Rapport de ZHPDiag v2013.7.13.25 par Nicolas Coolman, Update du 14/07/2013
Run by AHMED at 16/07/2013 16:34:14
WebSite: http://nicolascoolman.webs.com
State : Error during network connexion
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16635
GCIE: Google Chrome v28.0.1500.72 (Defaut)

---\\ Windows Product Information
~ Langage: Anglais
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ System Optimizer

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3061.2 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (46%) free of 100 GB

---\\ Logged in mode
~ Computer Name: AHMED-PC
~ User Name: AHMED
~ All Users Names: Guest, AHMED, Administrator, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\AHMED\AppData\Roaming\
~ %Desktop% : C:\Users\AHMED\Desktop\
~ %Favorites% : C:\Users\AHMED\Favorites\
~ %LocalAppData% : C:\Users\AHMED\AppData\Local\
~ %StartMenu% : C:\Users\AHMED\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 47 Go of 100 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 48 Go of 49 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)



---\\ Security Center & Tools Informations
~ Security Center: 26 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 05:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.9BF7C7654EFD098EE3A27B49492A382A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/06/2013 - 23:43:37.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 21:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 21:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 21:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 21:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 21:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 21:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 21:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 21:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 21:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 3/33
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/24
~ Hidden Files:  Scanned in 00mn 00s



---\\ Running Processes
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.2120]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe   [31016] [PID.2128]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [141848] [PID.2136]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [173592] [PID.2144]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [150552] [PID.2152]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe   [252952] [PID.2216]
[MD5.307EED07597789770F1EE9DD941E1BDF] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\AHMED\AppData\Roaming\uTorrent\uTorrent.exe   [1126480] [PID.2248]  =>P2P.µTorrent
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe   [98632] [PID.2268]
[MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [846288] [PID.3968]
[MD5.864F3E37BCF2F9BB998414673F1C215A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7711232] [PID.2000]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 13 Legitimates Filtered in 00mn 16s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 07s
~ Nombre de lignes (Lines number): 15476



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\AHMED\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.µTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-1257974523-4239819012-1303345918-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\AHMED\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.µTorrent
~ Application:  Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
~ Global Startup:  Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
~ Winsock: 6 Legitimates Filtered in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E095EFB-2862-42CC-BAC6-7DDD5A98D66A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8E095EFB-2862-42CC-BAC6-7DDD5A98D66A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8E095EFB-2862-42CC-BAC6-7DDD5A98D66A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.090F14E85F7CD20685B5BEFBCA1E0565] - 16/07/2013 - 16:22:35 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat   [172]
O44 - LFC:[MD5.73FE8285D075FE7F0CD980870A09AF3D] - 16/07/2013 - 11:14:27 ---A- . (...) -- C:\Windows\wininit.ini   [79]
O44 - LFC:[MD5.0B40C32254BE3F15225635EA94ABD729] - 07/07/2013 - 17:26:23 ---A- . (...) -- C:\Windows\IE10_main.log   [10028]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 07/07/2013 - 17:09:26 ---A- . (...) -- C:\Windows\System32\ieuinit.inf   [25185]
O44 - LFC:[MD5.B51620D3B41BC2F4A5CE695DC94E874D] - 07/07/2013 - 17:03:19 ---A- . (...) -- C:\Windows\sounder.his   [1168]
O44 - LFC:[MD5.F8AF37885260F5BD5EC15C30344CB43D] - 07/07/2013 - 17:02:38 ---A- . (...) -- C:\Windows\hpntwksetup.ini   [98]
O44 - LFC:[MD5.48BA23373D43BDCD0CEAC891AF7B7226] - 07/07/2013 - 16:52:19 ---A- . (...) -- C:\Windows\System32\IScrNB.bmp   [121232]
O44 - LFC:[MD5.394B26364B21B65151153631DDEBC0D5] - 07/07/2013 - 16:52:19 ---A- . (.Unknown owner - igfxtvcx Module.) -- C:\Windows\System32\igfxtvcx.dll   [140288]
O44 - LFC:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] - 07/07/2013 - 16:20:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum   [175]
O44 - LFC:[MD5.FAF091AA45A6A6CF3CF94FE065950956] - 07/07/2013 - 16:20:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum   [175]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 07/07/2013 - 16:12:13 ---A- . (...) -- C:\Windows\win.ini   [478]
O44 - LFC:[MD5.B69A2AF7E910297D3199816BB4812B80] - 07/07/2013 - 16:09:04 ---A- . (...) -- C:\Windows\System32\RaCoInst.log   [696]
O44 - LFC:[MD5.A810DDE467EBBF04A7BA3446D412A018] - 07/07/2013 - 14:54:57 ---A- . (...) -- C:\Windows\TSSysprep.log   [1355]
O44 - LFC:[MD5.B1CB812EBB49FB2C0BEDFD08667182B6] - 07/07/2013 - 14:52:42 ---A- . (...) -- C:\Windows\DtcInstall.log   [2790]
O44 - LFC:[MD5.E70DAB50DC67D4037A612384D649313F] - 07/07/2013 - 14:41:00 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 Wireless Adapter Driver.) -- C:\Windows\System32\Drivers\netr61.sys   [376160]
O44 - LFC:[MD5.5BA0E98905C05CBB74418523C642CE83] - 07/07/2013 - 14:41:00 ---A- . (.Ralink Technology, Inc. - Ralink CoInstaller Dynamic Link Library.) -- C:\Windows\System32\RaCoInst.dll   [238880]
~ Files: 354 Legitimates Filtered in 00mn 13s



