Papsded

Bonjour, Après résolution des attaques virales (semble t'il) par Zonk et Anthony#10 et probablement des mauvaises manip supplémentaires de ma part avec spybot et TuneUpUtilities, me voici dans le même cas que celui sité en titre. J'ai essayé le premier conseil préconisé par snOOKY, à savoir lancer XP-secconsole de Doug Knox mais une fenêtre d'erreur me demande de le lancer à partir du compte d'un administrateur; ce qui est impossible ! Pouvez-vous m'aider SVP ? ou bien est-ce que je dois réinstaller wondows xp ? PS: j'ai la possibilté par contre de graver sur CD mes fichiers importants PS2: le Portable malade est celui d'un ami. Je poste depuis le mien.

Bonsoir, Après avoir suivi toutes les instructions sans problème, voici les rapports demandés. Tu t'apercevras certainement qu'entre-temps, j'avais restauré des fichiers supprimés il y a 3 jours avec TuneUp Utilites . J'espère n'avoir pas fait trop de bêtises. Joyeux Noël également ainsi qu'à toute l'équipe des resto du coeur >>> Restaurateur système bénévoles évidemment ! André Deckard's System Scanner v20071014.68 Run by JEAN LOUIS RABASTE on 2007-12-24 18:53:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis (run as JEAN LOUIS RABASTE.exe) ---------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:54, on 24/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\JEAN LOUIS RABASTE\Bureau\dss.exe C:\DOCUME~1\JEANLO~1\MESDOC~1\DOWNLO~1\JEANLO~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [backupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [backupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User '?') O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [RecordNow!] (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing) O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing) -- End of file - 8574 bytes -- Files created between 2007-11-24 and 2007-12-24 ----------------------------- 2007-12-23 16:30:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Grisoft 2007-12-23 16:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-21 17:54:08 0 d-------- C:\Documents and Settings\ALICE\Application Data\Wannadoo 2007-12-20 21:57:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-20 09:11:11 0 d-------- C:\WINDOWS\system32\fr-fr 2007-12-19 18:38:42 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Favoris 2007-12-19 18:38:42 0 d---s---- C:\Documents and Settings\Administrateur.PC192141439594\Cookies 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Bureau 2007-12-19 18:38:42 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Application Data 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Symantec 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sun 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sonic 2007-12-19 18:38:42 0 d---s---- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Microsoft 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Identities 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Apple Computer 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage réseau 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage d'impression 2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\SendTo 2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Recent 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Modèles 2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Mes documents 2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Menu Démarrer 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Local Settings 2007-12-19 18:38:40 786432 --ah----- C:\Documents and Settings\Administrateur.PC192141439594\NTUSER.DAT 2007-12-19 16:24:59 0 d-------- C:\WINDOWS\BDOSCAN8 2007-12-19 15:26:52 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\TuneUp Software 2007-12-19 15:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-12-19 15:26:26 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-12-19 09:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-19 09:24:48 21760 --a------ C:\WINDOWS\Yrq68.sys 2007-12-18 22:27:34 0 d--h----- C:\WINDOWS\PIF 2007-12-18 16:33:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google 2007-12-18 16:33:04 0 dr------- C:\Documents and Settings\LocalService\Favoris 2007-12-17 18:59:51 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor 2007-12-15 23:05:03 21760 --a------ C:\WINDOWS\system32\drivers\Yrq68.sys 2007-12-15 14:57:52 1162732 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Install.dat 2007-12-11 17:40:58 6815744 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\ntuser.dat -- Find3M Report --------------------------------------------------------------- 2007-12-23 17:08:01 0 d-------- C:\Program Files\wanadoo_toolbar 2007-12-22 12:38:41 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Sonic 2007-12-21 22:24:20 0 d-------- C:\Program Files\Wanadoo 2007-12-20 22:15:52 445254 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-12-20 22:15:52 63812 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-12-20 21:25:48 0 d-------- C:\Program Files\eMule 2007-12-19 21:53:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\OpenOffice.org2 2007-12-19 15:30:58 0 d-------- C:\Program Files\Yahoo! 2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs 2007-12-19 08:56:09 6815 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\update.log 2007-11-10 18:40:03 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Identities 2007-10-29 23:43:32 1293824 --a------ C:\WINDOWS\system32\quartz.dll <Not Verified; Microsoft Corporation; DirectShow> 2007-10-25 09:28:30 222720 --a------ C:\WINDOWS\system32\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/03/2004 15:57] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [13/05/2004 09:28] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [13/05/2004 09:28] "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [13/05/2004 09:28] "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [19/08/2003 00:01] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [15/07/2003 20:09] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/07/2003 20:08] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [10/06/2003 17:49] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [22/05/2003 18:56] "FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [04/11/2004 11:03] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [30/07/2004 07:33] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [18/03/2004 08:18] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38] "Logitech Utility"="Logi_MwX.Exe" [11/12/2003 18:50 C:\WINDOWS\LOGI_MWX.EXE] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] "SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" [] "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 09:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/06/2007 21:54] "BackupNotify"="C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [] "RecordNow!"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) "DisableRegistryTools"=0 (0x0) "Logoff"=0 (0x0) "StartMenuLogOff"=0 (0x0) "NoClose"=0 (0x0) "NoRun"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) "Logoff"=0 (0x0) "StartMenuLogOff"=0 (0x0) "NoClose"=0 (0x0) "NoRun"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=0 (0x0) "NoRun"=0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "svcWRSSSDK"=2 (0x2) "FSMA"=2 (0x2) "FSDFWD"=3 (0x3) "fsbwsys"=2 (0x2) "F-Secure Gatekeeper Handler Starter"=2 (0x2) "BackWeb Plug-in - 8520111"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "RegistryCleanFixMFC"=C:\Program Files\RegistryCleanerSolution\RegistryCleanerSolution.exe "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe "Logitech Utility"=Logi_MwX.Exe "nwiz"=nwiz.exe /installquiet "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "VirusGarde"=C:\Program Files\VirusGarde\pgs.exe "UADC_2503570351"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c "UADC_1907356172"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c "TiscaliParam"=C:\Program Files\Tiscali\Dialer\bootparam.exe "Salestart"="C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com "News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" "itunesff"=C:\WINDOWS\system32\itunesff.exe -go -c48 -w21 "F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW "F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot "F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash "DXDllRegExe"=C:\WINDOWS\system32\dxdllreg.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] AutoRun\command- C:\ open\Command- 322F9439.exe -- End of Deckard's System Scanner: finished at 2007-12-24 18:54:23 ------------ File/Folder C:\WINDOWS\system32\winter.exe not found. File move failed. C:\WINDOWS\Yrq68.sys scheduled to be moved on reboot. File move failed. C:\WINDOWS\system32\drivers\Yrq68.sys scheduled to be moved on reboot. C:\WINDOWS\system32\dllgh8jkd1q8.exe moved successfully. C:\WINDOWS\wsystmp_nfh.exe moved successfully. C:\WINDOWS\system32\dllgh8jkd1q2.exe moved successfully. C:\WINDOWS\system32\dllgh8jkd1q1.exe moved successfully. C:\WINDOWS\system32\wowfx.VIR moved successfully. C:\WINDOWS\wsystmp_lie.exe moved successfully. C:\WINDOWS\wsystmp_ndb.exe moved successfully. File/Folder C:\WINDOWS\trayicons.exe not found. C:\Program Files\EliteProtector moved successfully. C:\Documents and Settings\ALICE\Application Data\Ultimate Defender\logs moved successfully. C:\Documents and Settings\ALICE\Application Data\Ultimate Defender moved successfully. File/Folder not found. Created on 12/24/2007 18:42:46

Bonsoir Merci et félicitations pour cette procédure claire et détaillée. Je vais essayer de l'appliquer maintenant mais avant je voudrais signaler ce que j'ai découvert depuis hier soir: - A l'ouverture de windows en mode normal, 2 utilisateurs apparaissent dont l'administrateur principal. jusque là tout est normal. Mais par la suite je n'en trouve aucun dans "compte utilisateur" et même pas la possibilité d'en créer. Idem en mode sans échec. Dans l'Observateur d'événements, il y a l'erreur "sr" dans SOURCE. puis "aucun" dans CATEGORIE et impossible d'avoir les propriétés. dans ces conditions, est-ce que je dois suivre tes conseils ou faut-il réinstaller windows wp ? (la réparation avec le cd de restauration ne donne rien). A+

Bsr Anthony et merci d'avoir répodu si tard un dimanche. Si tu es encore là, voici où j'en suis: Je pense avoir fait tout ce que tu préconisais mais je n'obtiens qu'un rapport d'erreur d'AVG et un bon rapport Maint.text de DSS. Je n'ai toujours pas de démarrage des Services, pas de connexion, etc.. Voici ces rapports, je reviendrai demain pour voir s'il y a des nouvelles manip à effectuer. Merci et bonne soirée. Papsded Deckard's System Scanner v20071014.68 Run by JEAN LOUIS RABASTE on 2007-12-23 20:24:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Unable to create WMI object; Opération réussie. Backed up registry hives. Performed disk cleanup. Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis (run as JEAN LOUIS RABASTE.exe) ---------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:25:05, on 23/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\JEAN LOUIS RABASTE\Bureau\dss.exe C:\DOCUME~1\JEANLO~1\MESDOC~1\DOWNLO~1\JEAN LOUIS RABASTE.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [undefined] C:\WINDOWS\system32\winter.exe O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [undefined] C:\WINDOWS\system32\winter.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing) O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing) -- End of file - 8183 bytes -- HijackThis Fixed Entries (C:\DOCUME~1\JEANLO~1\MESDOC~1\DOWNLO~1\backups\) -- backup-20071223-173411-633 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe backup-20071223-173412-282 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20071223-173412-565 O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing) backup-20071223-173412-864 O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll -- File Associations ----------------------------------------------------------- .js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* .vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2 ADILOADER (General Purpose USB Driver (adildr.sys)) - system32\drivers\adildr.sys (file missing) 3 adiusbaw (USB ADSL WAN Adapter) - system32\drivers\adiusbaw.sys (file missing) 3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB> 3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB> 3 ati2mtag - system32\drivers\ati2mtag.sys (file missing) 3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing) 3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing) 1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing) 2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing) 3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c:\windows\system32\drivers\camcaud.sys <Not Verified; Conexant Systems Inc.; Conexant Audio Driver> 3 CAMCHALA - c:\windows\system32\drivers\camchal.sys <Not Verified; Conexant Systems Inc.; Conexant AmcHal Driver> 3 DCamUSBEMPIA (PCTV USB2 2821 Capture) - c:\windows\system32\drivers\emdevice.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video> 1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons> 3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons> 3 el575nd5 (Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus) - system32\drivers\el575nd5.sys (file missing) 3 emAudio (PCTV USB2 2821 Audio) - c:\windows\system32\drivers\emaudio.sys <Not Verified; eMPIA Technology, Inc.; EM2701 / EM2801 / EM2821 / EM2831 / EM2841> 3 EMCR - c:\windows\system32\drivers\emcr7sk.sys <Not Verified; ENE Technology Inc.; ENE PCI Memory Card Reader Driver> 2 FILESpy - c:\program files\softwin\bitdefender9\filespy.sys (file missing) 3 FiltUSBEMPIA (USB Device Lower Filter) - c:\windows\system32\drivers\emfilter.