Hijack
sayrus86
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,voila au demmarage de mon pc il me dit c:\windows\system32\ scvhost.exe ntrouvable et aussi qu'une dll
du nom wljuatyp.dd est manquante et ceux apres avoir installer un antivirus et le lancer parceque mon pc été
infecté .
j'ai lancer hijack et voici le rapport généré :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:02, on 14/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddCrOiGy.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F3316389-AA7C-4247-B23B-E4B5E1652566} - C:\WINDOWS\system32\rQHAsqPH.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [8474d8f0] rundll32.exe "C:\WINDOWS\system32\wljuatyp.dll",b
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\rundll.exe
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DED31B0-CAB5-4CBD-AEF1-C08F534564C8}: NameServer = 4.2.2.5 4.2.2.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ddCrOiGy - ddCrOiGy.dll (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
du nom wljuatyp.dd est manquante et ceux apres avoir installer un antivirus et le lancer parceque mon pc été
infecté .
j'ai lancer hijack et voici le rapport généré :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:02, on 14/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddCrOiGy.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F3316389-AA7C-4247-B23B-E4B5E1652566} - C:\WINDOWS\system32\rQHAsqPH.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [8474d8f0] rundll32.exe "C:\WINDOWS\system32\wljuatyp.dll",b
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\rundll.exe
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DED31B0-CAB5-4CBD-AEF1-C08F534564C8}: NameServer = 4.2.2.5 4.2.2.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ddCrOiGy - ddCrOiGy.dll (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
A voir également:
- Hijack
- Hijack this - Télécharger - Antivirus & Antimalwares
- Audio hijack pro - Télécharger - Création musicale
- [Hijack navigateur] Home page ✓ - Forum Virus
- Analyse de rapport hijack this - Forum Virus
- Igfxtray et igfxpers : résultats hijack ✓ - Forum Virus
6 réponses
salut :
réouvre hijackthis
fais scan only
coches ces lignes sur leur gauche:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddCrOiGy.dll (file missing)
O2 - BHO: (no name) - {F3316389-AA7C-4247-B23B-E4B5E1652566} - C:\WINDOWS\system32\rQHAsqPH.dll (file missing)
tu les coches et tu clic sur "fix checked"
et tu fermes le programme.
ensuite :
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\
_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows
et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
Sous XP
Sous Vista
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
=========>A Lire , Impératif !!!!<=========
Télécharges Combofix :
Et important, enregistre le sous "moi.exe" sur le bureau.
Avant d'utiliser ComboFix :
______________________________________________________________________
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Une fois fait, sur ton bureau double-clic sur "moi.exe"
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc ni de tout autre periphérique ,et n'ouvre aucun programme.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et
copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
réouvre hijackthis
fais scan only
coches ces lignes sur leur gauche:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddCrOiGy.dll (file missing)
O2 - BHO: (no name) - {F3316389-AA7C-4247-B23B-E4B5E1652566} - C:\WINDOWS\system32\rQHAsqPH.dll (file missing)
tu les coches et tu clic sur "fix checked"
et tu fermes le programme.
ensuite :
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\
_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows
et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
Sous XP
Sous Vista
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
=========>A Lire , Impératif !!!!<=========
Télécharges Combofix :
Et important, enregistre le sous "moi.exe" sur le bureau.
Avant d'utiliser ComboFix :
______________________________________________________________________
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Une fois fait, sur ton bureau double-clic sur "moi.exe"
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc ni de tout autre periphérique ,et n'ouvre aucun programme.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et
copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
je ne sais pas ce que ce que fait scvhost.exe ou s 'il est important et pour l'autre c une dll erreur de frappe c tout
wljuatyp.dll voila .
wljuatyp.dll voila .