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.77BAC49331D54AF8710DDA1CC85D6B50] - 16/07/2013 - 12:04:13 ---A- - C:\Windows\Prefetch\WSCOMMCNTR1.EXE-AB1F658F.pf
O45 - LFCP:[MD5.1927BC99731BFDC542DAFC5FD1207CC7] - 16/07/2013 - 16:28:06 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf
~ Prefetcher: 63 Legitimates Filtered in 00mn 00s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 01:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers:  Scanned in 00mn 00s



---\\ Last modified or created user files (O61)
O61 - LFC: 13/07/2013 - 13:17:43 ---A- C:\Users\AHMED\Downloads\George de la jungle - DVDRip [www.omgtorrent.com].torrent   [56453]
O61 - LFC: 13/07/2013 - 13:19:54 ---A- C:\Users\AHMED\Downloads\Skyfall - DVDRip [www.omgtorrent.com].torrent   [113807]
O61 - LFC: 13/07/2013 - 13:20:52 R--A- C:\Users\AHMED\Downloads\Skyfall 2012 FRENCH DVDRiP XviD-CARPEDIEM\Skyfall MP3 CARPEDIEM.nfo   [4971]
O61 - LFC: 13/07/2013 - 13:20:56 ---A- C:\Users\AHMED\Downloads\Dragon Gate, la légende des sabres volants - DVDRip [www.omgtorrent.com].torrent   [14942]
O61 - LFC: 13/07/2013 - 13:22:27 ---A- C:\Users\AHMED\Downloads\X-Men 2 - BRRip [www.omgtorrent.com].torrent   [113332]
O61 - LFC: 13/07/2013 - 13:25:51 ---A- C:\Users\AHMED\Downloads\One Piece - BRRip [www.omgtorrent.com].torrent   [7930]
O61 - LFC: 13/07/2013 - 13:26:38 ---A- C:\Users\AHMED\Downloads\Insidious - DVDRip [www.omgtorrent.com].torrent   [8163]
O61 - LFC: 13/07/2013 - 13:30:32 ---A- C:\Users\AHMED\Downloads\La Vengeance de Monte Cristo - BDRip [www.omgtorrent.com].torrent   [14848]
O61 - LFC: 13/07/2013 - 13:47:46 ---A- C:\Users\AHMED\Downloads\Matrix Revolutions - DVDRip [www.omgtorrent.com].torrent   [29246]
O61 - LFC: 13/07/2013 - 13:48:08 ---A- C:\Users\AHMED\Downloads\Le Petit monde de Don Camillo - DVDRip [www.omgtorrent.com].torrent   [29055]
O61 - LFC: 13/07/2013 - 13:48:28 ---A- C:\Users\AHMED\Downloads\One Piece - BRRip [www.omgtorrent.com] (1).torrent   [8016]
O61 - LFC: 13/07/2013 - 13:48:36 ---A- C:\Users\AHMED\Downloads\Bodyguard - DVDRip [www.omgtorrent.com].torrent   [14868]
O61 - LFC: 13/07/2013 - 13:48:42 ---A- C:\Users\AHMED\Downloads\Ocean's 13 - DVDRip [www.omgtorrent.com].torrent   [14824]
O61 - LFC: 13/07/2013 - 13:53:38 ---A- C:\Users\AHMED\Downloads\Scary Movie 2 - DVDRip [www.omgtorrent.com].torrent   [14997]
O61 - LFC: 13/07/2013 - 13:53:54 ---A- C:\Users\AHMED\Downloads\Tarzan - DVDRip [www.omgtorrent.com].torrent   [28996]
O61 - LFC: 13/07/2013 - 13:56:22 ---A- C:\Users\AHMED\Downloads\Sublimes créatures - HD - 720p [www.omgtorrent.com].torrent   [43985]