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video> 3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys <Not Verified; Conexant Systems, Inc.; SoftK56> 3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56> 2 irda (Protocole IrDA) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 1 lusbaudio (Logitech USB Microphone) - system32\drivers\lvsound2.sys (file missing) 3 LVBulk (LVBulk Service) - system32\drivers\lvbulk.sys (file missing) 3 LVVI500A (LVVI500A Service) - system32\drivers\lvvi500a.sys (file missing) 2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface> 3 nm (Pilote du Moniteur réseau) - c:\windows\system32\drivers\nmnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 3 NPF (NetGroup Packet Filter Driver) - system32\drivers\npf.sys (file missing) 3 NSCIRDA (Pilote de périphérique infrarouge NSC) - c:\windows\system32\drivers\nscirda.sys <Not Verified; National Semiconductor Corporation; NSC Fast Infrared Driver.> 3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> 3 Rasirda (Miniport réseau étendu (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2 REGSpy - c:\program files\softwin\bitdefender9\regspy.sys (file missing) 3 RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - system32\drivers\rtlnicxp.sys (file missing) 3 rtl8139 (Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)) - system32\drivers\rtl8139.sys (file missing) 3 ScanUSBEMPIA (USB Still Image Capture Device) - c:\windows\system32\drivers\emscan.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video> 3 sdbus - c:\windows\system32\drivers\sdbus.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 3 SMCIRDA (Pilote de périphérique SMC IrCC Miniport) - c:\windows\system32\drivers\smcirda.sys <Not Verified; SMC; Pilote de miniport infrarouge Fast Infrared> 2 StreamDispatcher - c:\windows\system32\drivers\strmdisp.sys <Not Verified; Conexant Systems, Inc.; Conexant Stream Dispatcher> 3 tifm21 - system32\drivers\tifm21.sys (file missing) 3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56> 3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 0 Yrq68 - c:\windows\system32\drivers\yrq68.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2 Ati HotKey Poller - c:\windows\system32\ati2evxx.exe (file missing) 2 bdss (BitDefender Scan Server) - c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe (file missing) 3 Boonty Games - c:\program files\fichiers communs\boonty shared\service\boonty.exe (file missing) 3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module> 2 Irmon (Moniteur infrarouge) - c:\windows\system32\svchost.exe 2 LIVESRV (BitDefender Desktop Update Service) - c:\program files\fichiers communs\softwin\bitdefender update service\livesrv.exe (file missing) 3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - c:\program files\winpcap\rpcapd.exe (file missing) 3 usnjsvc (Service Messenger Sharing Folders USN Journal Reader) - c:\program files\msn messenger\usnsvc.exe (file missing) 2 UxTuneUp (TuneUp Extension de thème) - c:\windows\system32\svchost.exe 2 VSSERV (BitDefender Virus Shield) - c:\program files\softwin\bitdefender10\vsserv.exe (file missing) 2 XCOMM (BitDefender Communicator) - c:\program files\fichiers communs\softwin\bitdefender communicator\xcommsvr.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Unable to create WMI object. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-19 15:26:55 434 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job -- Files created between 2007-11-23 and 2007-12-23 ----------------------------- 2007-12-23 16:30:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Grisoft 2007-12-23 16:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-21 17:54:08 0 d-------- C:\Documents and Settings\ALICE\Application Data\Wannadoo 2007-12-20 21:57:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-20 16:16:02 0 d-------- C:\Program Files\EliteProtector 2007-12-20 09:11:11 0 d-------- C:\WINDOWS\system32\fr-fr 2007-12-19 18:38:42 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Favoris 2007-12-19 18:38:42 0 d--hs---- C:\Documents and Settings\Administrateur.PC192141439594\Cookies 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Bureau 2007-12-19 18:38:42 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Application Data 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Symantec 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sun 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sonic 2007-12-19 18:38:42 0 d---s---- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Microsoft 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Identities 2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Apple Computer 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage réseau 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage d'impression 2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\SendTo 2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Recent 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Modèles 2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Mes documents 2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Menu Démarrer 2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Local Settings 2007-12-19 18:38:40 786432 --ah----- C:\Documents and Settings\Administrateur.PC192141439594\NTUSER.DAT 2007-12-19 16:24:59 0 d-------- C:\WINDOWS\BDOSCAN8 2007-12-19 15:26:52 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\TuneUp Software 2007-12-19 15:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-12-19 15:26:26 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-12-19 09:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-19 09:24:48 21760 --a------ C:\WINDOWS\Yrq68.sys 2007-12-18 22:57:14 0 d-------- C:\Documents and Settings\ALICE\Application Data\Ultimate Defender 2007-12-18 22:27:34 0 d--h----- C:\WINDOWS\PIF 2007-12-18 16:33:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google 2007-12-18 16:33:04 0 dr------- C:\Documents and Settings\LocalService\Favoris 2007-12-17 18:59:51 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor 2007-12-15 23:05:03 21760 --a------ C:\WINDOWS\system32\drivers\Yrq68.sys 2007-12-15 18:42:31 0 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe 2007-12-15 17:51:01 0 --a------ C:\WINDOWS\wsystmp_nfh.exe 2007-12-15 14:57:52 1162732 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Install.dat 2007-12-15 14:57:49 39798 --a------ C:\WINDOWS\system32\dllgh8jkd1q2.exe 2007-12-15 14:57:48 15734 --a------ C:\WINDOWS\system32\dllgh8jkd1q1.exe 2007-12-15 14:55:43 18944 --a------ C:\WINDOWS\system32\wowfx.VIR 2007-12-15 13:06:29 15882 --a------ C:\WINDOWS\wsystmp_lie.exe 2007-12-15 13:04:19 0 --a------ C:\WINDOWS\wsystmp_ndb.exe 2007-12-11 17:40:58 6815744 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\ntuser.dat -- Find3M Report --------------------------------------------------------------- 2007-12-23 17:08:01 0 d-------- C:\Program Files\wanadoo_toolbar 2007-12-22 12:38:41 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Sonic 2007-12-21 22:24:20 0 d-------- C:\Program Files\Wanadoo 2007-12-20 22:15:52 445254 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-12-20 22:15:52 63812 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-12-20 21:25:48 0 d-------- C:\Program Files\eMule 2007-12-19 21:53:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\OpenOffice.org2 2007-12-19 15:30:58 0 d-------- C:\Program Files\Yahoo! 2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs 2007-12-19 08:56:09 6815 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\update.log 2007-11-10 18:40:03 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Identities 2007-10-29 23:43:32 1293824 --a------ C:\WINDOWS\system32\quartz.dll <Not Verified; Microsoft Corporation; DirectShow> 2007-10-25 09:28:30 222720 --a------ C:\WINDOWS\system32\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/03/2004 15:57] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [13/05/2004 09:28] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [13/05/2004 09:28] "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [13/05/2004 09:28] "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [19/08/2003 00:01] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [15/07/2003 20:09] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/07/2003 20:08] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [10/06/2003 17:49] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [22/05/2003 18:56] "FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [04/11/2004 11:03] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [30/07/2004 07:33] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [18/03/2004 08:18] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38] "Logitech Utility"="Logi_MwX.Exe" [11/12/2003 18:50 C:\WINDOWS\LOGI_MWX.EXE] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 09:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/06/2007 21:54] "Undefined"="C:\WINDOWS\system32\winter.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "StartUp"=C:\WINDOWS\trayicons.exe /optimize speed [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "svcWRSSSDK"=2 (0x2) "FSMA"=2 (0x2) "FSDFWD"=3 (0x3) "fsbwsys"=2 (0x2) "F-Secure Gatekeeper Handler Starter"=2 (0x2) "BackWeb Plug-in - 8520111"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe "Logitech Utility"=Logi_MwX.Exe "nwiz"=nwiz.exe /installquiet "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "Printer"=C:\WINDOWS\system32\printer.exe "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] AutoRun\command- C:\ open\Command- 322F9439.exe -- Hosts ----------------------------------------------------------------------- 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 atdmt.com 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 engine.awaps.net 9 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-12-23 20:26:11 ------------ [23/12/2007 16:30:10] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274 [23/12/2007 16:30:11] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227 [23/12/2007 16:30:42] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265 [23/12/2007 17:27:07] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23 [23/12/2007 17:51:54] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274 [23/12/2007 17:51:55] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227 [23/12/2007 17:52:26] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265 [23/12/2007 18:28:04] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274 [23/12/2007 18:28:05] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227 [23/12/2007 18:28:36] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265 [23/12/2007 18:48:47] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23 [23/12/2007 18:55:26] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23 [23/12/2007 18:55:27] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274 [23/12/2007 18:55:28] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23 [23/12/2007 18:55:59] Error: failed to create socket, Value: 00002742, Position: .\DownloadHttp.cpp, 212 [23/12/2007 20:22:13] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274 [23/12/2007 20:22:13] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227 [23/12/2007 20:22:45] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265 [23/12/2007 20:30:22] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274 [23/12/2007 20:30:22] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227 [23/12/2007 20:30:54] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265

Bonsoir, Est-ce quelqu'un pourrait revoir la méthode préconisée par Anthony#10 SVP ? Celle-ci est peut-être excellente lorsque l'on peut connecter l'ordi malade à Internet et télécharger/installer ce qu'il faut mais ici ce n'est pas le cas. Je répète: je suis obligé de communiquer avec vous sur ce forum puis de télécharger avec un autre ordi ! Je peux donc enregistrer un prog complet sur une clé USB puis installer ce prog sur l'ordi malade puisque je peux choisir la destination. Par contre je ne peux pas le faire pour OTmoveIt ni pour UnHookExe.inf Y a t'il une sulution ? merci

Vie de famille oblige, je ne peux disposer de tout le temps comme je voudrais. Je reprends icmaintenant la procédure: Ne pouvant me connecter à Internet avec l'ordi infecté, je suis donc obligé de télécharger les progs que tu me conseilles sur un autre ordi puis de transférer avec une clé USB. Pour installer ensuite, il n'y a pas de prob.; par contre je ne peux faire la mise à jour de AVG antispyware. Ce dernier est en train d'analyser actuellement. A bientôt et merci

