Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Windows Security Alert + Proper.exe

Papsded

Par Papsded
dans Analyses et éradication malwares

 Partager

Messages recommandés

Papsded Junior Member

Papsded

Posté(e)
Posté(e)

Bonjour,

 

Suite à mon post "encore et toujours windows security alert", et après avoir suivi une partie des conseils de Zonc (pré-nettoyage avec Antivir..), je n'ai pas pu terminer le travail avec ATF Cleaner car je n'ai plus d'accès internet. Je n'ai d'ailleurs plus que 3 services démarrés (affichage Nvidia, journal d'événts et pulg-and-play).

je communique donc avec un autre ordi.

Que me conseillez-vous de faire maintenant SVP ?

Voici le rapport Antivir et le dernier Hijackthis:

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 21 décembre 2007 10:15

 

Scanning for 983178 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: JEAN LOUIS RABASTE

Computer name: PC192141439594

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:16:43

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:16:43

ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 21:16:43

ANTIVIR3.VDF : 7.0.1.132 145920 Bytes 20/12/2007 21:16:43

AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 21:16:43

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 21:16:44

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: vendredi 21 décembre 2007 10:15

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '40' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-253803cf-1db1714f.0lass

[DETECTION] Contains detection pattern of the Java virus JAVA/OpenStream.y

[iNFO] The file was moved to '47d18539.qua'!

C:\Documents and Settings\JEAN LOUIS RABASTE\Local Settings\Temporary Internet Files\Content.IE5\C15UVDXP\NEW[1].0tm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '47c2889d.qua'!

C:\Documents and Settings\JEAN LOUIS RABASTE\Local Settings\Temporary Internet Files\Content.IE5\C15UVDXP\NEW[1].1tm

[DETECTION] Contains suspicious code HEUR/Exploit.HTML

[iNFO] The file was moved to '47c288a4.qua'!

C:\ebceb877fb6bd4f59a6c85f0\ebceb877fb6bd4f59a6c85f0.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce8c7a.qua'!

C:\hp\drivers\drivers.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d48c8e.qua'!

C:\hp\drivers\printers\deskjet\deskjet.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de8c86.qua'!

C:\hp\drivers\printers\deskjet\common\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88ca3.qua'!

C:\hp\drivers\printers\deskjet\enu\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98cba.qua'!

C:\hp\drivers\printers\deskjet\fra\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ce6.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\Help\Help.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d78ce6.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\Help\fra\fra.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8cf8.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 3500 series\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8cec.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 3600 series\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8cf2.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 5100 series\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8d08.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\Digital Imaging\hp deskjet 5600 series\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8d10.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\3500\fra\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8d17.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\3600\fra\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8d1e.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\5100\fra\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8d27.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\5600\fra\data\data.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8d2b.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\bin.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d33.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\chrome\chrome.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd8d35.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\components\components.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d3d.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\defaults\pref\pref.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d08d42.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\res\res.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de8d36.qua'!

C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\res\builtin\builtin.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d48d46.qua'!

C:\hp\drivers\printers\deskjet\System32\Redist\MS\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de8d4b.qua'!

C:\hp\drivers\printers\deskjet\util\util.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d48d47.qua'!

C:\hp\drivers\printers\deskjet\util\common\common.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d42.qua'!

C:\hp\EXPLOREBAR\EXPLOREBAR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bb8d2c.qua'!

C:\hp\tmp\src\psptr\psptr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db8d4b.qua'!

C:\hp\tmp\src\psptr\com_lang\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d49.qua'!

C:\hp\tmp\src\psptr\deu\deu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e08d46.qua'!

C:\hp\tmp\src\psptr\deu\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d50.qua'!

C:\hp\tmp\src\psptr\deu\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d4f.qua'!

C:\hp\tmp\src\psptr\deu\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d52.qua'!

C:\hp\tmp\src\psptr\deu\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d55.qua'!

C:\hp\tmp\src\psptr\deu\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d56.qua'!

C:\hp\tmp\src\psptr\drivers\dot4\win2000\win2000.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d57.qua'!

C:\hp\tmp\src\psptr\drivers\dot4\win98\win98.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d58.qua'!

C:\hp\tmp\src\psptr\drivers\dot4\winxp\winxp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46580ad9.qua'!

C:\hp\tmp\src\psptr\DRVUI\DRVUI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47c18d43.qua'!

C:\hp\tmp\src\psptr\enu\enu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e08d5f.qua'!

C:\hp\tmp\src\psptr\enu\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d61.qua'!

C:\hp\tmp\src\psptr\enu\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d60.qua'!

C:\hp\tmp\src\psptr\enu\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d63.qua'!

C:\hp\tmp\src\psptr\enu\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d66.qua'!

C:\hp\tmp\src\psptr\enu\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d67.qua'!

C:\hp\tmp\src\psptr\esm\esm.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d71.qua'!

C:\hp\tmp\src\psptr\esm\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d6e.qua'!

C:\hp\tmp\src\psptr\esm\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d6d.qua'!

C:\hp\tmp\src\psptr\esm\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d70.qua'!

C:\hp\tmp\src\psptr\esm\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d73.qua'!

C:\hp\tmp\src\psptr\esm\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d74.qua'!

C:\hp\tmp\src\psptr\fra\fra.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d7d.qua'!

C:\hp\tmp\src\psptr\fra\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d7b.qua'!

C:\hp\tmp\src\psptr\fra\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d7a.qua'!

C:\hp\tmp\src\psptr\fra\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d7d.qua'!

C:\hp\tmp\src\psptr\fra\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d80.qua'!

C:\hp\tmp\src\psptr\fra\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d81.qua'!

C:\hp\tmp\src\psptr\grk\grk.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d68d8a.qua'!

C:\hp\tmp\src\psptr\grk\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d88.qua'!

C:\hp\tmp\src\psptr\grk\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d87.qua'!

C:\hp\tmp\src\psptr\grk\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d8a.qua'!

C:\hp\tmp\src\psptr\grk\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d8d.qua'!

C:\hp\tmp\src\psptr\grk\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d8e.qua'!

C:\hp\tmp\src\psptr\ita\ita.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d99.qua'!

C:\hp\tmp\src\psptr\ita\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d95.qua'!

C:\hp\tmp\src\psptr\ita\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8d94.qua'!

C:\hp\tmp\src\psptr\ita\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88d97.qua'!

C:\hp\tmp\src\psptr\ita\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d99.qua'!

C:\hp\tmp\src\psptr\ita\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98d9a.qua'!

C:\hp\tmp\src\psptr\nld\nld.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf8d9e.qua'!

C:\hp\tmp\src\psptr\nld\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98da2.qua'!

C:\hp\tmp\src\psptr\nld\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8da0.qua'!

C:\hp\tmp\src\psptr\nld\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88da3.qua'!

C:\hp\tmp\src\psptr\nld\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98da6.qua'!

C:\hp\tmp\src\psptr\nld\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98da7.qua'!

C:\hp\tmp\src\psptr\Patch\Uninst\Uninst.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d48dac.qua'!

C:\hp\tmp\src\psptr\Patch\Uninst\deu\deu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e08da4.qua'!

C:\hp\tmp\src\psptr\Patch\Uninst\enu\enu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e08dad.qua'!

C:\hp\tmp\src\psptr\Patch\Uninst\esm\esm.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88db3.qua'!

C:\hp\tmp\src\psptr\Patch\Uninst\fra\fra.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8db2.qua'!

C:\hp\tmp\src\psptr\Patch\Uninst\ita\ita.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8db5.qua'!

C:\hp\tmp\src\psptr\Patch\Uninst\jpn\jpn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98db2.qua'!

C:\hp\tmp\src\psptr\PExpress\PExpress.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e38d8b.qua'!

C:\hp\tmp\src\psptr\PS140\PS140.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479c8db7.qua'!

C:\hp\tmp\src\psptr\PS240\PS240.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d8de0.qua'!

C:\hp\tmp\src\psptr\PS7200\PS7200.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a28e02.qua'!

C:\hp\tmp\src\psptr\PS7600\PS7600.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a28e21.qua'!

C:\hp\tmp\src\psptr\PS7700\PS7700.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a28e44.qua'!

C:\hp\tmp\src\psptr\PS7900\PS7900.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a28e6c.qua'!

C:\hp\tmp\src\psptr\PSShortcutsP\PSShortcutsP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47be8e6d.qua'!

C:\hp\tmp\src\psptr\PSShortP\PSShortP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47be8e8c.qua'!

C:\hp\tmp\src\psptr\ptb\ptb.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd8eae.qua'!

C:\hp\tmp\src\psptr\ptb\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ea9.qua'!

C:\hp\tmp\src\psptr\ptb\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8ea8.qua'!

C:\hp\tmp\src\psptr\ptb\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88eab.qua'!

C:\hp\tmp\src\psptr\ptb\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98eae.qua'!

C:\hp\tmp\src\psptr\ptb\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98eaf.qua'!

C:\hp\tmp\src\psptr\rus\rus.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de8ebc.qua'!

C:\hp\tmp\src\psptr\rus\congrats\congrats.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98eb6.qua'!

C:\hp\tmp\src\psptr\rus\congrats\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8eb5.qua'!

C:\hp\tmp\src\psptr\rus\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88eb8.qua'!

C:\hp\tmp\src\psptr\rus\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ebb.qua'!

C:\hp\tmp\src\psptr\rus\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4658093c.qua'!

C:\hp\tmp\src\psptr\setup\setup.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8eba.qua'!

C:\hp\tmp\src\psptr\setup\wis\Win2K_XP\Win2K_XP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ebf.qua'!

C:\hp\tmp\src\psptr\setup\wis\Win9x\Win9x.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ec0.qua'!

C:\hp\tmp\src\psptr\UI\UI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47998ea1.qua'!

C:\hp\tmp\src\psptr\util\ccc\ccc.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce8ebc.qua'!

C:\hp\tmp\src\psptr\util\ccc\chs\chs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de8ec2.qua'!

C:\hp\tmp\src\psptr\util\ccc\cht\cht.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df8ec3.qua'!

C:\hp\tmp\src\psptr\util\ccc\csy\csy.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e48ecf.qua'!