O61 - LFC: 13/07/2013 - 13:56:37 ---A- C:\Users\AHMED\Downloads\Sublimes créatures - DVDRip [www.omgtorrent.com].torrent   [14912]
O61 - LFC: 13/07/2013 - 14:47:21 ---A- C:\Users\AHMED\Downloads\Shark 3D - DVDRip [www.omgtorrent.com].torrent   [14872]
O61 - LFC: 13/07/2013 - 15:07:08 ---A- C:\Users\AHMED\Downloads\Insidious.2011.TRUEFRENCH.DVDRIP.XVID-LEGiON\Insidious.2011.TRUEFRENCH.DVDRIP.XVID-LEGiON.nfo   [428]
O61 - LFC: 15/07/2013 - 10:00:41 ---A- C:\Users\AHMED\Downloads\Le.petit.monde.de .Don.Camillo.1952.FRENCH.DVDRiP.XViD.AC3.HuSh\Le.petit.monde.de .Don.Camillo.1952.FRENCH.DVDRiP.XViD.AC3.HuSh.nfo   [11789]
O61 - LFC: 15/07/2013 - 10:04:15 ---A- C:\Users\AHMED\Documents\PMV House.bak   [71675]
O61 - LFC: 15/07/2013 - 10:32:26 ---A- C:\Users\AHMED\Documents\PMV House.dwg   [81356]
O61 - LFC: 15/07/2013 - 12:52:44 ---A- C:\Users\AHMED\Downloads\SG-SSB OSU 30-06-13.bak   [3950123]
O61 - LFC: 15/07/2013 - 16:03:24 ---A- C:\Users\AHMED\Downloads\ADMINTELECOM GH.LTD.ESTATE PROJECT.bak   [6474080]
O61 - LFC: 15/07/2013 - 16:03:40 ---A- C:\Users\AHMED\Downloads\SG-SSB OSU 30-06-13.dwg   [4175697]
O61 - LFC: 15/07/2013 - 16:03:44 ---A- C:\Users\AHMED\Downloads\ADMINTELECOM GH.LTD.ESTATE PROJECT.dwg   [6560952]
O61 - LFC: 15/07/2013 - 16:08:25 ---A- C:\Users\AHMED\Downloads\SG FAN GF.pdf   [351368]
O61 - LFC: 15/07/2013 - 16:11:02 ---A- C:\Users\AHMED\Downloads\Prem GF.pdf   [355605]
O61 - LFC: 15/07/2013 - 16:11:45 ---A- C:\Users\AHMED\Downloads\Prem F1.pdf   [264099]
O61 - LFC: 15/07/2013 - 17:19:11 ---A- C:\Users\AHMED\Downloads\Fanoofa Ceiling.pdf   [288721]
O61 - LFC: 15/07/2013 - 17:58:30 ---A- C:\Users\AHMED\Documents\ADMINTELECOM GH.LTD.ESTATE PROJECT.bak   [6753594]
O61 - LFC: 15/07/2013 - 18:11:53 ---A- C:\Users\AHMED\Documents\ADMINTELECOM GH.LTD.ESTATE PROJECT.dwg   [6925892]
O61 - LFC: 15/07/2013 - 18:12:02 ---A- C:\Users\AHMED\Documents\SG-SSB OSU 30-06-13.bak   [4396810]
O61 - LFC: 16/07/2013 - 08:41:01 ---A- C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [262507]
O61 - LFC: 16/07/2013 - 09:08:20 ---A- C:\Users\AHMED\Downloads\pics.zip   [604215]
O61 - LFC: 16/07/2013 - 09:14:19 ---A- C:\Users\AHMED\Downloads\SG PREM Tow-08July2013_recover.dwg   [5402760]
O61 - LFC: 16/07/2013 - 10:20:16 ---A- C:\Users\AHMED\Documents\SG-SSB OSU 30-06-13.dwg   [4211197]
O61 - LFC: 16/07/2013 - 10:20:35 ---A- C:\Users\AHMED\Downloads\CFAO KUMASI CURRENT DWG 08 - 05 - 13.bak   [2510571]
O61 - LFC: 16/07/2013 - 10:20:42 ---A- C:\Users\AHMED\Downloads\CFAO KUMASI CURRENT DWG 08 - 05 - 13.dwg   [1843904]
O61 - LFC: 16/07/2013 - 12:54:07 --HA- C:\Users\AHMED\Documents\thomas exo 5.dwl   [38]