Bonjour, Suite à mon post "encore et toujours windows security alert", et après avoir suivi une partie des conseils de Zonc (pré-nettoyage avec Antivir..), je n'ai pas pu terminer le travail avec ATF Cleaner car je n'ai plus d'accès internet. Je n'ai d'ailleurs plus que 3 services démarrés (affichage Nvidia, journal d'événts et pulg-and-play). je communique donc avec un autre ordi. Que me conseillez-vous de faire maintenant SVP ? Voici le rapport Antivir et le dernier Hijackthis: AntiVir PersonalEdition Classic Report file date: vendredi 21 décembre 2007 10:15 Scanning for 983178 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: JEAN LOUIS RABASTE Computer name: PC192141439594 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:16:43 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:16:43 ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 21:16:43 ANTIVIR3.VDF : 7.0.1.132 145920 Bytes 20/12/2007 21:16:43 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 21:16:43 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 21:16:44 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: vendredi 21 décembre 2007 10:15 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '40' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-253803cf-1db1714f.0lass [DETECTION] Contains detection pattern of the Java virus JAVA/OpenStream.y [iNFO] The file was moved to '47d18539.qua'! C:\Documents and Settings\JEAN LOUIS RABASTE\Local Settings\Temporary Internet Files\Content.IE5\C15UVDXP\NEW[1].0tm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '47c2889d.qua'! C:\Documents and Settings\JEAN LOUIS RABASTE\Local Settings\Temporary Internet Files\Content.IE5\C15UVDXP\NEW[1].1tm [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '47c288a4.qua'! C:\ebceb877fb6bd4f59a6c85f0\ebceb877fb6bd4f59a6c85f0.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce8c7a.qua'! C:\hp\drivers\drivers.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d48c8e.qua'! C:\hp\drivers\printers\deskjet\deskjet.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de8c86.qua'! C:\hp\drivers\printers\deskjet\common\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88ca3.qua'! C:\hp\drivers\printers\deskjet\enu\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98cba.qua'! C:\hp\drivers\printers\deskjet\fra\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ce6.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\Help\Help.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d78ce6.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\Help\fra\fra.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8cf8.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 3500 series\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8cec.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 3600 series\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8cf2.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 5100 series\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8d08.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 5600 series\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8d10.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\3500\fra\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8d17.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\3600\fra\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8d1e.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\5100\fra\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8d27.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\5600\fra\data\data.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8d2b.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\bin.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d33.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\chrome\chrome.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd8d35.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\components\components.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d3d.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\defaults\pref\pref.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d08d42.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\res\res.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de8d36.qua'! C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\res\builtin\builtin.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d48d46.qua'! C:\hp\drivers\printers\deskjet\System32\Redist\MS\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de8d4b.qua'! C:\hp\drivers\printers\deskjet\util\util.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d48d47.qua'! C:\hp\drivers\printers\deskjet\util\common\common.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d42.qua'! C:\hp\EXPLOREBAR\EXPLOREBAR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bb8d2c.qua'! C:\hp\tmp\src\psptr\psptr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db8d4b.qua'! C:\hp\tmp\src\psptr\com_lang\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d49.qua'! C:\hp\tmp\src\psptr\deu\deu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e08d46.qua'! C:\hp\tmp\src\psptr\deu\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d50.qua'! C:\hp\tmp\src\psptr\deu\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d4f.qua'! C:\hp\tmp\src\psptr\deu\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d52.qua'! C:\hp\tmp\src\psptr\deu\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d55.qua'! C:\hp\tmp\src\psptr\deu\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d56.qua'! C:\hp\tmp\src\psptr\drivers\dot4\win2000\win2000.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d57.qua'! C:\hp\tmp\src\psptr\drivers\dot4\win98\win98.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d58.qua'! C:\hp\tmp\src\psptr\drivers\dot4\winxp\winxp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46580ad9.qua'! C:\hp\tmp\src\psptr\DRVUI\DRVUI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c18d43.qua'! C:\hp\tmp\src\psptr\enu\enu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e08d5f.qua'! C:\hp\tmp\src\psptr\enu\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d61.qua'! C:\hp\tmp\src\psptr\enu\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d60.qua'! C:\hp\tmp\src\psptr\enu\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d63.qua'! C:\hp\tmp\src\psptr\enu\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d66.qua'! C:\hp\tmp\src\psptr\enu\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d67.qua'! C:\hp\tmp\src\psptr\esm\esm.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d71.qua'! C:\hp\tmp\src\psptr\esm\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d6e.qua'! C:\hp\tmp\src\psptr\esm\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d6d.qua'! C:\hp\tmp\src\psptr\esm\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d70.qua'! C:\hp\tmp\src\psptr\esm\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d73.qua'! C:\hp\tmp\src\psptr\esm\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d74.qua'! C:\hp\tmp\src\psptr\fra\fra.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d7d.qua'! C:\hp\tmp\src\psptr\fra\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d7b.qua'! C:\hp\tmp\src\psptr\fra\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d7a.qua'! C:\hp\tmp\src\psptr\fra\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d7d.qua'! C:\hp\tmp\src\psptr\fra\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d80.qua'! C:\hp\tmp\src\psptr\fra\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d81.qua'! C:\hp\tmp\src\psptr\grk\grk.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d68d8a.qua'! C:\hp\tmp\src\psptr\grk\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d88.qua'! C:\hp\tmp\src\psptr\grk\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d87.qua'! C:\hp\tmp\src\psptr\grk\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d8a.qua'! C:\hp\tmp\src\psptr\grk\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d8d.qua'! C:\hp\tmp\src\psptr\grk\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d8e.qua'! C:\hp\tmp\src\psptr\ita\ita.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d99.qua'! C:\hp\tmp\src\psptr\ita\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d95.qua'! C:\hp\tmp\src\psptr\ita\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8d94.qua'! C:\hp\tmp\src\psptr\ita\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88d97.qua'! C:\hp\tmp\src\psptr\ita\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d99.qua'! C:\hp\tmp\src\psptr\ita\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98d9a.qua'! C:\hp\tmp\src\psptr\nld\nld.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf8d9e.qua'! C:\hp\tmp\src\psptr\nld\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98da2.qua'! C:\hp\tmp\src\psptr\nld\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8da0.qua'! C:\hp\tmp\src\psptr\nld\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88da3.qua'! C:\hp\tmp\src\psptr\nld\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98da6.qua'! C:\hp\tmp\src\psptr\nld\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98da7.qua'! C:\hp\tmp\src\psptr\Patch\Uninst\Uninst.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d48dac.qua'! C:\hp\tmp\src\psptr\Patch\Uninst\deu\deu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e08da4.qua'! C:\hp\tmp\src\psptr\Patch\Uninst\enu\enu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e08dad.qua'! C:\hp\tmp\src\psptr\Patch\Uninst\esm\esm.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88db3.qua'! C:\hp\tmp\src\psptr\Patch\Uninst\fra\fra.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8db2.qua'! C:\hp\tmp\src\psptr\Patch\Uninst\ita\ita.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8db5.qua'! C:\hp\tmp\src\psptr\Patch\Uninst\jpn\jpn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98db2.qua'! C:\hp\tmp\src\psptr\PExpress\PExpress.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e38d8b.qua'! C:\hp\tmp\src\psptr\PS140\PS140.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479c8db7.qua'! C:\hp\tmp\src\psptr\PS240\PS240.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d8de0.qua'! C:\hp\tmp\src\psptr\PS7200\PS7200.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a28e02.qua'! C:\hp\tmp\src\psptr\PS7600\PS7600.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a28e21.qua'! C:\hp\tmp\src\psptr\PS7700\PS7700.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a28e44.qua'! C:\hp\tmp\src\psptr\PS7900\PS7900.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a28e6c.qua'! C:\hp\tmp\src\psptr\PSShortcutsP\PSShortcutsP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47be8e6d.qua'! C:\hp\tmp\src\psptr\PSShortP\PSShortP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47be8e8c.qua'! C:\hp\tmp\src\psptr\ptb\ptb.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd8eae.qua'! C:\hp\tmp\src\psptr\ptb\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ea9.qua'! C:\hp\tmp\src\psptr\ptb\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8ea8.qua'! C:\hp\tmp\src\psptr\ptb\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88eab.qua'! C:\hp\tmp\src\psptr\ptb\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98eae.qua'! C:\hp\tmp\src\psptr\ptb\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98eaf.qua'! C:\hp\tmp\src\psptr\rus\rus.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de8ebc.qua'! C:\hp\tmp\src\psptr\rus\congrats\congrats.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98eb6.qua'! C:\hp\tmp\src\psptr\rus\congrats\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8eb5.qua'! C:\hp\tmp\src\psptr\rus\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88eb8.qua'! C:\hp\tmp\src\psptr\rus\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ebb.qua'! C:\hp\tmp\src\psptr\rus\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4658093c.qua'! C:\hp\tmp\src\psptr\setup\setup.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8eba.qua'! C:\hp\tmp\src\psptr\setup\wis\Win2K_XP\Win2K_XP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ebf.qua'! C:\hp\tmp\src\psptr\setup\wis\Win9x\Win9x.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ec0.qua'! C:\hp\tmp\src\psptr\UI\UI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47998ea1.qua'! C:\hp\tmp\src\psptr\util\ccc\ccc.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce8ebc.qua'! C:\hp\tmp\src\psptr\util\ccc\chs\chs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de8ec2.qua'! C:\hp\tmp\src\psptr\util\ccc\cht\cht.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df8ec3.qua'! C:\hp\tmp\src\psptr\util\ccc\csy\csy.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e48ecf.qua'! C:\hp\tmp\src\psptr\util\ccc\dan\dan.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ebd.qua'! C:\hp\tmp\src\psptr\util\ccc\deu\deu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e08ec2.qua'! C:\hp\tmp\src\psptr\util\ccc\Diagnostics\Diagnostics.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8ec7.qua'! C:\hp\tmp\src\psptr\util\ccc\ell\ell.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d78ecb.qua'! C:\hp\tmp\src\psptr\util\ccc\enu\enu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e08ecd.qua'! C:\hp\tmp\src\psptr\util\ccc\esn\esn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ed3.qua'! C:\hp\tmp\src\psptr\util\ccc\fin\fin.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98eca.qua'! C:\hp\tmp\src\psptr\util\ccc\fra\fra.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8ed4.qua'! C:\hp\tmp\src\psptr\util\ccc\hun\hun.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ed7.qua'! C:\hp\tmp\src\psptr\util\ccc\ita\ita.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc8ed7.qua'! C:\hp\tmp\src\psptr\util\ccc\jpn\jpn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d98ed4.qua'! C:\hp\tmp\src\psptr\util\ccc\kor\kor.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd8ed4.qua'! C:\hp\tmp\src\psptr\util\ccc\nld\nld.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf8ed1.qua'! C:\hp\tmp\src\psptr\util\ccc\nob\nob.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd8ed5.qua'! C:\hp\tmp\src\psptr\util\ccc\plk\plk.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d68ed3.qua'! C:\hp\tmp\src\psptr\util\ccc\ptb\ptb.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd8edb.qua'! C:\hp\tmp\src\psptr\util\ccc\rus\rus.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de8ede.qua'! C:\hp\tmp\src\psptr\util\ccc\sve\sve.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d08edf.qua'! C:\hp\tmp\src\psptr\util\ccc\trk\trk.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d68edc.qua'! C:\hp\tmp\src\psptr\util\common\common.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d88ed9.qua'! C:\hp\tmp\src\psptr\util\hid\hid.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf8ed4.qua'! C:\hp\tmp\src\psptr\WebU\WebU.