C:\hp\tmp\src\psptr\util\ccc\dan\dan.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ebd.qua'!

C:\hp\tmp\src\psptr\util\ccc\deu\deu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e08ec2.qua'!

C:\hp\tmp\src\psptr\util\ccc\Diagnostics\Diagnostics.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8ec7.qua'!

C:\hp\tmp\src\psptr\util\ccc\ell\ell.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d78ecb.qua'!

C:\hp\tmp\src\psptr\util\ccc\enu\enu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e08ecd.qua'!

C:\hp\tmp\src\psptr\util\ccc\esn\esn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ed3.qua'!

C:\hp\tmp\src\psptr\util\ccc\fin\fin.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98eca.qua'!

C:\hp\tmp\src\psptr\util\ccc\fra\fra.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8ed4.qua'!

C:\hp\tmp\src\psptr\util\ccc\hun\hun.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ed7.qua'!

C:\hp\tmp\src\psptr\util\ccc\ita\ita.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc8ed7.qua'!

C:\hp\tmp\src\psptr\util\ccc\jpn\jpn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d98ed4.qua'!

C:\hp\tmp\src\psptr\util\ccc\kor\kor.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd8ed4.qua'!

C:\hp\tmp\src\psptr\util\ccc\nld\nld.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf8ed1.qua'!

C:\hp\tmp\src\psptr\util\ccc\nob\nob.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd8ed5.qua'!

C:\hp\tmp\src\psptr\util\ccc\plk\plk.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d68ed3.qua'!

C:\hp\tmp\src\psptr\util\ccc\ptb\ptb.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd8edb.qua'!

C:\hp\tmp\src\psptr\util\ccc\rus\rus.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de8ede.qua'!

C:\hp\tmp\src\psptr\util\ccc\sve\sve.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d08edf.qua'!

C:\hp\tmp\src\psptr\util\ccc\trk\trk.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d68edc.qua'!

C:\hp\tmp\src\psptr\util\common\common.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d88ed9.qua'!

C:\hp\tmp\src\psptr\util\hid\hid.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf8ed4.qua'!

C:\hp\tmp\src\psptr\WebU\WebU.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd8ed2.qua'!

C:\I386\I386.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a38f5e.qua'!

C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b4910d.qua'!

C:\I386\ASMS\52\MSFT\WINDOWS\NET\RTCDLL\RTCDLL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ae9120.qua'!

C:\I386\ASMS\52\MSFT\WINDOWS\NET\RTCRES\RTCRES.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '462f16a1.qua'!

C:\I386\ASMS\6000\MSFT\VCRTL\VCRTL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bd9111.qua'!

C:\I386\ASMS\6000\MSFT\VCRTLINT\VCRTLINT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bd9112.qua'!

C:\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b9911e.qua'!

C:\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSWINCRT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47c29123.qua'!

C:\I386\COMPDATA\COMPDATA.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b89121.qua'!

C:\I386\DRW\DRW.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47c29127.qua'!

C:\I386\DRW\1033\1033.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479e9105.qua'!

C:\I386\DRW\1036\1036.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479e9106.qua'!

C:\I386\LANG\LANG.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b991c6.qua'!

C:\I386\SYSTEM32\SYSTEM32.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47be923c.qua'!

C:\SWSetup\Adobe\Adobe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47da976e.qua'!

C:\SWSetup\Adobe\CH\CH.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999753.qua'!

C:\SWSetup\Adobe\DK\DK.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999778.qua'!

C:\SWSetup\Adobe\FI\FI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999784.qua'!

C:\SWSetup\Adobe\FR\FR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799979c.qua'!

C:\SWSetup\Adobe\GR\GR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479997ac.qua'!

C:\SWSetup\Adobe\IT\IT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479997bf.qua'!

C:\SWSetup\Adobe\JP\JP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479997cb.qua'!

C:\SWSetup\Adobe\KR\KR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479997dd.qua'!

C:\SWSetup\Adobe\NL\NL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479997e6.qua'!

C:\SWSetup\Adobe\NO\NO.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479997f8.qua'!

C:\SWSetup\Adobe\PT\PT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799980a.qua'!

C:\SWSetup\Adobe\SE\SE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799980b.qua'!

C:\SWSetup\Adobe\SP\SP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999825.qua'!

C:\SWSetup\Adobe\TW\TW.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799983e.qua'!

C:\SWSetup\Adobe\US\US.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999847.qua'!

C:\SWSetup\Audio\Audio.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9869.qua'!

C:\SWSetup\BrandIt\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de985f.qua'!

C:\SWSetup\BrandIt\Disk1\Bitmap\Bitmap.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df985f.qua'!

C:\SWSetup\BrandIt\Disk1\My PC Essentials\My PC Essentials.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '478b9871.qua'!

C:\SWSetup\BrandIt\Disk1\Skylar Blue (Sample Music)\Skylar Blue (Sample Music).exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e49863.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\DA\DA.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799983a.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\DE\DE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799983f.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\EN\EN.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999848.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\ES\ES.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799984e.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\FI\FI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999844.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\FR\FR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e6e43f.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\IT\IT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999850.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\NL\NL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999849.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\PT\PT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999851.qua'!

C:\SWSetup\BrandIt\Disk1\Warranty\SV\SV.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999854.qua'!

C:\SWSetup\CHIPSET\CHIPSET.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b49847.qua'!

C:\SWSetup\Default\Default.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d19877.qua'!

C:\SWSetup\Default\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de987b.qua'!

C:\SWSetup\DotNet1\DotNet1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df98a2.qua'!

C:\SWSetup\DotNetLg\BR\BR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999886.qua'!

C:\SWSetup\DotNetLg\CH\CH.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799987c.qua'!

C:\SWSetup\DotNetLg\CS\CS.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999888.qua'!

C:\SWSetup\DotNetLg\DK\DK.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999881.qua'!

C:\SWSetup\DotNetLg\FI\FI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999880.qua'!

C:\SWSetup\DotNetLg\FR\FR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799988a.qua'!

C:\SWSetup\DotNetLg\GK\GK.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999884.qua'!

C:\SWSetup\DotNetLg\GR\GR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799988c.qua'!

C:\SWSetup\DotNetLg\HU\HU.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999890.qua'!

C:\SWSetup\DotNetLg\IT\IT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9f1.qua'!

C:\SWSetup\DotNetLg\JP\JP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799988d.qua'!

C:\SWSetup\DotNetLg\KR\KR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999892.qua'!

C:\SWSetup\DotNetLg\NL\NL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799988b.qua'!

C:\SWSetup\DotNetLg\NO\NO.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799988f.qua'!

C:\SWSetup\DotNetLg\PL\PL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9ee.qua'!

C:\SWSetup\DotNetLg\PT\PT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999895.qua'!

C:\SWSetup\DotNetLg\RU\RU.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999897.qua'!

C:\SWSetup\DotNetLg\SE\SE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9e9.qua'!

C:\SWSetup\DotNetLg\SP\SP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999894.qua'!

C:\SWSetup\DotNetLg\TR\TR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9f8.qua'!

C:\SWSetup\DotNetLg\TW\TW.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799989d.qua'!

C:\SWSetup\DotNetLg\TZ\TZ.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998a1.qua'!

C:\SWSetup\DVD\DVD.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47af989e.qua'!

C:\SWSetup\DVD\3rdPartyApp\3rdPartyApp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf98bb.qua'!

C:\SWSetup\hpImgEnh\hpImgEnh.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b498ba.qua'!

C:\SWSetup\hpOSEnh\hpOSEnh.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ba98ba.qua'!

C:\SWSetup\HPPIP\HPPIP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bb989b.qua'!

C:\SWSetup\HPPIP\src\BUR_fixes\BUR_fixes.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bd98a0.qua'!

C:\SWSetup\HPPIP\src\HPIZFIX3\HPIZFIX3.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b4989c.qua'!

C:\SWSetup\HPPIP\src\Issue34830_MDIMAPI\Issue34830_MDIMAPI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de98c0.qua'!

C:\SWSetup\HPPIP\src\Issue35445_ByKeywordPlace\Issue35445_ByKeywordPlace.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de98c1.qua'!

C:\SWSetup\HPPIP\src\SP2Fix_BHOUpdate\SP2Fix_BHOUpdate.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d989e.qua'!

C:\SWSetup\HPPIP\src\SP2Fix_BHOUpdate\CPCUpdate\CPCUpdate.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ae989f.qua'!

C:\SWSetup\HPPIP\src\SP2Fix_Toolkit\SP2Fix_Toolkit.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d989f.qua'!

C:\SWSetup\IRFIX\IRFIX.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b198a3.qua'!

C:\SWSetup\ITUNE\CH\CH.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799989a.qua'!

C:\SWSetup\ITUNE\DK\DK.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9fe.qua'!

C:\SWSetup\ITUNE\FI\FI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799989c.qua'!

C:\SWSetup\ITUNE\FR\FR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998a5.qua'!

C:\SWSetup\ITUNE\GR\GR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998a6.qua'!

C:\SWSetup\ITUNE\IT\IT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998a8.qua'!

C:\SWSetup\ITUNE\JP\JP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9c6.qua'!

C:\SWSetup\ITUNE\KR\KR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998a7.qua'!

C:\SWSetup\ITUNE\NL\NL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998a2.qua'!

C:\SWSetup\ITUNE\NO\NO.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9c8.qua'!

C:\SWSetup\ITUNE\SE\SE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9fd.qua'!

C:\SWSetup\ITUNE\SP\SP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e9c9.qua'!

C:\SWSetup\ITUNE\TW\TW.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998af.qua'!

C:\SWSetup\ITUNE\US\US.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998ab.qua'!

C:\SWSetup\Misc1\Misc1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de98c2.qua'!

C:\SWSetup\MODEM\MODEM.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47af98ab.qua'!

C:\SWSetup\Network\Network.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df98c3.qua'!

C:\SWSetup\Network\WIN2000\WIN2000.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b998a8.qua'!

C:\SWSetup\Network\WIN98\WIN98.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46c4e9c9.qua'!

C:\SWSetup\Network\WIN98SE\WIN98SE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b998aa.qua'!