Bonjour scvhost.exe est-il important pour toi ou pas ?
et qu'est-ce que wljuatyp.dd en fait ?
cordialement
g.chinal
et qu'est-ce que wljuatyp.dd en fait ?
cordialement
g.chinal
Moi jdis chapeau à gen-hackman ^^
ComboFix 09-04-14.06 - nabil 14/04/2009 10:04.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1557 [GMT 2:00]
Lancé depuis: c:\documents and settings\nabil\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\nabil\Application Data\tazebama
c:\documents and settings\nabil\Application Data\tazebama\zPharaoh.dat
c:\windows\system32\ainhskjr.ini
c:\windows\system32\avphdmqm.ini
c:\windows\system32\HPqsAHQr.ini
c:\windows\system32\HPqsAHQr.ini2
c:\windows\system32\mfxioojw.ini
c:\windows\system32\ovfsthcnbaofcdjmlsosnfbnjxqtuoblhbtbve.dat
c:\windows\system32\ovfsthyprmhxpkkbuklktjwssqtquwyixjkxjj.dat
c:\windows\system32\pytaujlw.ini
c:\windows\system32\uhrjjdgb.ini
.
---- Exécution préalable -------
.
c:\windows\system32\sysurl.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))
.
2009-04-13 20:49 . 2009-04-13 20:49 -------- d-----w c:\documents and settings\nabil\Application Data\IDM
2009-04-13 20:48 . 2009-04-13 20:48 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-13 13:55 . 2009-04-13 18:21 108336 ----a-w c:\windows\system32\mswinsck.ocx
2009-04-13 13:44 . 2009-04-13 13:44 90112 ----a-w c:\windows\system32\msnc2.exe
2009-04-12 22:08 . 2009-04-13 11:45 -------- d-----w c:\documents and settings\nabil\Application Data\X-NetStat
2009-03-26 16:48 . 2009-03-26 16:48 -------- d---a-w c:\documents and settings\All Users\Application Data\rkfree
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 07:36 . 2009-04-14 07:36 -------- d-----w c:\program files\CCleaner
2009-04-14 07:09 . 2009-04-14 07:09 -------- d-----w c:\program files\Trend Micro
2009-04-13 22:09 . 2009-01-12 20:35 -------- d-----w c:\program files\Internet Download Manager
2009-04-13 20:49 . 2009-01-12 20:35 -------- d-----w c:\documents and settings\nabil\Application Data\DMCache
2009-04-13 20:48 . 2009-04-13 20:48 -------- d-----w c:\program files\Avira
2009-04-13 13:45 . 2009-01-12 12:47 -------- d-----w c:\documents and settings\nabil\Application Data\uTorrent
2009-04-03 16:47 . 2009-01-12 08:11 -------- d-----w c:\program files\Intel
2009-03-26 16:48 . 2009-03-26 16:48 -------- d-----w c:\program files\RKFree
2009-03-19 22:17 . 2007-04-27 02:37 80946 ----a-w c:\windows\system32\perfc00C.dat
2009-03-19 22:17 . 2007-04-27 02:37 501138 ----a-w c:\windows\system32\perfh00C.dat
2009-03-19 21:39 . 2009-03-19 21:39 -------- d-----w c:\program files\RY's GAMES
2009-03-19 21:29 . 2002-03-15 10:40 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-19 21:28 . 2002-03-15 10:40 183112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-16 07:24 . 2002-03-15 10:40 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-03 11:18 . 2009-01-12 12:01 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-02 12:19 . 2009-01-14 11:25 -------- d-----w c:\documents and settings\nabil\Application Data\dvdcss
2009-02-22 11:58 . 2009-01-12 07:49 89392 ----a-w c:\documents and settings\nabil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-22 11:55 . 2009-02-22 11:55 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-02-22 11:54 . 2009-01-12 13:17 -------- d-----w c:\program files\Windows Live
2009-02-22 11:54 . 2009-02-22 11:54 -------- d-----w c:\program files\Microsoft Sync Framework
2009-02-22 11:53 . 2009-01-12 12:03 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-19 09:41 . 2009-02-19 09:41 -------- d-----w c:\documents and settings\All Users\Application Data\31261
2009-02-15 20:18 . 2009-02-15 20:18 -------- d-----w c:\documents and settings\All Users\Application Data\C157
2009-02-15 11:17 . 2009-01-12 11:58 823008 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-15 05:17 . 2009-02-15 05:17 -------- d-----w c:\documents and settings\All Users\Application Data\32213
2009-02-14 13:30 . 2009-01-12 12:22 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-06 18:39 . 2009-02-06 18:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-02 21:47 . 2009-02-02 21:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-01-17 15:21 . 2009-01-12 08:29 24576 ----a-w c:\windows\system32\WLTRYSVC.EXE