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd8ed2.qua'! C:\I386\I386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a38f5e.qua'! C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b4910d.qua'! C:\I386\ASMS\52\MSFT\WINDOWS\NET\RTCDLL\RTCDLL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ae9120.qua'! C:\I386\ASMS\52\MSFT\WINDOWS\NET\RTCRES\RTCRES.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '462f16a1.qua'! C:\I386\ASMS\6000\MSFT\VCRTL\VCRTL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bd9111.qua'! C:\I386\ASMS\6000\MSFT\VCRTLINT\VCRTLINT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bd9112.qua'! C:\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b9911e.qua'! C:\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSWINCRT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c29123.qua'! C:\I386\COMPDATA\COMPDATA.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b89121.qua'! C:\I386\DRW\DRW.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c29127.qua'! C:\I386\DRW\1033\1033.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479e9105.qua'! C:\I386\DRW\1036\1036.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479e9106.qua'! C:\I386\LANG\LANG.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b991c6.qua'! C:\I386\SYSTEM32\SYSTEM32.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47be923c.qua'! C:\SWSetup\Adobe\Adobe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47da976e.qua'! C:\SWSetup\Adobe\CH\CH.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999753.qua'! C:\SWSetup\Adobe\DK\DK.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999778.qua'! C:\SWSetup\Adobe\FI\FI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999784.qua'! C:\SWSetup\Adobe\FR\FR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799979c.qua'! C:\SWSetup\Adobe\GR\GR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479997ac.qua'! C:\SWSetup\Adobe\IT\IT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479997bf.qua'! C:\SWSetup\Adobe\JP\JP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479997cb.qua'! C:\SWSetup\Adobe\KR\KR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479997dd.qua'! C:\SWSetup\Adobe\NL\NL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479997e6.qua'! C:\SWSetup\Adobe\NO\NO.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479997f8.qua'! C:\SWSetup\Adobe\PT\PT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799980a.qua'! C:\SWSetup\Adobe\SE\SE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799980b.qua'! C:\SWSetup\Adobe\SP\SP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999825.qua'! C:\SWSetup\Adobe\TW\TW.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799983e.qua'! C:\SWSetup\Adobe\US\US.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999847.qua'! C:\SWSetup\Audio\Audio.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9869.qua'! C:\SWSetup\BrandIt\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de985f.qua'! C:\SWSetup\BrandIt\Disk1\Bitmap\Bitmap.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df985f.qua'! C:\SWSetup\BrandIt\Disk1\My PC Essentials\My PC Essentials.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '478b9871.qua'! C:\SWSetup\BrandIt\Disk1\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e49863.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\DA\DA.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799983a.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\DE\DE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799983f.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\EN\EN.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999848.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\ES\ES.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799984e.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\FI\FI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999844.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\FR\FR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e6e43f.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\IT\IT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999850.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\NL\NL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999849.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\PT\PT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999851.qua'! C:\SWSetup\BrandIt\Disk1\Warranty\SV\SV.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999854.qua'! C:\SWSetup\CHIPSET\CHIPSET.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b49847.qua'! C:\SWSetup\Default\Default.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d19877.qua'! C:\SWSetup\Default\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de987b.qua'! C:\SWSetup\DotNet1\DotNet1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df98a2.qua'! C:\SWSetup\DotNetLg\BR\BR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999886.qua'! C:\SWSetup\DotNetLg\CH\CH.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799987c.qua'! C:\SWSetup\DotNetLg\CS\CS.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999888.qua'! C:\SWSetup\DotNetLg\DK\DK.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999881.qua'! C:\SWSetup\DotNetLg\FI\FI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999880.qua'! C:\SWSetup\DotNetLg\FR\FR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799988a.qua'! C:\SWSetup\DotNetLg\GK\GK.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999884.qua'! C:\SWSetup\DotNetLg\GR\GR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799988c.qua'! C:\SWSetup\DotNetLg\HU\HU.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999890.qua'! C:\SWSetup\DotNetLg\IT\IT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9f1.qua'! C:\SWSetup\DotNetLg\JP\JP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799988d.qua'! C:\SWSetup\DotNetLg\KR\KR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999892.qua'! C:\SWSetup\DotNetLg\NL\NL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799988b.qua'! C:\SWSetup\DotNetLg\NO\NO.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799988f.qua'! C:\SWSetup\DotNetLg\PL\PL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9ee.qua'! C:\SWSetup\DotNetLg\PT\PT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999895.qua'! C:\SWSetup\DotNetLg\RU\RU.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999897.qua'! C:\SWSetup\DotNetLg\SE\SE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9e9.qua'! C:\SWSetup\DotNetLg\SP\SP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999894.qua'! C:\SWSetup\DotNetLg\TR\TR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9f8.qua'! C:\SWSetup\DotNetLg\TW\TW.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799989d.qua'! C:\SWSetup\DotNetLg\TZ\TZ.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998a1.qua'! C:\SWSetup\DVD\DVD.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47af989e.qua'! C:\SWSetup\DVD\3rdPartyApp\3rdPartyApp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf98bb.qua'! C:\SWSetup\hpImgEnh\hpImgEnh.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b498ba.qua'! C:\SWSetup\hpOSEnh\hpOSEnh.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ba98ba.qua'! C:\SWSetup\HPPIP\HPPIP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bb989b.qua'! C:\SWSetup\HPPIP\src\BUR_fixes\BUR_fixes.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bd98a0.qua'! C:\SWSetup\HPPIP\src\HPIZFIX3\HPIZFIX3.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b4989c.qua'! C:\SWSetup\HPPIP\src\Issue34830_MDIMAPI\Issue34830_MDIMAPI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de98c0.qua'! C:\SWSetup\HPPIP\src\Issue35445_ByKeywordPlace\Issue35445_ByKeywordPlace.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de98c1.qua'! C:\SWSetup\HPPIP\src\SP2Fix_BHOUpdate\SP2Fix_BHOUpdate.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d989e.qua'! C:\SWSetup\HPPIP\src\SP2Fix_BHOUpdate\CPCUpdate\CPCUpdate.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ae989f.qua'! C:\SWSetup\HPPIP\src\SP2Fix_Toolkit\SP2Fix_Toolkit.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d989f.qua'! C:\SWSetup\IRFIX\IRFIX.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b198a3.qua'! C:\SWSetup\ITUNE\CH\CH.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799989a.qua'! C:\SWSetup\ITUNE\DK\DK.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9fe.qua'! C:\SWSetup\ITUNE\FI\FI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799989c.qua'! C:\SWSetup\ITUNE\FR\FR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998a5.qua'! C:\SWSetup\ITUNE\GR\GR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998a6.qua'! C:\SWSetup\ITUNE\IT\IT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998a8.qua'! C:\SWSetup\ITUNE\JP\JP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9c6.qua'! C:\SWSetup\ITUNE\KR\KR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998a7.qua'! C:\SWSetup\ITUNE\NL\NL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998a2.qua'! C:\SWSetup\ITUNE\NO\NO.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9c8.qua'! C:\SWSetup\ITUNE\SE\SE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9fd.qua'! C:\SWSetup\ITUNE\SP\SP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e9c9.qua'! C:\SWSetup\ITUNE\TW\TW.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998af.qua'! C:\SWSetup\ITUNE\US\US.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998ab.qua'! C:\SWSetup\Misc1\Misc1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de98c2.qua'! C:\SWSetup\MODEM\MODEM.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47af98ab.qua'! C:\SWSetup\Network\Network.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df98c3.qua'! C:\SWSetup\Network\WIN2000\WIN2000.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b998a8.qua'! C:\SWSetup\Network\WIN98\WIN98.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46c4e9c9.qua'! C:\SWSetup\Network\WIN98SE\WIN98SE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b998aa.qua'! C:\SWSetup\Network\WINME\WINME.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b998a9.qua'! C:\SWSetup\Network\WINXP\WINXP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46c4e9ca.qua'! C:\SWSetup\QLB\QLB.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ad98ad.qua'! C:\SWSetup\QLB\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de98ca.qua'! C:\SWSetup\RECNO\RECNO.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ae98dc.qua'! C:\SWSetup\RECNO\UM\UM.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479998e7.qua'! C:\SWSetup\SEDSP2\BR\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9906.qua'! C:\SWSetup\SEDSP2\CH\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9907.qua'! C:\SWSetup\SEDSP2\CS\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9908.qua'! C:\SWSetup\SEDSP2\DK\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9909.qua'! C:\SWSetup\SEDSP2\FI\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de990a.qua'! C:\SWSetup\SEDSP2\FR\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de990b.qua'! C:\SWSetup\SEDSP2\GK\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de990c.qua'! C:\SWSetup\SEDSP2\GR\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de990d.qua'! C:\SWSetup\SEDSP2\HU\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de990e.qua'! C:\SWSetup\SEDSP2\IT\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9910.qua'! C:\SWSetup\SEDSP2\JP\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9912.qua'! C:\SWSetup\SEDSP2\KR\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9913.qua'! C:\SWSetup\SEDSP2\NL\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9914.qua'! C:\SWSetup\SEDSP2\NO\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9915.qua'! C:\SWSetup\SEDSP2\PL\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9917.qua'! C:\SWSetup\SEDSP2\PT\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9918.qua'! C:\SWSetup\SEDSP2\RU\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9919.qua'! C:\SWSetup\SEDSP2\SE\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de991b.qua'! C:\SWSetup\SEDSP2\SEDInstaller\SEDInstaller.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47af98f8.qua'! C:\SWSetup\SEDSP2\SP\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de991d.qua'! C:\SWSetup\SEDSP2\TR\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de991f.qua'! C:\SWSetup\SEDSP2\TW\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9920.qua'! C:\SWSetup\SEDSP2\US\Disk1\Disk1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9922.qua'! C:\SWSetup\SWEQ\SWEQ.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b09911.qua'! C:\SWSetup\SYMWMI\FR\FR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799990d.qua'! C:\SWSetup\TOUCHPAD\TOUCHPAD.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c0990d.qua'! C:\SWSetup\TOUCHPAD\BP\BP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799990f.qua'! C:\SWSetup\TOUCHPAD\DK\DK.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799990b.qua'! C:\SWSetup\TOUCHPAD\FI\FI.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799990a.qua'! C:\SWSetup\TOUCHPAD\FR\FR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999914.qua'! C:\SWSetup\TOUCHPAD\GR\GR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e875.qua'! C:\SWSetup\TOUCHPAD\IT\IT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999918.qua'! C:\SWSetup\TOUCHPAD\JP\JP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999915.qua'! C:\SWSetup\TOUCHPAD\KR\KR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e879.qua'! C:\SWSetup\TOUCHPAD\LS\LS.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4799991a.qua'! C:\SWSetup\TOUCHPAD\NL\NL.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999916.qua'! C:\SWSetup\TOUCHPAD\NO\NO.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e87b.qua'! C:\SWSetup\TOUCHPAD\SC\SC.