C:\SWSetup\Network\WINME\WINME.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b998a9.qua'!

C:\SWSetup\Network\WINXP\WINXP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46c4e9ca.qua'!

C:\SWSetup\QLB\QLB.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ad98ad.qua'!

C:\SWSetup\QLB\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de98ca.qua'!

C:\SWSetup\RECNO\RECNO.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ae98dc.qua'!

C:\SWSetup\RECNO\UM\UM.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479998e7.qua'!

C:\SWSetup\SEDSP2\BR\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9906.qua'!

C:\SWSetup\SEDSP2\CH\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9907.qua'!

C:\SWSetup\SEDSP2\CS\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9908.qua'!

C:\SWSetup\SEDSP2\DK\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9909.qua'!

C:\SWSetup\SEDSP2\FI\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de990a.qua'!

C:\SWSetup\SEDSP2\FR\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de990b.qua'!

C:\SWSetup\SEDSP2\GK\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de990c.qua'!

C:\SWSetup\SEDSP2\GR\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de990d.qua'!

C:\SWSetup\SEDSP2\HU\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de990e.qua'!

C:\SWSetup\SEDSP2\IT\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9910.qua'!

C:\SWSetup\SEDSP2\JP\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9912.qua'!

C:\SWSetup\SEDSP2\KR\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9913.qua'!

C:\SWSetup\SEDSP2\NL\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9914.qua'!

C:\SWSetup\SEDSP2\NO\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9915.qua'!

C:\SWSetup\SEDSP2\PL\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9917.qua'!

C:\SWSetup\SEDSP2\PT\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9918.qua'!

C:\SWSetup\SEDSP2\RU\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9919.qua'!

C:\SWSetup\SEDSP2\SE\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de991b.qua'!

C:\SWSetup\SEDSP2\SEDInstaller\SEDInstaller.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47af98f8.qua'!

C:\SWSetup\SEDSP2\SP\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de991d.qua'!

C:\SWSetup\SEDSP2\TR\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de991f.qua'!

C:\SWSetup\SEDSP2\TW\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9920.qua'!

C:\SWSetup\SEDSP2\US\Disk1\Disk1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9922.qua'!

C:\SWSetup\SWEQ\SWEQ.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b09911.qua'!

C:\SWSetup\SYMWMI\FR\FR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799990d.qua'!

C:\SWSetup\TOUCHPAD\TOUCHPAD.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47c0990d.qua'!

C:\SWSetup\TOUCHPAD\BP\BP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799990f.qua'!

C:\SWSetup\TOUCHPAD\DK\DK.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799990b.qua'!

C:\SWSetup\TOUCHPAD\FI\FI.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799990a.qua'!

C:\SWSetup\TOUCHPAD\FR\FR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999914.qua'!

C:\SWSetup\TOUCHPAD\GR\GR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e875.qua'!

C:\SWSetup\TOUCHPAD\IT\IT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999918.qua'!

C:\SWSetup\TOUCHPAD\JP\JP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999915.qua'!

C:\SWSetup\TOUCHPAD\KR\KR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e879.qua'!

C:\SWSetup\TOUCHPAD\LS\LS.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4799991a.qua'!

C:\SWSetup\TOUCHPAD\NL\NL.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999916.qua'!

C:\SWSetup\TOUCHPAD\NO\NO.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e87b.qua'!

C:\SWSetup\TOUCHPAD\SC\SC.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e86e.qua'!

C:\SWSetup\TOUCHPAD\SE\SE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e870.qua'!

C:\SWSetup\TOUCHPAD\TC\TC.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999911.qua'!

C:\SWSetup\TOUCHPAD\TH\TH.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e4e876.qua'!

C:\SWSetup\TOUCHPAD\US\US.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999921.qua'!

C:\SWSetup\Video\Video.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf993f.qua'!

C:\SWSetup\WLAN\WLAN.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ac9925.qua'!

C:\temp\HP_WebRelease\HP_WebRelease.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ca992e.qua'!

C:\temp\HP_WebRelease\chs\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8994f.qua'!

C:\temp\HP_WebRelease\chs\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99951.qua'!

C:\temp\HP_WebRelease\cht\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89958.qua'!

C:\temp\HP_WebRelease\cht\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99957.qua'!

C:\temp\HP_WebRelease\common\drivers\com_os\com_os.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8995d.qua'!

C:\temp\HP_WebRelease\common\drivers\win2k_xp\win2k_xp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d9996f.qua'!

C:\temp\HP_WebRelease\common\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99971.qua'!

C:\temp\HP_WebRelease\csy\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89977.qua'!

C:\temp\HP_WebRelease\csy\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99977.qua'!

C:\temp\HP_WebRelease\dan\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8997d.qua'!

C:\temp\HP_WebRelease\dan\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d9997d.qua'!

C:\temp\HP_WebRelease\deu\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89983.qua'!

C:\temp\HP_WebRelease\deu\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99982.qua'!

C:\temp\HP_WebRelease\Drivers\dot4\win2000\win2000.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99983.qua'!

C:\temp\HP_WebRelease\Drivers\dot4\win98\win98.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99984.qua'!

C:\temp\HP_WebRelease\Drivers\dot4\winxp\winxp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46a6e5f5.qua'!

C:\temp\HP_WebRelease\Drivers\dot4\wrapper\wrapper.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc998e.qua'!

C:\temp\HP_WebRelease\Drivers\Scanner\Scanner.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9981.qua'!

C:\temp\HP_WebRelease\enu\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8998d.qua'!

C:\temp\HP_WebRelease\enu\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99990.qua'!

C:\temp\HP_WebRelease\esm\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89996.qua'!

C:\temp\HP_WebRelease\esm\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99995.qua'!

C:\temp\HP_WebRelease\fin\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8999c.qua'!

C:\temp\HP_WebRelease\fin\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d9999b.qua'!

C:\temp\HP_WebRelease\fra\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899a1.qua'!

C:\temp\HP_WebRelease\fra\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999a1.qua'!

C:\temp\HP_WebRelease\grk\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899a7.qua'!

C:\temp\HP_WebRelease\grk\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999a6.qua'!

C:\temp\HP_WebRelease\hun\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899ad.qua'!

C:\temp\HP_WebRelease\hun\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999ac.qua'!

C:\temp\HP_WebRelease\ita\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899b3.qua'!

C:\temp\HP_WebRelease\ita\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999b2.qua'!

C:\temp\HP_WebRelease\jpn\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899b8.qua'!

C:\temp\HP_WebRelease\jpn\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999bb.qua'!

C:\temp\HP_WebRelease\kor\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899c1.qua'!

C:\temp\HP_WebRelease\kor\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999c0.qua'!

C:\temp\HP_WebRelease\nld\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899ca.qua'!

C:\temp\HP_WebRelease\nld\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999c9.qua'!

C:\temp\HP_WebRelease\non\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899d0.qua'!

C:\temp\HP_WebRelease\non\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999cf.qua'!

C:\temp\HP_WebRelease\plk\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899d5.qua'!

C:\temp\HP_WebRelease\plk\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999d4.qua'!

C:\temp\HP_WebRelease\ptb\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899db.qua'!

C:\temp\HP_WebRelease\ptb\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999da.qua'!

C:\temp\HP_WebRelease\rus\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d899e0.qua'!

C:\temp\HP_WebRelease\rus\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d999e0.qua'!

C:\temp\HP_WebRelease\Setup\Setup.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df99f6.qua'!

C:\temp\HP_WebRelease\Setup\AiOHelp\AiOHelp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ba9ab5.qua'!

C:\temp\HP_WebRelease\Setup\AiOSoftware\AiOSoftware.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ba9ab9.qua'!

C:\temp\HP_WebRelease\Setup\AiO_Scan\AiO_Scan.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ba9aba.qua'!

C:\temp\HP_WebRelease\Setup\BufferChm\BufferChm.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d19aed.qua'!

C:\temp\HP_WebRelease\Setup\CCC\CCC.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ae9abc.qua'!

C:\temp\HP_WebRelease\Setup\chs\chs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9ae1.qua'!

C:\temp\HP_WebRelease\Setup\cht\cht.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9ae2.qua'!

C:\temp\HP_WebRelease\Setup\copy\copy.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db9b06.qua'!

C:\temp\HP_WebRelease\Setup\CP_AtenaShokunin1Config\CP_AtenaShokunin1Config.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ca9ae8.qua'!

C:\temp\HP_WebRelease\Setup\cp_dwshrek2albums1\cp_dwshrek2albums1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ca9b0d.qua'!

C:\temp\HP_WebRelease\Setup\cp_dwshrek2cards1\cp_dwshrek2cards1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ca9b0f.qua'!

C:\temp\HP_WebRelease\Setup\creativeprojects\creativeprojects.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09b26.qua'!

C:\temp\HP_WebRelease\Setup\CreativeProjectsTemplates\CreativeProjectsTemplates.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09b29.qua'!

C:\temp\HP_WebRelease\Setup\csy\csy.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e49b2a.qua'!

C:\temp\HP_WebRelease\Setup\CueTour\CueTour.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09b32.qua'!

C:\temp\HP_WebRelease\Setup\dan\dan.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99b1e.qua'!

C:\temp\HP_WebRelease\Setup\Destinations\Destinations.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9b2f.qua'!

C:\temp\HP_WebRelease\Setup\deu\deu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09b2f.qua'!

C:\temp\HP_WebRelease\Setup\director\director.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9b4d.qua'!

C:\temp\HP_WebRelease\Setup\DocProc\DocProc.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce9b6f.qua'!

C:\temp\HP_WebRelease\Setup\DocumentViewer\DocumentViewer.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce9b93.qua'!

C:\temp\HP_WebRelease\Setup\ell\ell.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d79b90.qua'!

C:\temp\HP_WebRelease\Setup\enu\enu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09b93.qua'!

C:\temp\HP_WebRelease\Setup\esn\esn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99b98.qua'!

C:\temp\HP_WebRelease\Setup\fax\fax.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e39b98.qua'!

C:\temp\HP_WebRelease\Setup\fin\fin.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99ba0.qua'!