2009-01-17 15:21 . 2009-01-12 08:29 749568 ----a-w c:\windows\system32\BCMLogon.dll
2009-01-17 15:21 . 2009-01-12 08:29 69632 ----a-w c:\windows\system32\bcmwlpkt.dll
2009-01-17 15:21 . 2009-01-12 08:29 65536 ----a-w c:\windows\system32\wltrynt.dll
2009-01-17 15:21 . 2009-01-12 08:29 2682880 ----a-w c:\windows\system32\vcredist_x86.exe
2009-01-17 15:21 . 2009-01-12 08:29 229376 ----a-w c:\windows\system32\bcmwlu00.exe
2009-01-17 15:21 . 2009-01-12 08:29 143360 ----a-w c:\windows\system32\preflib.dll
2009-01-17 15:21 . 2009-01-12 08:29 753664 ----a-w c:\windows\system32\bcm1xsup.dll
2009-01-17 15:21 . 2009-01-12 08:29 2670592 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL
2009-01-17 15:21 . 2009-01-12 08:29 1945600 ----a-w c:\windows\system32\WLTRAY.EXE
2009-01-17 15:21 . 2009-01-12 08:29 1691648 ----a-w c:\windows\system32\BCMWLTRY.EXE
2009-01-12 18:39 . 2009-01-12 18:39 44128 ----a-w c:\documents and settings\Invité\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
[-] 2007-04-27 02:37 694784 848BAAF9D7E2A2CE9CA1CD0C2DB43833 c:\windows\system32\wininet.dll
[-] 2007-04-27 02:37 694784 848BAAF9D7E2A2CE9CA1CD0C2DB43833 c:\windows\system32\dllcache\wininet.dll
[-] 2007-04-27 02:37 978432 C2E06CB7CFB5DBD8767DDD5E2E18CF71 c:\windows\explorer.exe
[-] 2007-04-27 02:37 978432 C2E06CB7CFB5DBD8767DDD5E2E18CF71 c:\windows\system32\dllcache\explorer.exe
[-] 2007-04-27 02:37 102400 FFBBEFB47652A140CDD7BAB1E5B915AB c:\windows\system32\wuauclt.exe
[-] 2007-04-27 02:37 102400 FFBBEFB47652A140CDD7BAB1E5B915AB c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-02-02 21:47 34816 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2009-02-06 17:17 1068904 ----a-w c:\program files\Windows Live\Toolbar\wltcore.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-02-02 21:47 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-04-27 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-04-27 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-04-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-04-27 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-12 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-17 1945600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2007-04-27 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-04-27 15360]
c:\documents and settings\nabil\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 ADSLAutoconnect;ADSLAutoconnect; [x]
R3 AVPsys;AVPsys; [x]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}]
\Shell\AutoRun\command - F:\xn1i9x.com
\Shell\explore\Command - F:\xn1i9x.com
\Shell\open\Command - F:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - F:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}]
\Shell\AutoRun\command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}]
\Shell\AutoRun\command - e.cmd
\Shell\explore\Command - e.cmd
\Shell\open\Command - e.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}]
\Shell\AutoRun\command - F:\hovrflst.bat
\Shell\explore\Command - F:\hovrflst.bat
\Shell\open\Command - F:\hovrflst.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C2B7B150-B41B-B8F0-F160-F1F006DD302D}]
c:\windows\system32\rundll.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\system32\shdocvw.dll
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-8474d8f0 - c:\windows\system32\wljuatyp.dll
HKLM-Explorer_Run-Generic Host Process - c:\windows\system32\scvhost.exe
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
Notify-ddCrOiGy - ddCrOiGy.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
TCP: {2DED31B0-CAB5-4CBD-AEF1-C08F534564C8} = 4.2.2.5 4.2.2.6
Handler: http\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 10:07
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|???|???????|??@
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{41cc328f-a136-40ba-bb9b-59896f55eacb}]
@Denied: (Full) (Everyone)
"Model"=dword:00000028
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ed,22,65,62,c3,8a,7f,41,ad,f3,bf,93,af,41,3c,2c,43,33,7c,b0,70,