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e86e.qua'! C:\SWSetup\TOUCHPAD\SE\SE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e870.qua'! C:\SWSetup\TOUCHPAD\TC\TC.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999911.qua'! C:\SWSetup\TOUCHPAD\TH\TH.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e4e876.qua'! C:\SWSetup\TOUCHPAD\US\US.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999921.qua'! C:\SWSetup\Video\Video.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf993f.qua'! C:\SWSetup\WLAN\WLAN.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ac9925.qua'! C:\temp\HP_WebRelease\HP_WebRelease.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ca992e.qua'! C:\temp\HP_WebRelease\chs\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8994f.qua'! C:\temp\HP_WebRelease\chs\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99951.qua'! C:\temp\HP_WebRelease\cht\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89958.qua'! C:\temp\HP_WebRelease\cht\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99957.qua'! C:\temp\HP_WebRelease\common\drivers\com_os\com_os.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8995d.qua'! C:\temp\HP_WebRelease\common\drivers\win2k_xp\win2k_xp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d9996f.qua'! C:\temp\HP_WebRelease\common\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99971.qua'! C:\temp\HP_WebRelease\csy\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89977.qua'! C:\temp\HP_WebRelease\csy\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99977.qua'! C:\temp\HP_WebRelease\dan\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8997d.qua'! C:\temp\HP_WebRelease\dan\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d9997d.qua'! C:\temp\HP_WebRelease\deu\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89983.qua'! C:\temp\HP_WebRelease\deu\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99982.qua'! C:\temp\HP_WebRelease\Drivers\dot4\win2000\win2000.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99983.qua'! C:\temp\HP_WebRelease\Drivers\dot4\win98\win98.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99984.qua'! C:\temp\HP_WebRelease\Drivers\dot4\winxp\winxp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46a6e5f5.qua'! C:\temp\HP_WebRelease\Drivers\dot4\wrapper\wrapper.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc998e.qua'! C:\temp\HP_WebRelease\Drivers\Scanner\Scanner.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9981.qua'! C:\temp\HP_WebRelease\enu\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8998d.qua'! C:\temp\HP_WebRelease\enu\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99990.qua'! C:\temp\HP_WebRelease\esm\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89996.qua'! C:\temp\HP_WebRelease\esm\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99995.qua'! C:\temp\HP_WebRelease\fin\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8999c.qua'! C:\temp\HP_WebRelease\fin\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d9999b.qua'! C:\temp\HP_WebRelease\fra\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899a1.qua'! C:\temp\HP_WebRelease\fra\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999a1.qua'! C:\temp\HP_WebRelease\grk\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899a7.qua'! C:\temp\HP_WebRelease\grk\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999a6.qua'! C:\temp\HP_WebRelease\hun\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899ad.qua'! C:\temp\HP_WebRelease\hun\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999ac.qua'! C:\temp\HP_WebRelease\ita\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899b3.qua'! C:\temp\HP_WebRelease\ita\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999b2.qua'! C:\temp\HP_WebRelease\jpn\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899b8.qua'! C:\temp\HP_WebRelease\jpn\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999bb.qua'! C:\temp\HP_WebRelease\kor\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899c1.qua'! C:\temp\HP_WebRelease\kor\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999c0.qua'! C:\temp\HP_WebRelease\nld\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899ca.qua'! C:\temp\HP_WebRelease\nld\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999c9.qua'! C:\temp\HP_WebRelease\non\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899d0.qua'! C:\temp\HP_WebRelease\non\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999cf.qua'! C:\temp\HP_WebRelease\plk\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899d5.qua'! C:\temp\HP_WebRelease\plk\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999d4.qua'! C:\temp\HP_WebRelease\ptb\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899db.qua'! C:\temp\HP_WebRelease\ptb\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999da.qua'! C:\temp\HP_WebRelease\rus\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d899e0.qua'! C:\temp\HP_WebRelease\rus\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d999e0.qua'! C:\temp\HP_WebRelease\Setup\Setup.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df99f6.qua'! C:\temp\HP_WebRelease\Setup\AiOHelp\AiOHelp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ba9ab5.qua'! C:\temp\HP_WebRelease\Setup\AiOSoftware\AiOSoftware.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ba9ab9.qua'! C:\temp\HP_WebRelease\Setup\AiO_Scan\AiO_Scan.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ba9aba.qua'! C:\temp\HP_WebRelease\Setup\BufferChm\BufferChm.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d19aed.qua'! C:\temp\HP_WebRelease\Setup\CCC\CCC.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ae9abc.qua'! C:\temp\HP_WebRelease\Setup\chs\chs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9ae1.qua'! C:\temp\HP_WebRelease\Setup\cht\cht.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9ae2.qua'! C:\temp\HP_WebRelease\Setup\copy\copy.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db9b06.qua'! C:\temp\HP_WebRelease\Setup\CP_AtenaShokunin1Config\CP_AtenaShokunin1Config.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ca9ae8.qua'! C:\temp\HP_WebRelease\Setup\cp_dwshrek2albums1\cp_dwshrek2albums1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ca9b0d.qua'! C:\temp\HP_WebRelease\Setup\cp_dwshrek2cards1\cp_dwshrek2cards1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ca9b0f.qua'! C:\temp\HP_WebRelease\Setup\creativeprojects\creativeprojects.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09b26.qua'! C:\temp\HP_WebRelease\Setup\CreativeProjectsTemplates\CreativeProjectsTemplates.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09b29.qua'! C:\temp\HP_WebRelease\Setup\csy\csy.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e49b2a.qua'! C:\temp\HP_WebRelease\Setup\CueTour\CueTour.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09b32.qua'! C:\temp\HP_WebRelease\Setup\dan\dan.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99b1e.qua'! C:\temp\HP_WebRelease\Setup\Destinations\Destinations.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9b2f.qua'! C:\temp\HP_WebRelease\Setup\deu\deu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09b2f.qua'! C:\temp\HP_WebRelease\Setup\director\director.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9b4d.qua'! C:\temp\HP_WebRelease\Setup\DocProc\DocProc.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce9b6f.qua'! C:\temp\HP_WebRelease\Setup\DocumentViewer\DocumentViewer.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce9b93.qua'! C:\temp\HP_WebRelease\Setup\ell\ell.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d79b90.qua'! C:\temp\HP_WebRelease\Setup\enu\enu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09b93.qua'! C:\temp\HP_WebRelease\Setup\esn\esn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99b98.qua'! C:\temp\HP_WebRelease\Setup\fax\fax.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e39b98.qua'! C:\temp\HP_WebRelease\Setup\fin\fin.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99ba0.qua'! C:\temp\HP_WebRelease\Setup\fra\fra.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9baa.qua'! C:\temp\HP_WebRelease\Setup\HPSoftwareUpdate\HPSoftwareUpdate.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47be9b8b.qua'! C:\temp\HP_WebRelease\Setup\hun\hun.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99bb1.qua'! C:\temp\HP_WebRelease\Setup\ImageZoneExpress\ImageZoneExpress.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9bad.qua'! C:\temp\HP_WebRelease\Setup\InstantShare\InstantShare.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9bcc.qua'! C:\temp\HP_WebRelease\Setup\ita\ita.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9bd3.qua'! C:\temp\HP_WebRelease\Setup\jpn\jpn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99bcf.qua'! C:\temp\HP_WebRelease\Setup\kor\kor.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9bcf.qua'! C:\temp\HP_WebRelease\Setup\LangPacks\esn\esn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99bd3.qua'! C:\temp\HP_WebRelease\Setup\LangPacks\fra\fra.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9bd5.qua'! C:\temp\HP_WebRelease\Setup\LangPacks\ptb\ptb.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9bdc.qua'! C:\temp\HP_WebRelease\Setup\marketresearch\marketresearch.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9bca.qua'! C:\temp\HP_WebRelease\Setup\nld\nld.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9bd6.qua'! C:\temp\HP_WebRelease\Setup\nor\nor.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9bd9.qua'! C:\temp\HP_WebRelease\Setup\panostandalone\panostandalone.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99bd1.qua'! C:\temp\HP_WebRelease\Setup\photogallery\photogallery.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47da9c2d.qua'! C:\temp\HP_WebRelease\Setup\plk\plk.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d69c32.qua'! C:\temp\HP_WebRelease\Setup\product\product.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47da9c3a.qua'! C:\temp\HP_WebRelease\Setup\ProductContext\ProductContext.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47da9c3e.qua'! C:\temp\HP_WebRelease\Setup\ptb\ptb.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9c41.qua'! C:\temp\HP_WebRelease\Setup\QFolder\QFolder.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47da9c13.qua'! C:\temp\HP_WebRelease\Setup\Readme\Readme.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9c32.qua'! C:\temp\HP_WebRelease\Setup\Readme\readme\1033\1033.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479e9bfe.qua'! C:\temp\HP_WebRelease\Setup\Readme\readme\1034\1034.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '461efdd7.qua'! C:\temp\HP_WebRelease\Setup\Readme\readme\1036\1036.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479e9bff.qua'! C:\temp\HP_WebRelease\Setup\Readme\readme\1046\1046.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479f9bff.qua'! C:\temp\HP_WebRelease\Setup\RedBox\RedBox.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9c3a.qua'! C:\temp\HP_WebRelease\Setup\releases\Enterprise\setup\setup.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9c3b.qua'! C:\temp\HP_WebRelease\Setup\rus\rus.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9c4c.qua'! C:\temp\HP_WebRelease\Setup\Scan\Scan.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9c5c.qua'! C:\temp\HP_WebRelease\Setup\ScannerCopy\ScannerCopy.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9c77.qua'! C:\temp\HP_WebRelease\Setup\Sherlock\Sherlock.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09c7d.qua'! C:\temp\HP_WebRelease\Setup\SkinsHP1\SkinsHP1.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d49c80.qua'! C:\temp\HP_WebRelease\Setup\sve\sve.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09c8c.qua'! C:\temp\HP_WebRelease\Setup\Tour\Tour.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09c8b.qua'! C:\temp\HP_WebRelease\Setup\trayapp\trayapp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9c8f.qua'! C:\temp\HP_WebRelease\Setup\trk\trk.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d69c90.qua'! C:\temp\HP_WebRelease\Setup\UnloadIntent\UnloadIntent.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d79ca9.qua'! C:\temp\HP_WebRelease\Setup\webreg\webreg.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9ca0.qua'! C:\temp\HP_WebRelease\Setup\wis\Win2K_XP\Win2K_XP.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99ca5.qua'! C:\temp\HP_WebRelease\Setup\wis\Win9x\Win9x.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99ca6.qua'! C:\temp\HP_WebRelease\svc\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89cad.qua'! C:\temp\HP_WebRelease\svc\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cab.qua'! C:\temp\HP_WebRelease\sve\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89cb1.qua'! C:\temp\HP_WebRelease\trk\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89cb2.qua'! C:\temp\HP_WebRelease\tur\drivers\com_lang\com_lang.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89cb3.qua'! C:\temp\HP_WebRelease\tur\drivers\win9x_me\win9x_me.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cb1.qua'! C:\temp\HP_WebRelease\util\util.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d49cbc.qua'! C:\temp\HP_WebRelease\util\AIO\AIO.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ba9c92.qua'! C:\temp\HP_WebRelease\util\CCC\CCC.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ae9c8d.qua'! C:\temp\HP_WebRelease\util\CCC\chs\chs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9cb3.qua'! C:\temp\HP_WebRelease\util\CCC\cht\cht.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9cb3.qua'! C:\temp\HP_WebRelease\util\CCC\csy\csy.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e49cbe.qua'! C:\temp\HP_WebRelease\util\CCC\dan\dan.