C:\temp\HP_WebRelease\Setup\fra\fra.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9baa.qua'!

C:\temp\HP_WebRelease\Setup\HPSoftwareUpdate\HPSoftwareUpdate.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47be9b8b.qua'!

C:\temp\HP_WebRelease\Setup\hun\hun.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99bb1.qua'!

C:\temp\HP_WebRelease\Setup\ImageZoneExpress\ImageZoneExpress.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9bad.qua'!

C:\temp\HP_WebRelease\Setup\InstantShare\InstantShare.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9bcc.qua'!

C:\temp\HP_WebRelease\Setup\ita\ita.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9bd3.qua'!

C:\temp\HP_WebRelease\Setup\jpn\jpn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99bcf.qua'!

C:\temp\HP_WebRelease\Setup\kor\kor.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9bcf.qua'!

C:\temp\HP_WebRelease\Setup\LangPacks\esn\esn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99bd3.qua'!

C:\temp\HP_WebRelease\Setup\LangPacks\fra\fra.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9bd5.qua'!

C:\temp\HP_WebRelease\Setup\LangPacks\ptb\ptb.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9bdc.qua'!

C:\temp\HP_WebRelease\Setup\marketresearch\marketresearch.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9bca.qua'!

C:\temp\HP_WebRelease\Setup\nld\nld.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9bd6.qua'!

C:\temp\HP_WebRelease\Setup\nor\nor.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9bd9.qua'!

C:\temp\HP_WebRelease\Setup\panostandalone\panostandalone.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99bd1.qua'!

C:\temp\HP_WebRelease\Setup\photogallery\photogallery.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47da9c2d.qua'!

C:\temp\HP_WebRelease\Setup\plk\plk.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d69c32.qua'!

C:\temp\HP_WebRelease\Setup\product\product.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47da9c3a.qua'!

C:\temp\HP_WebRelease\Setup\ProductContext\ProductContext.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47da9c3e.qua'!

C:\temp\HP_WebRelease\Setup\ptb\ptb.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9c41.qua'!

C:\temp\HP_WebRelease\Setup\QFolder\QFolder.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47da9c13.qua'!

C:\temp\HP_WebRelease\Setup\Readme\Readme.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9c32.qua'!

C:\temp\HP_WebRelease\Setup\Readme\readme\1033\1033.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479e9bfe.qua'!

C:\temp\HP_WebRelease\Setup\Readme\readme\1034\1034.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '461efdd7.qua'!

C:\temp\HP_WebRelease\Setup\Readme\readme\1036\1036.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479e9bff.qua'!

C:\temp\HP_WebRelease\Setup\Readme\readme\1046\1046.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479f9bff.qua'!

C:\temp\HP_WebRelease\Setup\RedBox\RedBox.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9c3a.qua'!

C:\temp\HP_WebRelease\Setup\releases\Enterprise\setup\setup.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9c3b.qua'!

C:\temp\HP_WebRelease\Setup\rus\rus.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9c4c.qua'!

C:\temp\HP_WebRelease\Setup\Scan\Scan.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9c5c.qua'!

C:\temp\HP_WebRelease\Setup\ScannerCopy\ScannerCopy.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9c77.qua'!

C:\temp\HP_WebRelease\Setup\Sherlock\Sherlock.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09c7d.qua'!

C:\temp\HP_WebRelease\Setup\SkinsHP1\SkinsHP1.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d49c80.qua'!

C:\temp\HP_WebRelease\Setup\sve\sve.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09c8c.qua'!

C:\temp\HP_WebRelease\Setup\Tour\Tour.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09c8b.qua'!

C:\temp\HP_WebRelease\Setup\trayapp\trayapp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9c8f.qua'!

C:\temp\HP_WebRelease\Setup\trk\trk.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d69c90.qua'!

C:\temp\HP_WebRelease\Setup\UnloadIntent\UnloadIntent.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d79ca9.qua'!

C:\temp\HP_WebRelease\Setup\webreg\webreg.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9ca0.qua'!

C:\temp\HP_WebRelease\Setup\wis\Win2K_XP\Win2K_XP.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99ca5.qua'!

C:\temp\HP_WebRelease\Setup\wis\Win9x\Win9x.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99ca6.qua'!

C:\temp\HP_WebRelease\svc\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89cad.qua'!

C:\temp\HP_WebRelease\svc\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cab.qua'!

C:\temp\HP_WebRelease\sve\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89cb1.qua'!

C:\temp\HP_WebRelease\trk\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89cb2.qua'!

C:\temp\HP_WebRelease\tur\drivers\com_lang\com_lang.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89cb3.qua'!

C:\temp\HP_WebRelease\tur\drivers\win9x_me\win9x_me.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cb1.qua'!

C:\temp\HP_WebRelease\util\util.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d49cbc.qua'!

C:\temp\HP_WebRelease\util\AIO\AIO.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ba9c92.qua'!

C:\temp\HP_WebRelease\util\CCC\CCC.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ae9c8d.qua'!

C:\temp\HP_WebRelease\util\CCC\chs\chs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9cb3.qua'!

C:\temp\HP_WebRelease\util\CCC\cht\cht.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9cb3.qua'!

C:\temp\HP_WebRelease\util\CCC\csy\csy.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e49cbe.qua'!

C:\temp\HP_WebRelease\util\CCC\dan\dan.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cad.qua'!

C:\temp\HP_WebRelease\util\CCC\deu\deu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09cb2.qua'!

C:\temp\HP_WebRelease\util\CCC\ell\ell.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d79cb9.qua'!

C:\temp\HP_WebRelease\util\CCC\enu\enu.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09cbc.qua'!

C:\temp\HP_WebRelease\util\CCC\esm\esm.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89cc1.qua'!

C:\temp\HP_WebRelease\util\CCC\esn\esn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cc2.qua'!

C:\temp\HP_WebRelease\util\CCC\fin\fin.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cb8.qua'!

C:\temp\HP_WebRelease\util\CCC\fra\fra.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9cc2.qua'!

C:\temp\HP_WebRelease\util\CCC\hun\hun.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cc5.qua'!

C:\temp\HP_WebRelease\util\CCC\ita\ita.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9cc5.qua'!

C:\temp\HP_WebRelease\util\CCC\jpn\jpn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cc1.qua'!

C:\temp\HP_WebRelease\util\CCC\kor\kor.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9cc1.qua'!

C:\temp\HP_WebRelease\util\CCC\nld\nld.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9cbe.qua'!

C:\temp\HP_WebRelease\util\CCC\nob\nob.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9cc1.qua'!

C:\temp\HP_WebRelease\util\CCC\plk\plk.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d69cbf.qua'!

C:\temp\HP_WebRelease\util\CCC\ptb\ptb.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9cc7.qua'!

C:\temp\HP_WebRelease\util\CCC\rus\rus.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9cc9.qua'!

C:\temp\HP_WebRelease\util\CCC\sve\sve.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09cca.qua'!

C:\temp\HP_WebRelease\util\CCC\trk\trk.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d69cc7.qua'!

C:\temp\HP_WebRelease\util\common\common.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89cc4.qua'!

C:\temp\HP_WebRelease\util\Support_Tools\MSI_Install_Cleanup\Win2000\Win2000.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cbf.qua'!

C:\temp\HP_WebRelease\util\Support_Tools\MSI_Install_Cleanup\Win9x\Win9x.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99cc0.qua'!

C:\WINDOWS\trayicons.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9cda.qua'!

C:\WINDOWS\WINDOWS.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b99cb4.qua'!

C:\WINDOWS\Yrq68.sys

[WARNING] The file could not be opened!

C:\WINDOWS\AppPatch\AppPatch.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db9df4.qua'!

C:\WINDOWS\BDOSCAN8\BDOSCAN8.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ba9dd9.qua'!

C:\WINDOWS\BDOSCAN8\plugins\plugins.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09e0c.qua'!

C:\WINDOWS\Cursors\Cursors.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9e17.qua'!

C:\WINDOWS\Debug\Debug.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9e09.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a29df1.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\da.lproj\da.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e1b.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\de.lproj\de.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e1f.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\en.lproj\en.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e29.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\es.lproj\es.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e2e.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\fi.lproj\fi.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e25.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\fr.lproj\fr.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e7c537.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\it.lproj\it.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e31.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ja.lproj\ja.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e1e.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ko.lproj\ko.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e2d.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\nl.lproj\nl.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e2b.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\no.lproj\no.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e20.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\sv.lproj\sv.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999e36.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\zh_CN.lproj\zh_CN.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ca9e28.qua'!

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\zh_TW.lproj\zh_TW.lproj.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ca9e29.qua'!

C:\WINDOWS\Downloaded Installations\{BB7815A3-BABE-4710-A530-8242593E1019}\{BB7815A3-BABE-4710-A530-8242593E1019}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ad9e04.qua'!

C:\WINDOWS\Driver Cache\i386\i386.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a39e32.qua'!

C:\WINDOWS\Help\Help.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d79e95.qua'!

C:\WINDOWS\Help\SBSI\Training\Training.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9ecc.qua'!

C:\WINDOWS\Help\SBSI\Training\Database\Database.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9ebb.qua'!

C:\WINDOWS\Help\SBSI\Training\WXPPer\WXPPer.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bb9eb3.qua'!

C:\WINDOWS\Help\SBSI\Training\WXPPer\CBO\CBO.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ba9e9d.qua'!

C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Cbz\Cbz.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e59ebe.qua'!

C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Lib\Lib.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9eca.qua'!

C:\WINDOWS\Help\SBSI\Training\WXPPer\Content\Wave\Wave.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e19ec8.qua'!

C:\WINDOWS\Help\Tours\htmlTour\htmlTour.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89edc.qua'!

C:\WINDOWS\Help\Tours\mmTour\mmTour.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bf9ed7.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\WindowsMediaPlayer.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99ed4.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Audio.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9ee0.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\Wav.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e19ecd.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\Cnt.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9eda.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\Css.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9ee0.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Img.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d29eda.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\Btn.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99ee2.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\WMarks.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9ebb.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\Scr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9ed2.qua'!

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\Video.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9ed8.qua'!

C:\WINDOWS\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ad9eb2.qua'!