c5,cf,ec,2e,e0,fc,1b,ca,96,08,c9,be,ec,07,09,a7,2a,b1,dc,00,00,00,00,00,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3392)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 08:08
Avant-CF: 36 005 847 040 octets libres
Après-CF: 38 772 682 752 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
261
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1557 [GMT 2:00]
Lancé depuis: c:\documents and settings\nabil\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\nabil\Application Data\tazebama
c:\documents and settings\nabil\Application Data\tazebama\zPharaoh.dat
c:\windows\system32\ainhskjr.ini
c:\windows\system32\avphdmqm.ini
c:\windows\system32\HPqsAHQr.ini
c:\windows\system32\HPqsAHQr.ini2
c:\windows\system32\mfxioojw.ini
c:\windows\system32\ovfsthcnbaofcdjmlsosnfbnjxqtuoblhbtbve.dat
c:\windows\system32\ovfsthyprmhxpkkbuklktjwssqtquwyixjkxjj.dat
c:\windows\system32\pytaujlw.ini
c:\windows\system32\uhrjjdgb.ini
.
---- Exécution préalable -------
.
c:\windows\system32\sysurl.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))
.
2009-04-13 20:49 . 2009-04-13 20:49 -------- d-----w c:\documents and settings\nabil\Application Data\IDM
2009-04-13 20:48 . 2009-04-13 20:48 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-13 13:55 . 2009-04-13 18:21 108336 ----a-w c:\windows\system32\mswinsck.ocx
2009-04-13 13:44 . 2009-04-13 13:44 90112 ----a-w c:\windows\system32\msnc2.exe
2009-04-12 22:08 . 2009-04-13 11:45 -------- d-----w c:\documents and settings\nabil\Application Data\X-NetStat
2009-03-26 16:48 . 2009-03-26 16:48 -------- d---a-w c:\documents and settings\All Users\Application Data\rkfree
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 07:36 . 2009-04-14 07:36 -------- d-----w c:\program files\CCleaner
2009-04-14 07:09 . 2009-04-14 07:09 -------- d-----w c:\program files\Trend Micro
2009-04-13 22:09 . 2009-01-12 20:35 -------- d-----w c:\program files\Internet Download Manager
2009-04-13 20:49 . 2009-01-12 20:35 -------- d-----w c:\documents and settings\nabil\Application Data\DMCache
2009-04-13 20:48 . 2009-04-13 20:48 -------- d-----w c:\program files\Avira
2009-04-13 13:45 . 2009-01-12 12:47 -------- d-----w c:\documents and settings\nabil\Application Data\uTorrent
2009-04-03 16:47 . 2009-01-12 08:11 -------- d-----w c:\program files\Intel
2009-03-26 16:48 . 2009-03-26 16:48 -------- d-----w c:\program files\RKFree
2009-03-19 22:17 . 2007-04-27 02:37 80946 ----a-w c:\windows\system32\perfc00C.dat
2009-03-19 22:17 . 2007-04-27 02:37 501138 ----a-w c:\windows\system32\perfh00C.dat
2009-03-19 21:39 . 2009-03-19 21:39 -------- d-----w c:\program files\RY's GAMES
2009-03-19 21:29 . 2002-03-15 10:40 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-19 21:28 . 2002-03-15 10:40 183112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-16 07:24 . 2002-03-15 10:40 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-03 11:18 . 2009-01-12 12:01 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-02 12:19 . 2009-01-14 11:25 -------- d-----w c:\documents and settings\nabil\Application Data\dvdcss
2009-02-22 11:58 . 2009-01-12 07:49 89392 ----a-w c:\documents and settings\nabil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-22 11:55 . 2009-02-22 11:55 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-02-22 11:54 . 2009-01-12 13:17 -------- d-----w c:\program files\Windows Live
2009-02-22 11:54 . 2009-02-22 11:54 -------- d-----w c:\program files\Microsoft Sync Framework
2009-02-22 11:53 . 2009-01-12 12:03 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-19 09:41 . 2009-02-19 09:41 -------- d-----w c:\documents and settings\All Users\Application Data\31261
2009-02-15 20:18 . 2009-02-15 20:18 -------- d-----w c:\documents and settings\All Users\Application Data\C157
2009-02-15 11:17 . 2009-01-12 11:58 823008 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-15 05:17 . 2009-02-15 05:17 -------- d-----w c:\documents and settings\All Users\Application Data\32213
2009-02-14 13:30 . 2009-01-12 12:22 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-06 18:39 . 2009-02-06 18:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-02 21:47 . 2009-02-02 21:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-01-17 15:21 . 2009-01-12 08:29 24576 ----a-w c:\windows\system32\WLTRYSVC.EXE