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cad.qua'! C:\temp\HP_WebRelease\util\CCC\deu\deu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09cb2.qua'! C:\temp\HP_WebRelease\util\CCC\ell\ell.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d79cb9.qua'! C:\temp\HP_WebRelease\util\CCC\enu\enu.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09cbc.qua'! C:\temp\HP_WebRelease\util\CCC\esm\esm.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89cc1.qua'! C:\temp\HP_WebRelease\util\CCC\esn\esn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cc2.qua'! C:\temp\HP_WebRelease\util\CCC\fin\fin.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cb8.qua'! C:\temp\HP_WebRelease\util\CCC\fra\fra.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9cc2.qua'! C:\temp\HP_WebRelease\util\CCC\hun\hun.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cc5.qua'! C:\temp\HP_WebRelease\util\CCC\ita\ita.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9cc5.qua'! C:\temp\HP_WebRelease\util\CCC\jpn\jpn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cc1.qua'! C:\temp\HP_WebRelease\util\CCC\kor\kor.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9cc1.qua'! C:\temp\HP_WebRelease\util\CCC\nld\nld.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9cbe.qua'! C:\temp\HP_WebRelease\util\CCC\nob\nob.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9cc1.qua'! C:\temp\HP_WebRelease\util\CCC\plk\plk.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d69cbf.qua'! C:\temp\HP_WebRelease\util\CCC\ptb\ptb.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9cc7.qua'! C:\temp\HP_WebRelease\util\CCC\rus\rus.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9cc9.qua'! C:\temp\HP_WebRelease\util\CCC\sve\sve.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09cca.qua'! C:\temp\HP_WebRelease\util\CCC\trk\trk.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d69cc7.qua'! C:\temp\HP_WebRelease\util\common\common.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89cc4.qua'! C:\temp\HP_WebRelease\util\Support_Tools\MSI_Install_Cleanup\Win2000\Win2000.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cbf.qua'! C:\temp\HP_WebRelease\util\Support_Tools\MSI_Install_Cleanup\Win9x\Win9x.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99cc0.qua'! C:\WINDOWS\trayicons.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9cda.qua'! C:\WINDOWS\WINDOWS.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b99cb4.qua'! C:\WINDOWS\Yrq68.sys [WARNING] The file could not be opened! C:\WINDOWS\AppPatch\AppPatch.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db9df4.qua'! C:\WINDOWS\BDOSCAN8\BDOSCAN8.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ba9dd9.qua'! C:\WINDOWS\BDOSCAN8\plugins\plugins.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09e0c.qua'! C:\WINDOWS\Cursors\Cursors.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9e17.qua'! C:\WINDOWS\Debug\Debug.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9e09.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a29df1.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\da.lproj\da.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e1b.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\de.lproj\de.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e1f.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\en.lproj\en.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e29.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\es.lproj\es.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e2e.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\fi.lproj\fi.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e25.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\fr.lproj\fr.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e7c537.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\it.lproj\it.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e31.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ja.lproj\ja.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e1e.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ko.lproj\ko.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e2d.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\nl.lproj\nl.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e2b.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\no.lproj\no.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e20.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\sv.lproj\sv.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999e36.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\zh_CN.lproj\zh_CN.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ca9e28.qua'! C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\zh_TW.lproj\zh_TW.lproj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ca9e29.qua'! C:\WINDOWS\Downloaded Installations\{BB7815A3-BABE-4710-A530-8242593E1019}\{BB7815A3-BABE-4710-A530-8242593E1019}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ad9e04.qua'! C:\WINDOWS\Driver Cache\i386\i386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a39e32.qua'! C:\WINDOWS\Help\Help.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d79e95.qua'! C:\WINDOWS\Help\SBSI\Training\Training.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9ecc.qua'! C:\WINDOWS\Help\SBSI\Training\Database\Database.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9ebb.qua'! C:\WINDOWS\Help\SBSI\Training\WXPPer\WXPPer.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bb9eb3.qua'! C:\WINDOWS\Help\SBSI\Training\WXPPer\CBO\CBO.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ba9e9d.qua'! C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\Cbz.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e59ebe.qua'! C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\Lib.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9eca.qua'! C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\Wave.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e19ec8.qua'! C:\WINDOWS\Help\Tours\htmlTour\htmlTour.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89edc.qua'! C:\WINDOWS\Help\Tours\mmTour\mmTour.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bf9ed7.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\WindowsMediaPlayer.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99ed4.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Audio.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9ee0.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\Wav.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e19ecd.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\Cnt.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9eda.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\Css.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9ee0.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Img.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d29eda.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\Btn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99ee2.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\WMarks.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9ebb.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\Scr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9ed2.qua'! C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\Video.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9ed8.qua'! C:\WINDOWS\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ad9eb2.qua'! C:\WINDOWS\ime\ime.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09ef9.qua'! C:\WINDOWS\Media\Media.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9f2e.qua'! C:\WINDOWS\Microsoft.NET\Framework\Framework.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f3d.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\v1.0.3705.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999efc.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\v1.1.4322.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999f04.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\1033.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479e9f04.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1036\1036.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e1ffa5.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\ASP.NETClientFiles.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bb9f28.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\CONFIG.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b99f24.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fr\fr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999f49.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI409409.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479b9f0c.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI40C40C.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '461bf925.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2364\SHADOW2364.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ac9f21.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\Updates.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9f4a.qua'! C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9f14.qua'! C:\WINDOWS\Minidump\Minidump.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99f47.qua'! C:\WINDOWS\msagent\msagent.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f52.qua'! C:\WINDOWS\msagent\chars\chars.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f47.qua'! C:\WINDOWS\msagent\intl\intl.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9f4e.qua'! C:\WINDOWS\nview\nview.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d49f56.qua'! C:\WINDOWS\pchealth\helpctr\binaries\binaries.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99f4a.qua'! C:\WINDOWS\pchealth\helpctr\Config\Config.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99f55.qua'! C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce9f47.qua'! C:\WINDOWS\pchealth\helpctr\Database\Database.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9f48.qua'! C:\WINDOWS\pchealth\helpctr\DataColl\DataColl.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9f50.qua'! C:\WINDOWS\pchealth\helpctr\Indices\Indices.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9f5d.qua'! C:\WINDOWS\pchealth\helpctr\Logs\Logs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d29f5f.qua'! C:\WINDOWS\pchealth\helpctr\OfflineCache\OfflineCache.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d19f56.qua'! C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\Personal_32#040c.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9f5b.qua'! C:\WINDOWS\pchealth\helpctr\PackageStore\PackageStore.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce9f5c.qua'! C:\WINDOWS\pchealth\helpctr\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f77.qua'! C:\WINDOWS\pchealth\helpctr\System\blurbs\blurbs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09f6b.qua'! C:\WINDOWS\pchealth\helpctr\System\CompatCtr\CompatCtr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89f6e.qua'! C:\WINDOWS\pchealth\helpctr\System\css\css.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f73.qua'! C:\WINDOWS\pchealth\helpctr\System\dialogs\dialogs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f69.qua'! C:\WINDOWS\pchealth\helpctr\System\DVDUpgrd\DVDUpgrd.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47af9f57.qua'! C:\WINDOWS\pchealth\helpctr\System\ErrMsg\ErrMsg.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9f73.qua'! C:\WINDOWS\pchealth\helpctr\System\errors\errors.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9f74.qua'! C:\WINDOWS\pchealth\helpctr\System\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f6f.qua'! C:\WINDOWS\pchealth\helpctr\System\images\16x16\16x16.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e39f38.qua'! C:\WINDOWS\pchealth\helpctr\System\images\24x24\24x24.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e39f37.qua'! C:\WINDOWS\pchealth\helpctr\System\images\32x32\32x32.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e39f35.qua'! C:\WINDOWS\pchealth\helpctr\System\images\48x48\48x48.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e39f3c.qua'! C:\WINDOWS\pchealth\helpctr\System\images\Centers\Centers.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99f69.qua'! C:\WINDOWS\pchealth\helpctr\System\images\Expando\Expando.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db9f7d.qua'! C:\WINDOWS\pchealth\helpctr\System\NetDiag\NetDiag.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9f6a.qua'! C:\WINDOWS\pchealth\helpctr\System\panels\panels.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99f66.qua'! C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\subpanels.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9f7b.qua'! C:\WINDOWS\pchealth\helpctr\System\rc\rc.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47999f6a.qua'! C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Remote Assistance.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89f6c.qua'! C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\Common.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89f77.qua'! C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css\Css.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f7b.qua'! C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\Client.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d49f75.qua'! C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Common.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89f78.qua'! C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\Server.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9f6f.qua'! C:\WINDOWS\pchealth\helpctr\System\scripts\scripts.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9f6d.qua'! C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfo.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f84.qua'! C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\graphics.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f7e.qua'! C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\33x16pie.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e39f3f.qua'! C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\47x24pie.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e39f43.qua'! C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\UpdateCtr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9f7d.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f86.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\blurbs\blurbs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e09f7a.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\Css\Css.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f81.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\HDVT\HDVT.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47c19f53.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\Image\Image.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f7c.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\Modem.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9f7f.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\Css\Css.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f83.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\Image\Image.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '464cf957.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\script\script.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '465df95d.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\SafetyAndComfortGuide\SafetyAndComfortGuide.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d19f72.qua'! C:\WINDOWS\pchealth\helpctr\System_OEM\scripts\scripts.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9f75.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard Company,L=Palo Alto,S=California,C=US\Support\Support.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db9f88.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a89f62.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Remote Assistance.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89f7a.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\Common.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89f84.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\Css.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f88.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Common.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89f85.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\Email.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9f83.qua'! C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\Unsolicited.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f85.qua'! C:\WINDOWS\pchealth\UploadLB\Binaries\Binaries.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99f80.qua'! C:\WINDOWS\pchealth\UploadLB\Config\Config.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99f87.qua'! C:\WINDOWS\PeerNet\PeerNet.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09f7d.qua'! C:\WINDOWS\Provisioning\Schemas\Schemas.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d39f81.qua'! C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a29f4f.qua'! C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f98.qua'! C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479b9f54.qua'! C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f9a.qua'! C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b19f56.qua'! C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f9c.qua'! C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479b9f5a.qua'! C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f9d.qua'! C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a39f5f.qua'! C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9f9f.qua'! C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479f9f69.qua'! C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9fa1.qua'! C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ac9f6c.qua'! C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9fa5.qua'! C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a09f72.qua'! C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9fa9.qua'! C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b19f73.qua'! C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46a0c4b2.qua'! C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47af9f79.qua'! C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9faf.qua'! C:\WINDOWS\Registration\Registration.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d29fa1.qua'! C:\WINDOWS\RegistryCleanerSolution\RegistryCleanerSolution.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46aecfaa.qua'! C:\WINDOWS\repair\repair.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db9fa2.qua'! C:\WINDOWS\Resources\Themes\Themes.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09fa6.qua'! C:\WINDOWS\Resources\Themes\Luna\Luna.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d99fb3.qua'! C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\Homestead.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89fae.qua'! C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic\Metallic.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9fa4.qua'! C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor\NormalColor.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dd9faf.qua'! C:\WINDOWS\security\Database\Database.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47df9fa1.qua'! C:\WINDOWS\security\logs\logs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d29fb0.qua'! C:\WINDOWS\security\templates\templates.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d89fa6.qua'! C:\WINDOWS\ShellNew\ShellNew.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09faa.qua'! C:\WINDOWS\SoftwareDistribution\SoftwareDistribution.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d19fb1.qua'! C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46a2ca35.qua'! C:\WINDOWS\SoftwareDistribution\DataStore\Logs\Logs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d29fb3.qua'! C:\WINDOWS\SoftwareDistribution\Download\Download.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e29fb5.qua'! C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf65911cdeb527c0ded3735dde8070aaf659.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479c9f77.qua'! C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf659\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fb7.qua'! C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf659\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e2ff18.qua'! C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf659\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fb8.qua'! C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022edb3d56a4d48d9b1d002b9cc8dac022ed.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479e9faa.qua'! C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022ed\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fb9.qua'! C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022ed\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e2ff1a.qua'! C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022ed\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fba.qua'! C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\2937b3063b471327e963037400d02e47.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479e9f84.qua'! C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fbb.qua'! C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fbc.qua'! C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fbc.qua'! C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\3da5fb25f9bca1c53dde30405d5bbc6e.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9fb1.qua'! C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\SP2GDR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fa0.qua'! C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\SP2QFE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fa5.qua'! C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fc6.qua'! C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\46cd47035087b17a775667e2fc66a071.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce9f8c.qua'! C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fc7.qua'! C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e2ff68.qua'! C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fc8.qua'! C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\550530d3b934e720deb3ca1851e75ba0.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479b9f8e.qua'! C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\SP2QFE\SP2QFE.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fa9.qua'! C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fca.qua'! C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\59d65fe506faac4cd39a61d5534f0f9b.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9f94.qua'! C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fcb.qua'! C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fcc.qua'! C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fcc.qua'! C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\8caa77f8e4322c84b8774b3c6f6215a3.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9fc0.qua'! C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fce.qua'! C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e2ff6f.qua'! C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fcf.qua'! C:\WINDOWS\SoftwareDistribution\Download\9c6177049c725a878782a25a1b820fa3\9c6177049c725a878782a25a1b820fa3.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a19fc3.qua'! C:\WINDOWS\SoftwareDistribution\Download\9c6177049c725a878782a25a1b820fa3\download\download.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e29fcf.qua'! C:\WINDOWS\SoftwareDistribution\Download\9c6177049c725a878782a25a1b820fa3\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fd1.qua'! C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\b09b87418e1b1dbe22dc86ea2b3c2087.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a49f92.qua'! C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fd5.qua'! C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fda.qua'! C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fda.qua'! C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\dc9e8f8aa751cd275caca189dc5f0a98.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a49fce.qua'! C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\emerald\emerald.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09fd9.qua'! C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fdc.qua'! C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp10\wmp10.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db9fda.qua'! C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp11\wmp11.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46a4ff7b.qua'! C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp9l\wmp9l.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47db9fdb.qua'! C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp9nl\wmp9nl.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46a4ff7c.qua'! C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\e4818ecd57ac16436508f06dc02ac643.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a39fa3.qua'! C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2gdr\sp2gdr.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fe1.qua'! C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2qfe\sp2qfe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479d9fe4.qua'! C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\update\update.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cf9fe5.qua'! C:\WINDOWS\SoftwareDistribution\EventCache\EventCache.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d09feb.qua'! C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d19fe0.qua'! C:\WINDOWS\SoftwareDistribution\WebSetup\WebSetup.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cd9fe1.qua'! C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\9482F4B4-E343-43B6-B170-9A65BC822C77.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a39fb1.qua'! C:\WINDOWS\srchasst\srchasst.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ce9ff0.qua'! C:\WINDOWS\srchasst\chars\chars.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cc9fe6.qua'! C:\WINDOWS\srchasst\mui40C40C.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479b9fb3.qua'! C:\WINDOWS\system\system.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47de9ff9.qua'! C:\WINDOWS\system32\bronto.VIR [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47da9ff9.qua'! C:\WINDOWS\system32\iometer.dll [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '47d8a014.qua'! C:\WINDOWS\system32\mscore.dll [DETECTION] Is the Trojan horse TR/Rootkit.GEQ [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\WINDOWS\system32\shovth.VIR [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47daabfd.qua'! C:\WINDOWS\system32\system32.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deac13.qua'! C:\WINDOWS\system32\wowfx.dll [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was moved to '47e2ac1b.qua'! C:\WINDOWS\system32\1033\1033.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479eabe1.qua'! C:\WINDOWS\system32\1036\1036.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479eabe2.qua'! C:\WINDOWS\system32\Adobe\SVG Viewer\SVG Viewer.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47b2ac09.qua'! C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479dabe5.qua'! C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a2ac0b.qua'! C:\WINDOWS\system32\CatRoot2\CatRoot2.