C:\WINDOWS\ime\ime.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09ef9.qua'!

C:\WINDOWS\Media\Media.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9f2e.qua'!

C:\WINDOWS\Microsoft.NET\Framework\Framework.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f3d.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\v1.0.3705.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999efc.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\v1.1.4322.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999f04.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\1033.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479e9f04.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1036\1036.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e1ffa5.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\ASP.NETClientFiles.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bb9f28.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\CONFIG.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b99f24.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fr\fr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999f49.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI409409.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479b9f0c.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI40C40C.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '461bf925.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2364\SHADOW2364.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ac9f21.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\Updates.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9f4a.qua'!

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9f14.qua'!

C:\WINDOWS\Minidump\Minidump.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99f47.qua'!

C:\WINDOWS\msagent\msagent.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f52.qua'!

C:\WINDOWS\msagent\chars\chars.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f47.qua'!

C:\WINDOWS\msagent\intl\intl.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9f4e.qua'!

C:\WINDOWS\nview\nview.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d49f56.qua'!

C:\WINDOWS\pchealth\helpctr\binaries\binaries.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99f4a.qua'!

C:\WINDOWS\pchealth\helpctr\Config\Config.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99f55.qua'!

C:\WINDOWS\pchealth\helpctr\Config\Cache\Cache.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce9f47.qua'!

C:\WINDOWS\pchealth\helpctr\Database\Database.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9f48.qua'!

C:\WINDOWS\pchealth\helpctr\DataColl\DataColl.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9f50.qua'!

C:\WINDOWS\pchealth\helpctr\Indices\Indices.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9f5d.qua'!

C:\WINDOWS\pchealth\helpctr\Logs\Logs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d29f5f.qua'!

C:\WINDOWS\pchealth\helpctr\OfflineCache\OfflineCache.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d19f56.qua'!

C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\Personal_32#040c.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9f5b.qua'!

C:\WINDOWS\pchealth\helpctr\PackageStore\PackageStore.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce9f5c.qua'!

C:\WINDOWS\pchealth\helpctr\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f77.qua'!

C:\WINDOWS\pchealth\helpctr\System\blurbs\blurbs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09f6b.qua'!

C:\WINDOWS\pchealth\helpctr\System\CompatCtr\CompatCtr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89f6e.qua'!

C:\WINDOWS\pchealth\helpctr\System\css\css.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f73.qua'!

C:\WINDOWS\pchealth\helpctr\System\dialogs\dialogs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f69.qua'!

C:\WINDOWS\pchealth\helpctr\System\DVDUpgrd\DVDUpgrd.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47af9f57.qua'!

C:\WINDOWS\pchealth\helpctr\System\ErrMsg\ErrMsg.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9f73.qua'!

C:\WINDOWS\pchealth\helpctr\System\errors\errors.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9f74.qua'!

C:\WINDOWS\pchealth\helpctr\System\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f6f.qua'!

C:\WINDOWS\pchealth\helpctr\System\images\16x16\16x16.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e39f38.qua'!

C:\WINDOWS\pchealth\helpctr\System\images\24x24\24x24.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e39f37.qua'!

C:\WINDOWS\pchealth\helpctr\System\images\32x32\32x32.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e39f35.qua'!

C:\WINDOWS\pchealth\helpctr\System\images\48x48\48x48.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e39f3c.qua'!

C:\WINDOWS\pchealth\helpctr\System\images\Centers\Centers.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99f69.qua'!

C:\WINDOWS\pchealth\helpctr\System\images\Expando\Expando.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db9f7d.qua'!

C:\WINDOWS\pchealth\helpctr\System\NetDiag\NetDiag.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9f6a.qua'!

C:\WINDOWS\pchealth\helpctr\System\panels\panels.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99f66.qua'!

C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\subpanels.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9f7b.qua'!

C:\WINDOWS\pchealth\helpctr\System\rc\rc.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47999f6a.qua'!

C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Remote Assistance.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89f6c.qua'!

C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\Common.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89f77.qua'!

C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Css\Css.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f7b.qua'!

C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\Client.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d49f75.qua'!

C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\Common.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89f78.qua'!

C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\Server.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9f6f.qua'!

C:\WINDOWS\pchealth\helpctr\System\scripts\scripts.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9f6d.qua'!

C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfo.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f84.qua'!

C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\graphics.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f7e.qua'!

C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\33x16pie\33x16pie.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e39f3f.qua'!

C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\47x24pie\47x24pie.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e39f43.qua'!

C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\UpdateCtr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9f7d.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f86.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\blurbs\blurbs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e09f7a.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\Css\Css.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f81.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\HDVT\HDVT.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47c19f53.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\Image\Image.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f7c.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\Modem.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9f7f.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\Css\Css.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f83.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\Image\Image.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '464cf957.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\Modem\script\script.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '465df95d.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\SafetyAndComfortGuide\SafetyAndComfortGuide.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d19f72.qua'!

C:\WINDOWS\pchealth\helpctr\System_OEM\scripts\scripts.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9f75.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard Company,L=Palo Alto,S=California,C=US\Support\Support.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db9f88.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a89f62.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Remote Assistance.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89f7a.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\Common.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89f84.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\Css.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f88.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Common.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89f85.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\Email.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9f83.qua'!

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\Unsolicited.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f85.qua'!

C:\WINDOWS\pchealth\UploadLB\Binaries\Binaries.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99f80.qua'!

C:\WINDOWS\pchealth\UploadLB\Config\Config.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99f87.qua'!

C:\WINDOWS\PeerNet\PeerNet.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09f7d.qua'!

C:\WINDOWS\Provisioning\Schemas\Schemas.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d39f81.qua'!

C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a29f4f.qua'!

C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f98.qua'!

C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479b9f54.qua'!

C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f9a.qua'!

C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b19f56.qua'!

C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f9c.qua'!

C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479b9f5a.qua'!

C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f9d.qua'!

C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a39f5f.qua'!

C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9f9f.qua'!

C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479f9f69.qua'!

C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9fa1.qua'!

C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ac9f6c.qua'!

C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9fa5.qua'!

C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a09f72.qua'!

C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9fa9.qua'!

C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b19f73.qua'!

C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46a0c4b2.qua'!

C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47af9f79.qua'!

C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9faf.qua'!

C:\WINDOWS\Registration\Registration.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d29fa1.qua'!

C:\WINDOWS\RegistryCleanerSolution\RegistryCleanerSolution.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46aecfaa.qua'!

C:\WINDOWS\repair\repair.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db9fa2.qua'!

C:\WINDOWS\Resources\Themes\Themes.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09fa6.qua'!

C:\WINDOWS\Resources\Themes\Luna\Luna.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d99fb3.qua'!

C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\Homestead.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89fae.qua'!

C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic\Metallic.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9fa4.qua'!

C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor\NormalColor.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dd9faf.qua'!

C:\WINDOWS\security\Database\Database.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47df9fa1.qua'!

C:\WINDOWS\security\logs\logs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d29fb0.qua'!

C:\WINDOWS\security\templates\templates.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d89fa6.qua'!

C:\WINDOWS\ShellNew\ShellNew.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09faa.qua'!

C:\WINDOWS\SoftwareDistribution\SoftwareDistribution.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d19fb1.qua'!

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46a2ca35.qua'!

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\Logs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d29fb3.qua'!

C:\WINDOWS\SoftwareDistribution\Download\Download.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e29fb5.qua'!

C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf65911cdeb527c0ded3735dde8070aaf659.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479c9f77.qua'!

C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf659\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fb7.qua'!

C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf659\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e2ff18.qua'!

C:\WINDOWS\SoftwareDistribution\Download11cdeb527c0ded3735dde8070aaf659\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fb8.qua'!

C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022edb3d56a4d48d9b1d002b9cc8dac022ed.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479e9faa.qua'!

C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022ed\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fb9.qua'!

C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022ed\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e2ff1a.qua'!

C:\WINDOWS\SoftwareDistribution\Downloadb3d56a4d48d9b1d002b9cc8dac022ed\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fba.qua'!

C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\2937b3063b471327e963037400d02e47.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479e9f84.qua'!

C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fbb.qua'!

C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fbc.qua'!

C:\WINDOWS\SoftwareDistribution\Download\2937b3063b471327e963037400d02e47\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fbc.qua'!

C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\3da5fb25f9bca1c53dde30405d5bbc6e.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9fb1.qua'!

C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\SP2GDR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fa0.qua'!

C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\SP2QFE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fa5.qua'!

C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fc6.qua'!

C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\46cd47035087b17a775667e2fc66a071.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce9f8c.qua'!

C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fc7.qua'!

C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e2ff68.qua'!

C:\WINDOWS\SoftwareDistribution\Download\46cd47035087b17a775667e2fc66a071\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fc8.qua'!

C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\550530d3b934e720deb3ca1851e75ba0.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479b9f8e.qua'!

C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\SP2QFE\SP2QFE.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fa9.qua'!

C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fca.qua'!

C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\59d65fe506faac4cd39a61d5534f0f9b.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9f94.qua'!

C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fcb.qua'!

C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fcc.qua'!

C:\WINDOWS\SoftwareDistribution\Download\59d65fe506faac4cd39a61d5534f0f9b\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fcc.qua'!

C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\8caa77f8e4322c84b8774b3c6f6215a3.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9fc0.qua'!

C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fce.qua'!

C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e2ff6f.qua'!

C:\WINDOWS\SoftwareDistribution\Download\8caa77f8e4322c84b8774b3c6f6215a3\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fcf.qua'!

C:\WINDOWS\SoftwareDistribution\Download\9c6177049c725a878782a25a1b820fa3\9c6177049c725a878782a25a1b820fa3.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a19fc3.qua'!

C:\WINDOWS\SoftwareDistribution\Download\9c6177049c725a878782a25a1b820fa3\download\download.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e29fcf.qua'!

C:\WINDOWS\SoftwareDistribution\Download\9c6177049c725a878782a25a1b820fa3\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fd1.qua'!

C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\b09b87418e1b1dbe22dc86ea2b3c2087.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a49f92.qua'!

C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fd5.qua'!