2009-01-17 15:21 . 2009-01-12 08:29 749568 ----a-w c:\windows\system32\BCMLogon.dll
2009-01-17 15:21 . 2009-01-12 08:29 69632 ----a-w c:\windows\system32\bcmwlpkt.dll
2009-01-17 15:21 . 2009-01-12 08:29 65536 ----a-w c:\windows\system32\wltrynt.dll
2009-01-17 15:21 . 2009-01-12 08:29 2682880 ----a-w c:\windows\system32\vcredist_x86.exe
2009-01-17 15:21 . 2009-01-12 08:29 229376 ----a-w c:\windows\system32\bcmwlu00.exe
2009-01-17 15:21 . 2009-01-12 08:29 143360 ----a-w c:\windows\system32\preflib.dll
2009-01-17 15:21 . 2009-01-12 08:29 753664 ----a-w c:\windows\system32\bcm1xsup.dll
2009-01-17 15:21 . 2009-01-12 08:29 2670592 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL
2009-01-17 15:21 . 2009-01-12 08:29 1945600 ----a-w c:\windows\system32\WLTRAY.EXE
2009-01-17 15:21 . 2009-01-12 08:29 1691648 ----a-w c:\windows\system32\BCMWLTRY.EXE
2009-01-12 18:39 . 2009-01-12 18:39 44128 ----a-w c:\documents and settings\Invité\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
[-] 2007-04-27 02:37 694784 848BAAF9D7E2A2CE9CA1CD0C2DB43833 c:\windows\system32\wininet.dll
[-] 2007-04-27 02:37 694784 848BAAF9D7E2A2CE9CA1CD0C2DB43833 c:\windows\system32\dllcache\wininet.dll
[-] 2007-04-27 02:37 978432 C2E06CB7CFB5DBD8767DDD5E2E18CF71 c:\windows\explorer.exe
[-] 2007-04-27 02:37 978432 C2E06CB7CFB5DBD8767DDD5E2E18CF71 c:\windows\system32\dllcache\explorer.exe
[-] 2007-04-27 02:37 102400 FFBBEFB47652A140CDD7BAB1E5B915AB c:\windows\system32\wuauclt.exe
[-] 2007-04-27 02:37 102400 FFBBEFB47652A140CDD7BAB1E5B915AB c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-02-02 21:47 34816 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2009-02-06 17:17 1068904 ----a-w c:\program files\Windows Live\Toolbar\wltcore.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-02-02 21:47 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-04-27 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-04-27 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-04-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-04-27 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-12 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-17 1945600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2007-04-27 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-04-27 15360]
c:\documents and settings\nabil\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 ADSLAutoconnect;ADSLAutoconnect; [x]
R3 AVPsys;AVPsys; [x]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}]
\Shell\AutoRun\command - F:\xn1i9x.com
\Shell\explore\Command - F:\xn1i9x.com
\Shell\open\Command - F:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - F:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}]
\Shell\AutoRun\command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}]
\Shell\AutoRun\command - e.cmd
\Shell\explore\Command - e.cmd
\Shell\open\Command - e.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}]
\Shell\AutoRun\command - F:\hovrflst.bat
\Shell\explore\Command - F:\hovrflst.bat
\Shell\open\Command - F:\hovrflst.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C2B7B150-B41B-B8F0-F160-F1F006DD302D}]
c:\windows\system32\rundll.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\system32\shdocvw.dll
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-8474d8f0 - c:\windows\system32\wljuatyp.dll
HKLM-Explorer_Run-Generic Host Process - c:\windows\system32\scvhost.exe
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
Notify-ddCrOiGy - ddCrOiGy.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
TCP: {2DED31B0-CAB5-4CBD-AEF1-C08F534564C8} = 4.2.2.5 4.2.2.6
Handler: http\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 10:07
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|???|???????|??@
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{41cc328f-a136-40ba-bb9b-59896f55eacb}]
@Denied: (Full) (Everyone)
"Model"=dword:00000028
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ed,22,65,62,c3,8a,7f,41,ad,f3,bf,93,af,41,3c,2c,43,33,7c,b0,70,
c5,cf,ec,2e,e0,fc,1b,ca,96,08,c9,be,ec,07,09,a7,2a,b1,dc,00,00,00,00,00,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3392)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 08:08