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dfac26.qua'! C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479dabf7.qua'! C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a2ac0c.qua'! C:\WINDOWS\system32\Com\Com.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8ac35.qua'! C:\WINDOWS\system32\config\config.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d9ac37.qua'! C:\WINDOWS\system32\config\systemprofile\systemprofile.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deac42.qua'! C:\WINDOWS\system32\DirectX\Dinput\Dinput.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d9ac35.qua'! C:\WINDOWS\system32\drivers\drivers.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d4ac57.qua'! C:\WINDOWS\system32\drivers\Yrq68.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\etc\etc.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ceac62.qua'! C:\WINDOWS\system32\ias\ias.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deac51.qua'! C:\WINDOWS\system32\icsxml\icsxml.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deac54.qua'! C:\WINDOWS\system32\Macromed\Director\Director.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ddac5a.qua'! C:\WINDOWS\system32\Macromed\Flash\Flash.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ccac5e.qua'! C:\WINDOWS\system32\Macromed\Shockwave 8\Shockwave 8.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47daac5c.qua'! C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\Xtras.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ddac6a.qua'! C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\MacromediaInc\FontAssetw32\FontAssetw32.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d9ac66.qua'! C:\WINDOWS\system32\Macromed\update\New\Shockwave 8\Shockwave 8.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47daac60.qua'! C:\WINDOWS\system32\Macromed\update\New\Shockwave 8\xtras\xtras.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ddac6d.qua'! C:\WINDOWS\system32\MsDtc\MsDtc.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47afac6c.qua'! C:\WINDOWS\system32\MsDtc\Trace\Trace.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ccac6c.qua'! C:\WINDOWS\system32\mui0C0C.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479bac2b.qua'! C:\WINDOWS\system32\mui409409.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479bac2f.qua'! C:\WINDOWS\system32\mui40C40C.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46e5f040.qua'! C:\WINDOWS\system32\npp\npp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dbac6c.qua'! C:\WINDOWS\system32\NtmsData\NtmsData.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8ac70.qua'! C:\WINDOWS\system32\oobe\oobe.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47cdac6d.qua'! C:\WINDOWS\system32\oobe\actsetup\actsetup.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dfac62.qua'! C:\WINDOWS\system32\oobe\error\error.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ddac72.qua'! C:\WINDOWS\system32\oobe\html\dslmain\dslmain.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d7ac73.qua'! C:\WINDOWS\system32\oobe\html\iconnect\iconnect.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47daac64.qua'! C:\WINDOWS\system32\oobe\html\isptype\isptype.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dbac74.qua'! C:\WINDOWS\system32\oobe\html\mouse\mouse.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e0ac70.qua'! C:\WINDOWS\system32\oobe\html\mouse\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ccac6f.qua'! C:\WINDOWS\system32\oobe\html\sconnect\sconnect.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47daac66.qua'! C:\WINDOWS\system32\oobe\icserror\icserror.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deac66.qua'! C:\WINDOWS\system32\oobe\images\images.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ccac71.qua'! C:\WINDOWS\system32\oobe\isperror\isperror.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dbac78.qua'! C:\WINDOWS\system32\oobe\regerror\regerror.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d2ac6a.qua'! C:\WINDOWS\system32\oobe\setup\setup.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dfac6b.qua'! C:\WINDOWS\system32\QuickTime\QuickTime.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d4ac7d.qua'! C:\WINDOWS\system32\ras\ras.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deac6c.qua'! C:\WINDOWS\system32\ReinstallBackups00\DriverFiles\DriverFiles.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46abcd86.qua'! C:\WINDOWS\system32\ReinstallBackups00\DriverFiles\i386\i386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a3ac3e.qua'! C:\WINDOWS\system32\ReinstallBackups01\DriverFiles\DriverFiles.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d4ac7e.qua'! C:\WINDOWS\system32\ReinstallBackups01\DriverFiles\i386\i386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a3ac3f.qua'! C:\WINDOWS\system32\ReinstallBackups02\DriverFiles\DriverFiles.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d4ac7f.qua'! C:\WINDOWS\system32\ReinstallBackups02\DriverFiles\i386\i386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a3ac40.qua'! C:\WINDOWS\system32\ReinstallBackups03\DriverFiles\DriverFiles.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d4ac80.qua'! C:\WINDOWS\system32\ReinstallBackups03\DriverFiles\i386\i386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a3ac41.qua'! C:\WINDOWS\system32\ReinstallBackups04\DriverFiles\DriverFiles.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46abcd79.qua'! C:\WINDOWS\system32\ReinstallBackups04\DriverFiles\i386\i386.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a3ac42.qua'! C:\WINDOWS\system32\Restore\Restore.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deac75.qua'! C:\WINDOWS\system32\Setup\Setup.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dfac76.qua'! C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\5.8.0.2469.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '4622c149.qua'! C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374\7.0.6000.374.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479bac41.qua'! C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\7.0.6000.381.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '461ac14a.qua'! C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.374\7.0.6000.374.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479bac43.qua'! C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\7.0.6000.381.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '479bac42.qua'! C:\WINDOWS\system32\spool\drivers\color\color.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d7ac83.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\3\3.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d0ac43.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_2350_series3458\hppsc_2350_series3458.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dbac89.qua'! C:\WINDOWS\system32\URTTemp\URTTemp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47bfac72.qua'! C:\WINDOWS\system32\usmt\usmt.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d8ac94.qua'! C:\WINDOWS\system32\wbem\wbem.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d0ac86.qua'! C:\WINDOWS\system32\wbem\AutoRecover\AutoRecover.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dfac9d.qua'! C:\WINDOWS\system32\wbem\Logs\Logs.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d2ac98.qua'! C:\WINDOWS\system32\wbem\mof\good\good.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47daac99.qua'! C:\WINDOWS\system32\wbem\Performance\Performance.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ddac8f.qua'! C:\WINDOWS\system32\wbem\Repository\Repository.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47dbac90.qua'! C:\WINDOWS\system32\wbem\xml\xml.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d7ac98.qua'! C:\WINDOWS\Temp\5436734 [DETECTION] Contains detection pattern of the worm WORM/Ntech.AD [iNFO] The file was moved to '479eac60.qua'! C:\WINDOWS\Temp\633718 [DETECTION] Contains detection pattern of the worm WORM/Ntech.AD [iNFO] The file was moved to '479eac5f.qua'! C:\WINDOWS\Temp\checkmem.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d0ac95.qua'! C:\WINDOWS\Temp\Temp.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46a4fdf5.qua'! C:\WINDOWS\Temp\_avast4_\_avast4_.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47e1ac92.qua'! C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP0.DIR\_ISTMP0.DIR.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47beac7a.qua'! C:\WINDOWS\twain_32\twain_32.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47ccaca8.qua'! C:\WINDOWS\twain_32\hpsj_0000\hpsj_0000.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47deaca2.qua'! C:\WINDOWS\twain_32\USB2800\USB2800.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47adac85.qua'! C:\WINDOWS\WinSxS\Manifests\Manifests.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47d9ac95.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac6e.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dff01f.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac6f.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dff000.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac70.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dff001.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac71.qua'! C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dff002.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa9a.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac72.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa9b.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac73.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa9c.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac74.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac75.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa9e.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac76.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac77.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa90.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac78.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa91.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac79.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa92.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47a1ac7a.qua'! C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '46dcfa93.qua'! Begin scan in 'D:\' Search path D:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: vendredi 21 décembre 2007 13:06 Used time: 2:50:47 min The scan has been done completely. 6295 Scanning directories 401266 Files were scanned 773 viruses and/or unwanted programs were found 3 Files were classified as suspicious: 0 files were deleted 0 files were repaired 775 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 400493 Files not concerned 10660 Archives were scanned 4 Warnings 50 Notes ------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:08, on 22/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\JEAN LOUIS RABASTE\Mes documents\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - (no file) O3 - Toolbar: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing) O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing) -- End of file - 7650 bytes

Bonjour à toute l'Equipe Sécurité, Je suis en train de faire le scan Antivir en mode sans échec (toujours sur un autre ordi,celui de mon ami JeanLouis) et il me semble ne jamais se terminer: ça fait un bon moment que la progression est à 99,8 % et il tourne déjà depuis 2h. Etant donné qu'il a trouvé souvent "TR.CRYPT.ULPM.GEN" j'ai coché l'automatisation de mettre tous les fichiers en quarantaine.Il en est à 660 détections,3 fichiers suspicieux et 2 warnings. Et je suis bloqué sur la dernière fenêtre de warning qui me dit ceci:"The file could not be copied to quarantine" Il s'agit d'un trojan:"TR/Rootkit.geo" qui se trouve dans:"c:\windows\system32\mscore.dll". Que dois-je répondre SVP: "Delete locked file after reboot" ou "Ignore" ? Merci

J'ai oublié: Securitoo est livré par le FAI Wanadoo. J'en ai résilié et supprimé l'antivirus (payant) mais il reste l'antispyware (gratuit) qu'on ne peut désactiver à priori.

OK Zonk ! Merci pour tout cela Ouf, il y a du boulot ! Je m'y attèle de ce pas. A+

Suite à mon échange avec Zonk sur mon ordi, voici le rapport Hijackthis de l'ordi de mon ami. Cet ordi est infecté par plusieurs virus (d'après Avast) et l'on obtient sans arrêt la fenêtre sitée dans le titre. Merci pour votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:12:25, on 20/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\proper.exe C:\WINDOWS\system32\winsos.exe C:\WINDOWS\system32\shovth.exe C:\Documents and Settings\JEAN LOUIS RABASTE\Mes documents\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing) O3 - Toolbar: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [undefined] C:\WINDOWS\system32\winter.exe O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [undefined] C:\WINDOWS\system32\winter.exe O4 - HKCU\..\Run: [startUp] C:\WINDOWS\Temp\checkmem.exe /optimize speed O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: infos.exe O4 - Global Startup: autos.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6169 bytes

Bonjour Zonk et merci pour le retour rapide. Je vais donc envoyer ce rapport depuis l'ordi que mon ami m'a laissé en dépannage. A tout de suite.

Bonjour, J'interviens pour un ami dont l'ordi est bien infecté et qui n'ose plus se connecter à Internet. Je lui ai quand même (après avoir lu les forums) téléchargé Hijackthis et effectué un scan + log que j'ai sauvegardé en fichier txt. A votre avis, y a t'il un risque à ce que je transfère ce txt sur mon ordi (via une clé USB) pour vous le soumettre ensuite ? Merci