C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fda.qua'!

C:\WINDOWS\SoftwareDistribution\Download\b09b87418e1b1dbe22dc86ea2b3c2087\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fda.qua'!

C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\dc9e8f8aa751cd275caca189dc5f0a98.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a49fce.qua'!

C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\emerald\emerald.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09fd9.qua'!

C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fdc.qua'!

C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp10\wmp10.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db9fda.qua'!

C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp11\wmp11.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46a4ff7b.qua'!

C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp9l\wmp9l.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47db9fdb.qua'!

C:\WINDOWS\SoftwareDistribution\Download\dc9e8f8aa751cd275caca189dc5f0a98\wmp9nl\wmp9nl.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46a4ff7c.qua'!

C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\e4818ecd57ac16436508f06dc02ac643.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a39fa3.qua'!

C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2gdr\sp2gdr.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fe1.qua'!

C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2qfe\sp2qfe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479d9fe4.qua'!

C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\update\update.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cf9fe5.qua'!

C:\WINDOWS\SoftwareDistribution\EventCache\EventCache.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d09feb.qua'!

C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d19fe0.qua'!

C:\WINDOWS\SoftwareDistribution\WebSetup\WebSetup.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cd9fe1.qua'!

C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\9482F4B4-E343-43B6-B170-9A65BC822C77.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a39fb1.qua'!

C:\WINDOWS\srchasst\srchasst.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ce9ff0.qua'!

C:\WINDOWS\srchasst\chars\chars.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cc9fe6.qua'!

C:\WINDOWS\srchasst\mui40C40C.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479b9fb3.qua'!

C:\WINDOWS\system\system.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47de9ff9.qua'!

C:\WINDOWS\system32\bronto.VIR

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47da9ff9.qua'!

C:\WINDOWS\system32\iometer.dll

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '47d8a014.qua'!

C:\WINDOWS\system32\mscore.dll

[DETECTION] Is the Trojan horse TR/Rootkit.GEQ

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\shovth.VIR

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47daabfd.qua'!

C:\WINDOWS\system32\system32.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deac13.qua'!

C:\WINDOWS\system32\wowfx.dll

[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen

[iNFO] The file was moved to '47e2ac1b.qua'!

C:\WINDOWS\system32\1033\1033.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479eabe1.qua'!

C:\WINDOWS\system32\1036\1036.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479eabe2.qua'!

C:\WINDOWS\system32\Adobe\SVG Viewer\SVG Viewer.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47b2ac09.qua'!

C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479dabe5.qua'!

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a2ac0b.qua'!

C:\WINDOWS\system32\CatRoot2\CatRoot2.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dfac26.qua'!

C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479dabf7.qua'!

C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a2ac0c.qua'!

C:\WINDOWS\system32\Com\Com.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8ac35.qua'!

C:\WINDOWS\system32\config\config.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d9ac37.qua'!

C:\WINDOWS\system32\config\systemprofile\systemprofile.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deac42.qua'!

C:\WINDOWS\system32\DirectX\Dinput\Dinput.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d9ac35.qua'!

C:\WINDOWS\system32\drivers\drivers.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d4ac57.qua'!

C:\WINDOWS\system32\drivers\Yrq68.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\etc\etc.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ceac62.qua'!

C:\WINDOWS\system32\ias\ias.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deac51.qua'!

C:\WINDOWS\system32\icsxml\icsxml.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deac54.qua'!

C:\WINDOWS\system32\Macromed\Director\Director.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ddac5a.qua'!

C:\WINDOWS\system32\Macromed\Flash\Flash.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ccac5e.qua'!

C:\WINDOWS\system32\Macromed\Shockwave 8\Shockwave 8.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47daac5c.qua'!

C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\Xtras.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ddac6a.qua'!

C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\MacromediaInc\FontAssetw32\FontAssetw32.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d9ac66.qua'!

C:\WINDOWS\system32\Macromed\update\New\Shockwave 8\Shockwave 8.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47daac60.qua'!

C:\WINDOWS\system32\Macromed\update\New\Shockwave 8\xtras\xtras.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ddac6d.qua'!

C:\WINDOWS\system32\MsDtc\MsDtc.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47afac6c.qua'!

C:\WINDOWS\system32\MsDtc\Trace\Trace.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ccac6c.qua'!

C:\WINDOWS\system32\mui0C0C.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479bac2b.qua'!

C:\WINDOWS\system32\mui409409.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479bac2f.qua'!

C:\WINDOWS\system32\mui40C40C.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46e5f040.qua'!

C:\WINDOWS\system32\npp\npp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dbac6c.qua'!

C:\WINDOWS\system32\NtmsData\NtmsData.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8ac70.qua'!

C:\WINDOWS\system32\oobe\oobe.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47cdac6d.qua'!

C:\WINDOWS\system32\oobe\actsetup\actsetup.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dfac62.qua'!

C:\WINDOWS\system32\oobe\error\error.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ddac72.qua'!

C:\WINDOWS\system32\oobe\html\dslmain\dslmain.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d7ac73.qua'!

C:\WINDOWS\system32\oobe\html\iconnect\iconnect.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47daac64.qua'!

C:\WINDOWS\system32\oobe\html\isptype\isptype.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dbac74.qua'!

C:\WINDOWS\system32\oobe\html\mouse\mouse.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e0ac70.qua'!

C:\WINDOWS\system32\oobe\html\mouse\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ccac6f.qua'!

C:\WINDOWS\system32\oobe\html\sconnect\sconnect.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47daac66.qua'!

C:\WINDOWS\system32\oobe\icserror\icserror.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deac66.qua'!

C:\WINDOWS\system32\oobe\images\images.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ccac71.qua'!

C:\WINDOWS\system32\oobe\isperror\isperror.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dbac78.qua'!

C:\WINDOWS\system32\oobe\regerror\regerror.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d2ac6a.qua'!

C:\WINDOWS\system32\oobe\setup\setup.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dfac6b.qua'!

C:\WINDOWS\system32\QuickTime\QuickTime.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d4ac7d.qua'!

C:\WINDOWS\system32\ras\ras.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deac6c.qua'!

C:\WINDOWS\system32\ReinstallBackups00\DriverFiles\DriverFiles.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46abcd86.qua'!

C:\WINDOWS\system32\ReinstallBackups00\DriverFiles\i386\i386.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a3ac3e.qua'!

C:\WINDOWS\system32\ReinstallBackups01\DriverFiles\DriverFiles.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d4ac7e.qua'!

C:\WINDOWS\system32\ReinstallBackups01\DriverFiles\i386\i386.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a3ac3f.qua'!

C:\WINDOWS\system32\ReinstallBackups02\DriverFiles\DriverFiles.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d4ac7f.qua'!

C:\WINDOWS\system32\ReinstallBackups02\DriverFiles\i386\i386.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a3ac40.qua'!

C:\WINDOWS\system32\ReinstallBackups03\DriverFiles\DriverFiles.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d4ac80.qua'!

C:\WINDOWS\system32\ReinstallBackups03\DriverFiles\i386\i386.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a3ac41.qua'!

C:\WINDOWS\system32\ReinstallBackups04\DriverFiles\DriverFiles.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46abcd79.qua'!

C:\WINDOWS\system32\ReinstallBackups04\DriverFiles\i386\i386.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a3ac42.qua'!

C:\WINDOWS\system32\Restore\Restore.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deac75.qua'!

C:\WINDOWS\system32\Setup\Setup.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dfac76.qua'!

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\5.8.0.2469.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '4622c149.qua'!

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374\7.0.6000.374.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479bac41.qua'!

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\7.0.6000.381.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '461ac14a.qua'!

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.374\7.0.6000.374.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479bac43.qua'!

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\7.0.6000.381.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '479bac42.qua'!

C:\WINDOWS\system32\spool\drivers\color\color.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d7ac83.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\3\3.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d0ac43.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_2350_series3458\hppsc_2350_series3458.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dbac89.qua'!

C:\WINDOWS\system32\URTTemp\URTTemp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47bfac72.qua'!

C:\WINDOWS\system32\usmt\usmt.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d8ac94.qua'!

C:\WINDOWS\system32\wbem\wbem.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d0ac86.qua'!

C:\WINDOWS\system32\wbem\AutoRecover\AutoRecover.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dfac9d.qua'!

C:\WINDOWS\system32\wbem\Logs\Logs.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d2ac98.qua'!

C:\WINDOWS\system32\wbem\mof\good\good.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47daac99.qua'!

C:\WINDOWS\system32\wbem\Performance\Performance.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ddac8f.qua'!

C:\WINDOWS\system32\wbem\Repository\Repository.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47dbac90.qua'!

C:\WINDOWS\system32\wbem\xml\xml.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d7ac98.qua'!

C:\WINDOWS\Temp\5436734

[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD

[iNFO] The file was moved to '479eac60.qua'!

C:\WINDOWS\Temp\633718

[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD

[iNFO] The file was moved to '479eac5f.qua'!

C:\WINDOWS\Temp\checkmem.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d0ac95.qua'!

C:\WINDOWS\Temp\Temp.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46a4fdf5.qua'!

C:\WINDOWS\Temp\_avast4_\_avast4_.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47e1ac92.qua'!

C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP0.DIR\_ISTMP0.DIR.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47beac7a.qua'!

C:\WINDOWS\twain_32\twain_32.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47ccaca8.qua'!

C:\WINDOWS\twain_32\hpsj_0000\hpsj_0000.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47deaca2.qua'!

C:\WINDOWS\twain_32\USB2800\USB2800.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47adac85.qua'!

C:\WINDOWS\WinSxS\Manifests\Manifests.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47d9ac95.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac6e.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dff01f.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac6f.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dff000.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac70.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dff001.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac71.qua'!

C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dff002.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa9a.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac72.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa9b.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac73.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa9c.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac74.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac75.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa9e.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac76.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac77.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa90.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac78.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa91.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac79.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa92.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '47a1ac7a.qua'!

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '46dcfa93.qua'!

Begin scan in 'D:\'

Search path D:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: vendredi 21 décembre 2007 13:06

Used time: 2:50:47 min

 

The scan has been done completely.