O61 - LFC: 16/07/2013 - 12:54:07 --HA- C:\Users\AHMED\Documents\thomas exo 5.dwl2   [188]
O61 - LFC: 16/07/2013 - 15:14:05 ---A- C:\Users\AHMED\Downloads\PMV House.bak   [159411]
O61 - LFC: 16/07/2013 - 16:22:14 ---A- C:\Users\AHMED\Downloads\PMV House.dwg   [135981]
O61 - LFC: 16/07/2013 - 16:22:14 --HA- C:\Users\AHMED\Downloads\PMV House.dwl   [38]
O61 - LFC: 16/07/2013 - 16:22:14 --HA- C:\Users\AHMED\Downloads\PMV House.dwl2   [188]
O61 - LFC: 16/07/2013 - 16:35:38 ---A- C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Local State   [32835]
~ 20 Fichiers temporaires (Temporary files)
~ Files: 350 Legitimates Filtered in 00mn 16s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.09DAB2965692F2D5B75331951C7BDD51] [SPRF][03/02/2009] (.Autodesk, Inc. - Autodesk component.) -- C:\Users\AHMED\AppData\Local\Temp\AcDeltree.exe   [161640]
[MD5.5CE1BABD0B13636E12F2CFC2C705E248] [SPRF][07/07/2013] (.Hewlett-Packard - No comment.) -- C:\Users\AHMED\AppData\Local\Temp\HPDesignjet30-130PrinterSeries.exe   [64718704]
[MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF][27/10/2006] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\AHMED\AppData\Local\Temp\ose00000.exe   [145184]
[MD5.CC198634BCAEF99C50277CC81B14AB27] [SPRF][16/07/2013] (...) -- C:\Users\AHMED\Desktop\adwcleaner.exe   [662345]
[MD5.B9F4EFC6CA48696DA3F1567784CA1D43] [SPRF][16/07/2013] (...) -- C:\Users\AHMED\Desktop\RogueKiller.exe   [915456]
[MD5.E79F77AB73F46E9760C199C2DE8FCB5C] [SPRF][16/07/2013] (.El Desaparecido - SosVirus.net - UsbFix - Remove malware from yours drive!.) -- C:\Users\AHMED\Desktop\usbfix.exe   [1030081]
[MD5.5918152F72762CD74E6BBB7495A7A14E] [SPRF][09/02/2009] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll   [113816]
~ Files:  Scanned in 00mn 01s



---\\ Additionnal Scan (O88)
Database Version : v2.12771 - (14/07/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

~ Additionnel Scan: 240516 Items scanned in 00mn 30s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/07/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/05/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 08/07/2013 651720 |  (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 08/07/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 02s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by AHMED at 16/07/2013 16:37:16

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
~ MBR: 8 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by AHMED at 16/07/2013 16:37:18

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 1452 Legitimates filtered by white list
End of the scan (425 lines in 03mn 04s)(0)