Publicité
Publicité
Format du document : text/plain
Prévisualisation
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commenc� �: 16:08:06 le 08/02/2014
4.
5. Valeur(s) recherch�e(s):
6. roboot64.exe
7.
8. L�gende: TC => Date de cr�ation, TM => Date de modification, DA => Dernier acc�s
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14. Aucun fichier trouv�
15.
16.
17. ====== Entr�e(s) du registre ======
18.
19.
20. [HKLM\System\ControlSet001\Control\Session Manager]
21. "PendingFileRenameOperations"="\??\C:\Windows\system32\WPRO_41_2001woem.tmp
22.
23. \??\C:\Windows\system32\WPRO_41_2001woem_nm.tmp
24.
25. \??\C:\Users\nico\AppData\Local\Temp\_iu14D2N.tmp
26.
27. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Au_.exe
28.
29. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
30.
31. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Bu_.exe
32.
33. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
34.
35. \??\C:\Program Files (x86)\BringStar
36. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
37. \??\c:\windows\SysWOW64\roboot64.exe
38. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR
39. \??\C:\Program Files (x86)\Re-markit\150.dll
40.
41. \??\C:\Program Files (x86)\Re-markit\150.xpi
42.
43. \??\C:\Program Files (x86)\BringStar
44. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
45. \??\c:\windows\SysWOW64\roboot64.exe
46. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR" (REG_MULTI_SZ)
47.
48. [HKLM\System\CurrentControlSet\Control\Session Manager]
49. "PendingFileRenameOperations"="\??\C:\Windows\system32\WPRO_41_2001woem.tmp
50.
51. \??\C:\Windows\system32\WPRO_41_2001woem_nm.tmp
52.
53. \??\C:\Users\nico\AppData\Local\Temp\_iu14D2N.tmp
54.
55. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Au_.exe
56.
57. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
58.
59. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Bu_.exe
60.
61. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
62.
63. \??\C:\Program Files (x86)\BringStar
64. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
65. \??\c:\windows\SysWOW64\roboot64.exe
66. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR
67. \??\C:\Program Files (x86)\Re-markit\150.dll
68.
69. \??\C:\Program Files (x86)\Re-markit\150.xpi
70.
71. \??\C:\Program Files (x86)\BringStar
72. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
73. \??\c:\windows\SysWOW64\roboot64.exe
74. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR" (REG_MULTI_SZ)
75.
76. =========================
77.
78. Fin �: 16:09:06 le 08/02/2014
79. 404090 �l�ments analys�s
80.
81. =========================
82. E.O.F
2.
3. Commenc� �: 16:08:06 le 08/02/2014
4.
5. Valeur(s) recherch�e(s):
6. roboot64.exe
7.
8. L�gende: TC => Date de cr�ation, TM => Date de modification, DA => Dernier acc�s
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14. Aucun fichier trouv�
15.
16.
17. ====== Entr�e(s) du registre ======
18.
19.
20. [HKLM\System\ControlSet001\Control\Session Manager]
21. "PendingFileRenameOperations"="\??\C:\Windows\system32\WPRO_41_2001woem.tmp
22.
23. \??\C:\Windows\system32\WPRO_41_2001woem_nm.tmp
24.
25. \??\C:\Users\nico\AppData\Local\Temp\_iu14D2N.tmp
26.
27. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Au_.exe
28.
29. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
30.
31. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Bu_.exe
32.
33. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
34.
35. \??\C:\Program Files (x86)\BringStar
36. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
37. \??\c:\windows\SysWOW64\roboot64.exe
38. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR
39. \??\C:\Program Files (x86)\Re-markit\150.dll
40.
41. \??\C:\Program Files (x86)\Re-markit\150.xpi
42.
43. \??\C:\Program Files (x86)\BringStar
44. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
45. \??\c:\windows\SysWOW64\roboot64.exe
46. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR" (REG_MULTI_SZ)
47.
48. [HKLM\System\CurrentControlSet\Control\Session Manager]
49. "PendingFileRenameOperations"="\??\C:\Windows\system32\WPRO_41_2001woem.tmp
50.
51. \??\C:\Windows\system32\WPRO_41_2001woem_nm.tmp
52.
53. \??\C:\Users\nico\AppData\Local\Temp\_iu14D2N.tmp
54.
55. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Au_.exe
56.
57. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
58.
59. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp\Bu_.exe
60.
61. \??\C:\Users\nico\AppData\Local\Temp\~nsu.tmp
62.
63. \??\C:\Program Files (x86)\BringStar
64. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
65. \??\c:\windows\SysWOW64\roboot64.exe
66. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR
67. \??\C:\Program Files (x86)\Re-markit\150.dll
68.
69. \??\C:\Program Files (x86)\Re-markit\150.xpi
70.
71. \??\C:\Program Files (x86)\BringStar
72. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\BringStar.DIR
73. \??\c:\windows\SysWOW64\roboot64.exe
74. \??\C:\Users\nico\AppData\Roaming\ZHP\Quarantine\roboot64.exe.VIR" (REG_MULTI_SZ)
75.
76. =========================
77.
78. Fin �: 16:09:06 le 08/02/2014
79. 404090 �l�ments analys�s
80.
81. =========================
82. E.O.F