 

6295 Scanning directories

401266 Files were scanned

773 viruses and/or unwanted programs were found

3 Files were classified as suspicious:

0 files were deleted

0 files were repaired

775 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

400493 Files not concerned

10660 Archives were scanned

4 Warnings

50 Notes

-------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:46:08, on 22/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\JEAN LOUIS RABASTE\Mes documents\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - (no file)

O3 - Toolbar: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled

O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled

O4 - Global Startup: Microsoft Office.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

 

--

End of file - 7650 bytes

Anthony#10 Mega Power Member

Anthony#10

Posté(e)
Posté(e) (modifié)

Bonsoir,

 

Enregistre la procédure puisque tu n'auras pas accès à Internet.

De plus, exécute toutes ces étapes dans l'ordre indiqué.

Si tu as besoin d'explications, n'hésite pas à me demander avant de commencer la désinfection.

 

Etape 1 : OTMoveIt.

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.

 

Etape 2 : CleanUp!.

Télécharge et installe CleanUp! sur ton Bureau.

 

Lance CleanUp!

Clique sur le bouton "Option".

Sous "Quick Setup", vérifie que la flèche soit en face de Standard CleanUp! (Si ce n'est pas le cas, place-la devant.).

Décoche la case située devant Enable sounds.

Clique sur OK.

Clique sur le bouton CleanUp!

Lorsque le message Initial CleanUp! done. Now restart Windows to complete CleanUp! apparaît en-bas, clique sur le bouton Close.

A la fenêtre de redémarrage, clique sur Oui.

 

Etape 3 : AVG Anti-Spyware.

Télécharge et installe AVG Anti-Spyware 7.5

 

Lance AVG Anti-Spyware.

Clique sur l'onglet "Mise à jour".

Sous Mise à jour manuelle, clique sur Commencer la mise à jour.

Si besoin, sous Paramètres, insères les identifiants de ton proxy.

Attends la fin de la mise à jour et ferme AVG Anti-Spyware.

 

Etape 4 : UnHookExec.inf.

Télécharge UnHookExec.inf (de Symantec) sur ton Bureau.

 

Ferme toutes les applications en cours.

Clique droit sur UnHookExec.inf et clique sur Installer

 

Etape 5 : Mode sans échec.

Dans le menu Démarrer, clique sur Arrêter l'ordinateur et clique sur Redémarrer.

Au début du redémarrage, tapote la touche F8 de ton clavier jusqu'à ce que les Options Avancés de Windows apparraissent.

Choisis le mode sans échec et appuis sur Enter.

Choisis ton compte usuel.

 

Etape 6 : HijackThis.

Ferme toutes les applications en cours sauf HijackThis.

Lance HijackThis

Clique sur le bouton Do a system scan only.

Coche les cases situées devant les lignes suivantes (si présentes).

 

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe

 

O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - (no file)

 

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

 

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

 

Clique sur le bouton Fixed checked.

Ferme HijackThis

 

Etape 7 : OTMoveIt.

Double-clique sur OTMoveIt.exe pour le lancer.

Copie/colle les fichiers/dossiers suivants dans le cadre de gauche nommé Paste List of Files/Folders to be moved.

 

C:\WINDOWS\system32\proper.exe

C:\WINDOWS\system32\wowfx.dll

 

Clique sur MoveIt! pour lancer la suppression.

Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

 

Etape 8 : AVG Anti-Spyware.

Lance AVG Anti-Spyware.

Clique sur l"Analyse".

Clique sur l'onglet "Paramètres".

Sous "Comment réagir ?", clique sur Actions recommandées et choisis Quarantaine.

Sous "Comment faire l'analyse", vérifie que toutes la cases soient cochées (Si ce n'est pas le cas, coche-les).

Sous "Programmes potentiellement dangereux", vérifie que toutes les cases soient cochées (Si ce n'est pas le cas, coche-les).

Sous "Rapports", vérifie que Générer un rapport après chaque analyse soit coché (Si ce n'est pas le cas, coche-le).

Clique sur l'onglet "Analyser" et clique sur Analyse complète du système.

A la fin de l'analyse, clique sur Appliquer toutes les infections.

Par la suite, clique sur Enregistrer le rapport et clique sur Enregistrer le rapport sous.

Ferme AVG Anti-Spyware.

Redémarre en mode "normal".

 

Etape 9 : Deckard's System Scanner (DSS)

Télécharge Deckard's System Scanner (de Deckard) sur ton Bureau.

 

Ferme toutes les applications en cours.

Double-clique sur dss.exe pour lancer l'outil.

Clique sur OK (cela sera demandé 3 fois).

L'analyse finie, deux fichiers textes s'afficheront :

main.txt <- ouvert dans une fenêtre normale

extra.txt <- ouvert dans une fenêtre réduite

Ferme ces fenêtres.

 

Etape 10 : Redémarrage et nouveau message.

Dans ta future réponse, envoie :

 

- Le rapport de OTMoveIt (C:\_OTMoveIt\MovedFiles).

- Le rapport de DSS (C:\Deckard\System Scanner\main.txt).

- Le rapport de AVG Anti-Spyware (situé sur C:\Program Files\GrisoftAVG Anti Spyware 7.5\Reports)

- Indique si le souci initial est toujours présent.

 

 

A suivre,

Modifié par Anthony#10
Papsded Junior Member

Papsded

Posté(e)
  • Auteur
Posté(e)

Vie de famille oblige, je ne peux disposer de tout le temps comme je voudrais.

Je reprends icmaintenant la procédure: Ne pouvant me connecter à Internet avec l'ordi infecté, je suis donc obligé de télécharger les progs que tu me conseilles sur un autre ordi puis de transférer avec une clé USB. Pour installer ensuite, il n'y a pas de prob.; par contre je ne peux faire la mise à jour de AVG antispyware.

Ce dernier est en train d'analyser actuellement.

A bientôt et merci

Papsded Junior Member

Papsded

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Est-ce quelqu'un pourrait revoir la méthode préconisée par Anthony#10 SVP ?

Celle-ci est peut-être excellente lorsque l'on peut connecter l'ordi malade à Internet et télécharger/installer ce qu'il faut mais ici ce n'est pas le cas.

Je répète: je suis obligé de communiquer avec vous sur ce forum puis de télécharger avec un autre ordi !

Je peux donc enregistrer un prog complet sur une clé USB puis installer ce prog sur l'ordi malade puisque je peux choisir la destination.

Par contre je ne peux pas le faire pour OTmoveIt ni pour UnHookExe.inf

Y a t'il une sulution ?

merci

Anthony#10 Mega Power Member

Anthony#10

Posté(e)
Posté(e) (modifié)

Re-bonjour,

 

Je vous conseille de télécharger les éléments indiqués ci-dessous sur votre clé USB.

 

OTMoveIt :

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

Ce logiciel ne nécessite aucune installation. Il te suffit juste de le télécharger et l'insérer dans ta clé USB puis le mettre sur le Bureau du "PC malade"

AVG Anti-Spyware :

http://downloads.grisoft.cz/softw/70/filed...up-7.5.0.50.exe

 

Les mises à jours :

http://downloads.ewido.net/avgas-signatures-full-current.exe

 

Le télécharger ainsi que les mises à jour sur ta clé USB pusi l'installer sur l'autre PC

 

UnHookExec.inf :

http://securityresponse.symantec.com/avcenter/UnHookExec.inf

 

Télécharge cet outil sur ta clé USB (clique droit puis Enregistrer sous) puis le lancer à partir de cette même clé sur "le malade"

 

Anthony.

Modifié par Anthony#10
Papsded Junior Member

Papsded

Posté(e)
  • Auteur
Posté(e)
Re-bonjour,

 

Je vous conseille de télécharger les éléments indiqués ci-dessous sur votre clé USB.

 

OTMoveIt :

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

Ce logiciel ne nécessite aucune installation. Il te suffit juste de le télécharger et l'insérer dans ta clé USB puis le mettre sur le Bureau du "PC malade"

AVG Anti-Spyware :

http://downloads.grisoft.cz/softw/70/filed...up-7.5.0.50.exe

 

Les mises à jours :

http://downloads.ewido.net/avgas-signatures-full-current.exe

 

Le télécharger ainsi que les mises à jour sur ta clé USB pusi l'installer sur l'autre PC

 

UnHookExec.inf :

http://securityresponse.symantec.com/avcenter/UnHookExec.inf

 

Télécharge cet outil sur ta clé USB (clique droit puis Enregistrer sous) puis le lancer à partir de cette même clé sur "le malade"

 

Anthony.

 

Bsr Anthony et merci d'avoir répodu si tard un dimanche.

Si tu es encore là, voici où j'en suis:

Je pense avoir fait tout ce que tu préconisais mais je n'obtiens qu'un rapport d'erreur d'AVG et un bon rapport Maint.text de DSS.

Je n'ai toujours pas de démarrage des Services, pas de connexion, etc..

Voici ces rapports, je reviendrai demain pour voir s'il y a des nouvelles manip à effectuer.

Merci et bonne soirée.

Papsded

 

Deckard's System Scanner v20071014.68

Run by JEAN LOUIS RABASTE on 2007-12-23 20:24:17

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Unable to create WMI object; Opération réussie.

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 511 MiB (512 MiB recommended).

