cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V9.1.0.0 [Jun 23 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Thomas [Droits d'admin]
Mode : Recherche -- Date : 07/04/2014 19:01:27

¤¤¤ Processus malicieux : 1 ¤¤¤
[ZeroAccess] coreServiceShell.exe -- [x] -> ERROR [12]

¤¤¤ Entrées de registre : 11 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Savings Avenger-repairJob : wscript.exe "C:\Users\Thomas\AppData\Local\Savings Avenger\repair.js" "Savings Avenger-repairJob" -> TROUVÉ
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> TROUVÉ
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:3128 -> TROUVÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> TROUVÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> TROUVÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> TROUVÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ

¤¤¤ Tâches planifiées : 13 ¤¤¤
[Suspicious.Path] \\{06321CD9-F96D-411F-8080-BDA5A241DD9D} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\AppData\Local\Temp\Temp1_FSUIPC4.zip\Install FSUIPC4.exe") -> TROUVÉ
[Suspicious.Path] \\{0848B8A3-5165-4E77-9558-63C7C9D48675} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\AppData\Local\Temp\Temp2_Install_FSUIPC488.zip\Install FSUIPC4.exe") -> TROUVÉ
[Suspicious.Path] \\{1C5FC99E-51CE-4687-9428-73E673D73F1E} -- C:\Users\Thomas\Desktop\X-Plane 10\X-Plane.exe -> TROUVÉ
[Suspicious.Path] \\{260CFB24-7CB5-44D5-8C08-ED4D6F6C2048} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\AppData\Local\Temp\Temp1_Install_FSUIPC488.zip\Install FSUIPC4.exe") -> TROUVÉ
[Suspicious.Path] \\{39103AD3-186A-4386-897F-8BB6BAFCE9B3} -- C:\Users\Thomas\Desktop\SparkIV.exe -> TROUVÉ
[Suspicious.Path] \\{3B186451-02A8-44B3-A34C-BE398ADBFAB9} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\Desktop\instalation md11\PMDG_MD11_FSX_Setup.exe" -d "C:\Users\Thomas\Desktop\instalation md11") -> TROUVÉ
[Suspicious.Path] \\{58471084-523A-430A-B5E3-0FFCBBF29491} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\Desktop\IVAO\scenes FSX\setup_lfrb_fsx.exe" -d "C:\Users\Thomas\Desktop\IVAO\scenes FSX") -> TROUVÉ
[Suspicious.Path] \\{682969D0-68A4-4012-A845-1F61A0F19EED} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Thomas\AppData\Local\Temp\Temp2_Take_On_Helicopters_Demo.zip\Take_On_Helicopters_Demo.exe) -> TROUVÉ
[Suspicious.Path] \\{7E28A05C-3B1C-4596-BD6B-C6AFA3A3E74B} -- C:\Users\Thomas\Desktop\IVAO\Logiciel IVAO\ivap-v2.0.2-b2773\ivap-v2.0.2-b2773.exe -> TROUVÉ
[Suspicious.Path] \\{87E91E79-DBF0-4C97-BA15-18EF274942F8} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\Desktop\IVAO\Logiciel IVAO\Install_FSUIPC488\Install FSUIPC4.exe" -d "C:\Users\Thomas\Desktop\IVAO\Logiciel IVAO\Install_FSUIPC488") -> TROUVÉ
[Suspicious.Path] \\{A3F38E74-FE65-490F-866D-FA2851DFC558} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A75HCEIN\FsPassengersX_setup.exe" -d C:\Users\Thomas\Desktop) -> TROUVÉ
[Suspicious.Path] \\{D088DCCF-3C44-4E8E-8206-09AF968BD712} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Thomas\Downloads\setup_lfrb_fsx.exe -d C:\Users\Thomas\Downloads) -> TROUVÉ
[Suspicious.Path] \\{FD3ABF11-B1F2-4939-B378-B23718EB969F} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Thomas\AppData\Local\Temp\Temp1_FSUIPC4.zip\Install FSUIPC4.exe") -> TROUVÉ

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 SCSI Disk Device +++++
--- User ---
[MBR] b05b0243c519f4efe2a4285217a8aec1
[BSP] 17c681c4221503805fffec2d0b94f2ed : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: FLASH Drive SM_USB20 USB Device +++++
--- User ---
[MBR] e524714e7f769e9ed8577792ece20238
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 64 | Size: 1911 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


Publicité


Signaler le contenu de ce document

Publicité