1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 16:08:06 le 08/02/2014 4. 5. Valeur(s) recherchée(s): 6. roboot64.exe 7. 8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9. 10. (!) --- Recherche registre 11. 12. ====== Fichier(s) ====== 13. 14. Aucun fichier trouvé 15. 16. 17. ====== Entrée(s) du registre ====== 18. 19. 20. [HKLM\System\ControlSet001\Control\Session Manager] 21. "PendingFileRenameOperations"="\??\C:\Windows\system32\WPRO_41_2001woem.tmp 22. 23. \??\C:\Windows\system32\WPRO_41_2001woem_nm.tmp 24. 25. \??\C:\Users\nico\AppData\Local\Temp\_iu14D2N.tmp 26. 27. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Au_.exe 28. 29. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp 30. 31. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Bu_.exe 32. 33. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp 34. 35. \??\C:\Program Files (x86)\BringStar 36. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR 37. \??\c:\windows\SysWOW64\roboot64.exe 38. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR 39. \??\C:\Program Files (x86)\Re-markit\150.dll 40. 41. \??\C:\Program Files (x86)\Re-markit\150.xpi 42. 43. \??\C:\Program Files (x86)\BringStar 44. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR 45. \??\c:\windows\SysWOW64\roboot64.exe 46. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR" (REG_MULTI_SZ) 47. 48. [HKLM\System\CurrentControlSet\Control\Session Manager] 49. "PendingFileRenameOperations"="\??\C:\Windows\system32\WPRO_41_2001woem.tmp 50. 51. \??\C:\Windows\system32\WPRO_41_2001woem_nm.tmp 52. 53. \??\C:\Users\nico\AppData\Local\Temp\_iu14D2N.tmp 54. 55. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Au_.exe 56. 57. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp 58. 59. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Bu_.exe 60. 61. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp 62. 63. \??\C:\Program Files (x86)\BringStar 64. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR 65. \??\c:\windows\SysWOW64\roboot64.exe 66. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR 67. \??\C:\Program Files (x86)\Re-markit\150.dll 68. 69. \??\C:\Program Files (x86)\Re-markit\150.xpi 70. 71. \??\C:\Program Files (x86)\BringStar 72. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR 73. \??\c:\windows\SysWOW64\roboot64.exe 74. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR" (REG_MULTI_SZ) 75. 76. ========================= 77. 78. Fin à: 16:09:06 le 08/02/2014 79. 404090 Éléments analysés 80. 81. ========================= 82. E.O.F