Author Topic: One note  (Read 4681 times)

0 Members and 1 Guest are viewing this topic.

May 15, 2015, 04:34:33 pm

Acrobaze

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
One note
« on: May 15, 2015, 04:34:33 pm »
Hi everyone,

Here is my RK rapport :

RogueKiller V10.6.3.0 (x64) [May 11 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en  : Mode normal
Utilisateur : Marc [Administrateur]
Démarré depuis : C:\Users\Marc\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 05/15/2015  16:19:24

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 10 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2842125168-2948588057-886441582-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://home.microsoft.com/access/allinone.asp  -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2842125168-2948588057-886441582-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://home.microsoft.com/access/allinone.asp  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 1 ¤¤¤
[Suspicious.Startup|VT.Unknown][Fichier] OneNote 2010 - Capture d’écran et lancement.lnk -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] ddd3724451672bb8dc86abbc9f51f38e
[BSP] 79f0406116131dfca14bb83bc24719b1 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 935631 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1917870080 | Size: 17409 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK

Is there any possible known infection via One  Note ?

Thank you.

Reply #1May 15, 2015, 04:42:49 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2570
  • Reputation:
    97
    • View Profile
Re: One note
« Reply #1 on: May 15, 2015, 04:42:49 pm »
Hi Acrobaze,

Welcome to Adlice.com Forum.

This detection is a false positive. It will be whitelisted as soon as possible.
Thanks for bringing this to our attention.

Regards.

Reply #2May 15, 2015, 05:00:47 pm

Acrobaze

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: One note
« Reply #2 on: May 15, 2015, 05:00:47 pm »
Thank you for that so fast response. ;)

Reply #3May 15, 2015, 05:17:42 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2570
  • Reputation:
    97
    • View Profile
Re: One note
« Reply #3 on: May 15, 2015, 05:17:42 pm »
Hi Acrobaze,

You are very welcome. :)

Regards.