/06/61 - 45:15:15 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 O43 - CFD: 2014/12/61 - 00:25:25 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 2014/12/61 - 18:01:01 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF O43 - CFD: 2014/12/61 - 30:58:58 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 2015/05/01 - 04:36:36 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 2009/07/40 - 57:09:09 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/04/12 - 28:00:00 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware O43 - CFD: 2015/06/91 - 46:08:08 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 O43 - CFD: 2015/05/30 - 47:07:07 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight O43 - CFD: 2014/12/61 - 48:49:49 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ O43 - CFD: 2014/12/61 - 25:00:00 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Defender O43 - CFD: 2015/06/20 - 55:50:50 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 2009/07/40 - 54:24:24 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2011/04/21 - 27:56:56 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 2015/06/71 - 13:36:36 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP O43 - CFD: 2015/03/91 - 20:11:11 - [] D -- C:\ProgramData\AMMYY O43 - CFD: 2009/07/40 - 08:56:56 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 2014/12/61 - 33:19:19 - [0] SHD -- C:\ProgramData\Bureau O43 - CFD: 2009/07/40 - 08:56:56 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 2009/07/40 - 08:56:56 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 2014/12/61 - 33:19:19 - [0] SHD -- C:\ProgramData\Favoris O43 - CFD: 2009/07/40 - 08:56:56 - [0] SHD -- C:\ProgramData\Favorites O43 - CFD: 2015/06/41 - 31:33:33 - [] D -- C:\ProgramData\IsolatedStorage O43 - CFD: 2014/12/61 - 38:20:20 - [] D -- C:\ProgramData\Malwarebytes O43 - CFD: 2014/12/61 - 33:19:19 - [0] SHD -- C:\ProgramData\Menu Démarrer O43 - CFD: 2015/03/11 - 21:48:48 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 2015/06/91 - 45:59:59 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 2014/12/61 - 33:19:19 - [0] SHD -- C:\ProgramData\Modèles O43 - CFD: 2014/12/61 - 42:38:38 - [] D -- C:\ProgramData\Mozilla O43 - CFD: 2015/03/71 - 34:18:18 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 2015/05/01 - 02:36:36 - [] D -- C:\ProgramData\RogueKiller O43 - CFD: 2015/06/61 - 54:17:17 - [] D -- C:\ProgramData\Skype O43 - CFD: 2009/07/40 - 08:56:56 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 2009/07/40 - 08:56:56 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 2014/12/61 - 32:09:09 - [] D -- C:\Program Files (x86)\Common Files\Borland Shared O43 - CFD: 2015/03/71 - 34:40:40 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER O43 - CFD: 2015/03/71 - 09:52:52 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 2009/07/40 - 20:08:08 - [] D -- C:\Program Files (x86)\Common Files\Services O43 - CFD: 2015/06/20 - 55:49:49 - [] D -- C:\Program Files (x86)\Common Files\Skype O43 - CFD: 2009/07/40 - 20:08:08 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 2015/03/71 - 07:24:24 - [] D -- C:\Program Files (x86)\Common Files\System O43 - CFD: 2014/12/61 - 04:40:40 - [] D -- C:\Users\user\AppData\Roaming\Adobe O43 - CFD: 2015/03/42 - 25:47:47 - [] D -- C:\Users\user\AppData\Roaming\GHISLER O43 - CFD: 2014/12/61 - 33:55:55 - [] D -- C:\Users\user\AppData\Roaming\Identities O43 - CFD: 2014/12/61 - 58:23:23 - [] D -- C:\Users\user\AppData\Roaming\Macromedia O43 - CFD: 2011/04/21 - 27:56:56 - [0] D -- C:\Users\user\AppData\Roaming\Media Center Programs O43 - CFD: 2015/03/71 - 57:10:10 - [] SD -- C:\Users\user\AppData\Roaming\Microsoft O43 - CFD: 2014/12/61 - 43:17:17 - [] D -- C:\Users\user\AppData\Roaming\Mozilla O43 - CFD: 2015/03/61 - 17:36:36 - [] D -- C:\Users\user\AppData\Roaming\Notepad++ O43 - CFD: 2015/06/52 - 05:47:47 - [] D -- C:\Users\user\AppData\Roaming\Skype O43 - CFD: 2014/12/61 - 18:40:40 - [] D -- C:\Users\user\AppData\Roaming\SumatraPDF O43 - CFD: 2015/03/41 - 29:59:59 - [] D -- C:\Users\user\AppData\Roaming\www.shadowexplorer.com O43 - CFD: 2015/06/90 - 06:25:25 - [] D -- C:\Users\user\AppData\Roaming\ZHP O43 - CFD: 2015/06/90 - 38:56:56 - [0] D -- C:\Users\user\AppData\Local\Adobe O43 - CFD: 2014/12/61 - 33:31:31 - [0] SHD -- C:\Users\user\AppData\Local\Application Data O43 - CFD: 2015/04/11 - 41:56:56 - [] D -- C:\Users\user\AppData\Local\AutoIt v3 O43 - CFD: 2015/06/32 - 26:52:52 - [0] D -- C:\Users\user\AppData\Local\CrashDumps O43 - CFD: 2015/05/52 - 09:12:12 - [] D -- C:\Users\user\AppData\Local\Diagnostics O43 - CFD: 2015/06/31 - 10:32:32 - [0] SHD -- C:\Users\user\AppData\Local\EmieBrowserModeList O43 - CFD: 2015/06/31 - 10:32:32 - [0] SHD -- C:\Users\user\AppData\Local\EmieSiteList O43 - CFD: 2015/06/31 - 10:32:32 - [0] SHD -- C:\Users\user\AppData\Local\EmieUserList O43 - CFD: 2015/01/61 - 02:16:16 - [] D -- C:\Users\user\AppData\Local\Google O43 - CFD: 2014/12/61 - 33:31:31 - [0] SHD -- C:\Users\user\AppData\Local\Historique O43 - CFD: 2014/12/61 - 58:23:23 - [] D -- C:\Users\user\AppData\Local\Macromedia O43 - CFD: 2015/06/11 - 37:19:19 - [] D -- C:\Users\user\AppData\Local\Microsoft O43 - CFD: 2015/03/71 - 32:29:29 - [0] D -- C:\Users\user\AppData\Local\Microsoft Help O43 - CFD: 2014/12/61 - 43:17:17 - [] D -- C:\Users\user\AppData\Local\Mozilla O43 - CFD: 2014/12/61 - 38:04:04 - [] D -- C:\Users\user\AppData\Local\Programs O43 - CFD: 2015/06/20 - 55:56:56 - [] D -- C:\Users\user\AppData\Local\Skype O43 - CFD: 2015/06/90 - 05:40:40 - [] D -- C:\Users\user\AppData\Local\Temp O43 - CFD: 2014/12/61 - 33:31:31 - [0] SHD -- C:\Users\user\AppData\Local\Temporary Internet Files O43 - CFD: 2015/06/91 - 07:26:26 - [] D -- C:\Users\user\AppData\Local\VirtualStore O43 - CFD: 2015/01/41 - 18:30:30 - [] D -- C:\Users\user\AppData\Local\WindowsUpdate O43 - CFD: 2009/07/40 - 54:32:32 - [] RD -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/03/01 - 38:24:24 - [] RD -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2009/07/40 - 49:38:38 - [] RD -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2014/12/61 - 48:49:49 - [0] D -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ O43 - CFD: 2014/12/61 - 35:48:48 - [] D -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox Guest Additions O43 - CFD: 2015/03/01 - 38:24:24 - [] RD -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2015/05/31 - 22:32:32 - [] D -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com ---\\ Recherche d'infection sur les navigateurs internet (SBI (2) - 5s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ O69 - SBI: SearchScopes [HKCU] {38697C13-5AC7-4BE9-981B-6D6F2A44D82B} - (Google) - http://www.google.com/ ~ End of the scan in 47 seconds (348)