Avant-CF: 36 005 847 040 octets libres
Après-CF: 38 772 682 752 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
261
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
######## | XP _ Instal & recherche | #######
Telecharge et install UsbFix (de C_XX & Chiquitine29)
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisi l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Telecharge et install UsbFix (de C_XX & Chiquitine29)
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisi l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
voici le rapport de la premiere clé usb :
############################## [ UsbFix V3.007 ]
# User : nabil (Administrateurs) # NAB
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 20:13:24 | 14/04/2009
# Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# C:\ # Disque fixe local # 58.59 Go (36.1 Go free) # NTFS
# D:\ # Disque fixe local # 174.28 Go (80.42 Go free) # NTFS
# E:\ # Disque CD-ROM
# H:\ # Disque amovible # 469.9 Mo (298.4 Mo free) [NAB] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="nabil"
HKLM_logon: "AltDefaultUserName"="nabil"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKCU_Run: RocketDock="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKLM_Run: StartCCC=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM_Run: PTHOSTTR=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
HKLM_Run: QlbCtrl.exe=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\system32\WLTRAY.exe
HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
################## [ Informations ]
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
# -> Not Found !
################## [ Registre # Mountpoints2 ]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\h
############################## [ UsbFix V3.007 ]
# User : nabil (Administrateurs) # NAB
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 20:13:24 | 14/04/2009
# Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# C:\ # Disque fixe local # 58.59 Go (36.1 Go free) # NTFS
# D:\ # Disque fixe local # 174.28 Go (80.42 Go free) # NTFS
# E:\ # Disque CD-ROM
# H:\ # Disque amovible # 469.9 Mo (298.4 Mo free) [NAB] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="nabil"
HKLM_logon: "AltDefaultUserName"="nabil"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKCU_Run: RocketDock="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKLM_Run: StartCCC=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM_Run: PTHOSTTR=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
HKLM_Run: QlbCtrl.exe=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\system32\WLTRAY.exe
HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
################## [ Informations ]
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
# -> Not Found !
################## [ Registre # Mountpoints2 ]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e349a0-0009-11de-b6c8-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f2fa6b0-21bd-11de-b723-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c7c514-1eed-11de-b71f-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c43328-e0b7-11dd-b62f-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919cc169-f113-11dd-b684-002100166bba}\Shell\Ouvrir\command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda04b99-0722-11de-b6de-002100166bba}\Shell\open\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= F:\log.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\AutoRun\command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\hovrflst.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\em8tqm.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\xn1i9x.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= G:\LaunchU3.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= C:\WINDOWS\system32\RunDLL32.EXE
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= 2.bat
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= e.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd3ca128-373d-11d6-b702-002100166bba}\Shell\explore\Command
@= F:\h
merci bien de votre aide .