1
RogueKiller / Re: One note
« on: May 15, 2015, 05:00:47 PM »
Thank you for that so fast response. 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
RogueKiller / One note
« on: May 15, 2015, 04:34:33 PM »
Hi everyone,
Here is my RK rapport :
RogueKiller V10.6.3.0 (x64) [May 11 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en : Mode normal
Utilisateur : Marc [Administrateur]
Démarré depuis : C:\Users\Marc\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 05/15/2015 16:19:24
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 10 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2842125168-2948588057-886441582-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://home.microsoft.com/access/allinone.asp -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2842125168-2948588057-886441582-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://home.microsoft.com/access/allinone.asp -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 1 ¤¤¤
[Suspicious.Startup|VT.Unknown][Fichier] OneNote 2010 - Capture d’écran et lancement.lnk -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk -> Trouvé(e)
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] ddd3724451672bb8dc86abbc9f51f38e
[BSP] 79f0406116131dfca14bb83bc24719b1 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 935631 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1917870080 | Size: 17409 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK
Is there any possible known infection via One Note ?
Thank you.
Here is my RK rapport :
RogueKiller V10.6.3.0 (x64) [May 11 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en : Mode normal
Utilisateur : Marc [Administrateur]
Démarré depuis : C:\Users\Marc\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 05/15/2015 16:19:24
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 10 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2842125168-2948588057-886441582-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://home.microsoft.com/access/allinone.asp -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2842125168-2948588057-886441582-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://home.microsoft.com/access/allinone.asp -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 1 ¤¤¤
[Suspicious.Startup|VT.Unknown][Fichier] OneNote 2010 - Capture d’écran et lancement.lnk -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk -> Trouvé(e)
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] ddd3724451672bb8dc86abbc9f51f38e
[BSP] 79f0406116131dfca14bb83bc24719b1 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 935631 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1917870080 | Size: 17409 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK
Is there any possible known infection via One Note ?
Thank you.
Pages: [1]
