Publicité
Publicité
Format du document : text/plain
Prévisualisation
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2016-02-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2016-02-03] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-08-27] (Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [aroinics_svc] => C:\Windows\SYSTEM32\CMD.EXE /C START C:\Windows\jghftuwkrk.exe
HKU\S-1-5-21-4149500161-384136862-1415967203-1001\...\Run: [uTorrent] => C:\Users\Le\AppData\Roaming\uTorrent\uTorrent.exe [2065944 2016-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-4149500161-384136862-1415967203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Le\AppData\Roaming\uTorrent\uTorrent.exe [2065944 2016-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-4149500161-384136862-1415967203-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cacaoweb] => "C:\Users\Lilou\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKU\S-1-5-21-4149500161-384136862-1415967203-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cacaoweb] => "C:\Users\Invité\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKU\S-1-5-21-4149500161-384136862-1415967203-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_6956FC45501C8D9F71C9579024A840D7] => C:\Users\Invité\AppData\Local\Chromium\Application\chrome.exe [663552 2015-06-25] (The Chromium Authors)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-18\...\Run: [aroinics_svc] => C:\Windows\SYSTEM32\CMD.EXE /C START C:\Windows\jghftuwkrk.exe
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTRUCTIONS_78E66.html [2016-01-22] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTRUCTIONS_78E66.png.mp3 [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTRUCTIONS_78E66.txt.mp3 [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-02-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2016-02-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2016-02-03] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-08-27] (Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [aroinics_svc] => C:\Windows\SYSTEM32\CMD.EXE /C START C:\Windows\jghftuwkrk.exe
HKU\S-1-5-21-4149500161-384136862-1415967203-1001\...\Run: [uTorrent] => C:\Users\Le\AppData\Roaming\uTorrent\uTorrent.exe [2065944 2016-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-4149500161-384136862-1415967203-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Le\AppData\Roaming\uTorrent\uTorrent.exe [2065944 2016-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-4149500161-384136862-1415967203-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cacaoweb] => "C:\Users\Lilou\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKU\S-1-5-21-4149500161-384136862-1415967203-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cacaoweb] => "C:\Users\Invité\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKU\S-1-5-21-4149500161-384136862-1415967203-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_6956FC45501C8D9F71C9579024A840D7] => C:\Users\Invité\AppData\Local\Chromium\Application\chrome.exe [663552 2015-06-25] (The Chromium Authors)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-18\...\Run: [aroinics_svc] => C:\Windows\SYSTEM32\CMD.EXE /C START C:\Windows\jghftuwkrk.exe
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTRUCTIONS_78E66.html [2016-01-22] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTRUCTIONS_78E66.png.mp3 [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTRUCTIONS_78E66.txt.mp3 [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Lilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.html [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.png [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+qsnth.txt [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.html [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.png [2016-03-13] ()
Startup: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vsgkw.txt [2016-03-13] ()