 

 

-- HijackThis (run as JEAN LOUIS RABASTE.exe) ----------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:25:05, on 23/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\JEAN LOUIS RABASTE\Bureau\dss.exe

C:\DOCUME~1\JEANLO~1\MESDOC~1\DOWNLO~1\JEAN LOUIS RABASTE.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [undefined] C:\WINDOWS\system32\winter.exe

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [undefined] C:\WINDOWS\system32\winter.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled

O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled

O4 - Global Startup: Microsoft Office.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

 

--

End of file - 8183 bytes

 

-- HijackThis Fixed Entries (C:\DOCUME~1\JEANLO~1\MESDOC~1\DOWNLO~1\backups\) --

 

backup-20071223-173411-633 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe

backup-20071223-173412-282 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

backup-20071223-173412-565 O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)

backup-20071223-173412-864 O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

 

-- File Associations -----------------------------------------------------------

 

.js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*

.scr - scrfile - shell\open\command - "%1" %*

.vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

2 ADILOADER (General Purpose USB Driver (adildr.sys)) - system32\drivers\adildr.sys (file missing)

3 adiusbaw (USB ADSL WAN Adapter) - system32\drivers\adiusbaw.sys (file missing)

3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>

3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>

3 ati2mtag - system32\drivers\ati2mtag.sys (file missing)

3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)

3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)

1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)

2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)

3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c:\windows\system32\drivers\camcaud.sys <Not Verified; Conexant Systems Inc.; Conexant Audio Driver>

3 CAMCHALA - c:\windows\system32\drivers\camchal.sys <Not Verified; Conexant Systems Inc.; Conexant AmcHal Driver>

3 DCamUSBEMPIA (PCTV USB2 2821 Capture) - c:\windows\system32\drivers\emdevice.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>

1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons>

3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons>

3 el575nd5 (Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus) - system32\drivers\el575nd5.sys (file missing)

3 emAudio (PCTV USB2 2821 Audio) - c:\windows\system32\drivers\emaudio.sys <Not Verified; eMPIA Technology, Inc.; EM2701 / EM2801 / EM2821 / EM2831 / EM2841>

3 EMCR - c:\windows\system32\drivers\emcr7sk.sys <Not Verified; ENE Technology Inc.; ENE PCI Memory Card Reader Driver>

2 FILESpy - c:\program files\softwin\bitdefender9\filespy.sys (file missing)

3 FiltUSBEMPIA (USB Device Lower Filter) - c:\windows\system32\drivers\emfilter.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>

3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys <Not Verified; Conexant Systems, Inc.; SoftK56>

3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56>

2 irda (Protocole IrDA) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

1 lusbaudio (Logitech USB Microphone) - system32\drivers\lvsound2.sys (file missing)

3 LVBulk (LVBulk Service) - system32\drivers\lvbulk.sys (file missing)

3 LVVI500A (LVVI500A Service) - system32\drivers\lvvi500a.sys (file missing)

2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>

3 nm (Pilote du Moniteur réseau) - c:\windows\system32\drivers\nmnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

3 NPF (NetGroup Packet Filter Driver) - system32\drivers\npf.sys (file missing)

3 NSCIRDA (Pilote de périphérique infrarouge NSC) - c:\windows\system32\drivers\nscirda.sys <Not Verified; National Semiconductor Corporation; NSC Fast Infrared Driver.>

3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

3 Rasirda (Miniport réseau étendu (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2 REGSpy - c:\program files\softwin\bitdefender9\regspy.sys (file missing)

3 RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - system32\drivers\rtlnicxp.sys (file missing)

3 rtl8139 (Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)) - system32\drivers\rtl8139.sys (file missing)

3 ScanUSBEMPIA (USB Still Image Capture Device) - c:\windows\system32\drivers\emscan.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>

3 sdbus - c:\windows\system32\drivers\sdbus.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

3 SMCIRDA (Pilote de périphérique SMC IrCC Miniport) - c:\windows\system32\drivers\smcirda.sys <Not Verified; SMC; Pilote de miniport infrarouge Fast Infrared>

2 StreamDispatcher - c:\windows\system32\drivers\strmdisp.sys <Not Verified; Conexant Systems, Inc.; Conexant Stream Dispatcher>

3 tifm21 - system32\drivers\tifm21.sys (file missing)

3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56>

3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

0 Yrq68 - c:\windows\system32\drivers\yrq68.sys

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

2 Ati HotKey Poller - c:\windows\system32\ati2evxx.exe (file missing)

2 bdss (BitDefender Scan Server) - c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe (file missing)

3 Boonty Games - c:\program files\fichiers communs\boonty shared\service\boonty.exe (file missing)

3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

2 Irmon (Moniteur infrarouge) - c:\windows\system32\svchost.exe

2 LIVESRV (BitDefender Desktop Update Service) - c:\program files\fichiers communs\softwin\bitdefender update service\livesrv.exe (file missing)

3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - c:\program files\winpcap\rpcapd.exe (file missing)

3 usnjsvc (Service Messenger Sharing Folders USN Journal Reader) - c:\program files\msn messenger\usnsvc.exe (file missing)

2 UxTuneUp (TuneUp Extension de thème) - c:\windows\system32\svchost.exe

2 VSSERV (BitDefender Virus Shield) - c:\program files\softwin\bitdefender10\vsserv.exe (file missing)

2 XCOMM (BitDefender Communicator) - c:\program files\fichiers communs\softwin\bitdefender communicator\xcommsvr.exe (file missing)

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Unable to create WMI object.

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-12-19 15:26:55 434 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job

 

 

-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

 

2007-12-23 16:30:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Grisoft

2007-12-23 16:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-21 17:54:08 0 d-------- C:\Documents and Settings\ALICE\Application Data\Wannadoo

2007-12-20 21:57:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-20 16:16:02 0 d-------- C:\Program Files\EliteProtector

2007-12-20 09:11:11 0 d-------- C:\WINDOWS\system32\fr-fr

2007-12-19 18:38:42 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Favoris

2007-12-19 18:38:42 0 d--hs---- C:\Documents and Settings\Administrateur.PC192141439594\Cookies

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Bureau

2007-12-19 18:38:42 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Application Data

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Symantec

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sun

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sonic

2007-12-19 18:38:42 0 d---s---- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Microsoft

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Identities

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Apple Computer

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage réseau

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage d'impression

2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\SendTo

2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Recent

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Modèles

2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Mes documents

2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Menu Démarrer

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Local Settings

2007-12-19 18:38:40 786432 --ah----- C:\Documents and Settings\Administrateur.PC192141439594\NTUSER.DAT

2007-12-19 16:24:59 0 d-------- C:\WINDOWS\BDOSCAN8

2007-12-19 15:26:52 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\TuneUp Software

2007-12-19 15:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2007-12-19 15:26:26 0 d-------- C:\Program Files\TuneUp Utilities 2007

2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-12-19 09:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-19 09:24:48 21760 --a------ C:\WINDOWS\Yrq68.sys

2007-12-18 22:57:14 0 d-------- C:\Documents and Settings\ALICE\Application Data\Ultimate Defender

2007-12-18 22:27:34 0 d--h----- C:\WINDOWS\PIF

2007-12-18 16:33:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google

2007-12-18 16:33:04 0 dr------- C:\Documents and Settings\LocalService\Favoris

2007-12-17 18:59:51 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor

2007-12-15 23:05:03 21760 --a------ C:\WINDOWS\system32\drivers\Yrq68.sys

2007-12-15 18:42:31 0 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe

2007-12-15 17:51:01 0 --a------ C:\WINDOWS\wsystmp_nfh.exe

2007-12-15 14:57:52 1162732 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Install.dat

2007-12-15 14:57:49 39798 --a------ C:\WINDOWS\system32\dllgh8jkd1q2.exe

2007-12-15 14:57:48 15734 --a------ C:\WINDOWS\system32\dllgh8jkd1q1.exe

2007-12-15 14:55:43 18944 --a------ C:\WINDOWS\system32\wowfx.VIR

2007-12-15 13:06:29 15882 --a------ C:\WINDOWS\wsystmp_lie.exe

2007-12-15 13:04:19 0 --a------ C:\WINDOWS\wsystmp_ndb.exe

2007-12-11 17:40:58 6815744 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\ntuser.dat

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-12-23 17:08:01 0 d-------- C:\Program Files\wanadoo_toolbar

2007-12-22 12:38:41 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Sonic

2007-12-21 22:24:20 0 d-------- C:\Program Files\Wanadoo

2007-12-20 22:15:52 445254 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-12-20 22:15:52 63812 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-12-20 21:25:48 0 d-------- C:\Program Files\eMule

2007-12-19 21:53:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\OpenOffice.org2

2007-12-19 15:30:58 0 d-------- C:\Program Files\Yahoo!

2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs

2007-12-19 08:56:09 6815 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\update.log

2007-11-10 18:40:03 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Identities

2007-10-29 23:43:32 1293824 --a------ C:\WINDOWS\system32\quartz.dll <Not Verified; Microsoft Corporation; DirectShow>

2007-10-25 09:28:30 222720 --a------ C:\WINDOWS\system32\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/03/2004 15:57]

"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [13/05/2004 09:28]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [13/05/2004 09:28]

"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [13/05/2004 09:28]

"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [19/08/2003 00:01]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [15/07/2003 20:09]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/07/2003 20:08]

"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [10/06/2003 17:49]

"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [22/05/2003 18:56]

"FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [04/11/2004 11:03]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [30/07/2004 07:33]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [18/03/2004 08:18]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38]

"Logitech Utility"="Logi_MwX.Exe" [11/12/2003 18:50 C:\WINDOWS\LOGI_MWX.EXE]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 09:00]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/06/2007 21:54]

"Undefined"="C:\WINDOWS\system32\winter.exe" []

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"StartUp"=C:\WINDOWS\trayicons.exe /optimize speed

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWindowsUpdate"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"FSMA"=2 (0x2)

"FSDFWD"=3 (0x3)

"fsbwsys"=2 (0x2)

"F-Secure Gatekeeper Handler Starter"=2 (0x2)

"BackWeb Plug-in - 8520111"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe

"Logitech Utility"=Logi_MwX.Exe

"nwiz"=nwiz.exe /installquiet

"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"Printer"=C:\WINDOWS\system32\printer.exe

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

AutoRun\command- C:\

open\Command- 322F9439.exe

 

 

 

 

-- Hosts -----------------------------------------------------------------------

 

192.168.200.3 ad.doubleclick.net

192.168.200.3 ad.fastclick.net

192.168.200.3 ads.fastclick.net

192.168.200.3 atdmt.com

192.168.200.3 awaps.net

192.168.200.3 banner.fastclick.net

192.168.200.3 banners.fastclick.net

192.168.200.3 click.atdmt.com

192.168.200.3 clicks.atdmt.com

192.168.200.3 engine.awaps.net

 

9 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2007-12-23 20:26:11 ------------

 

[23/12/2007 16:30:10] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274

[23/12/2007 16:30:11] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227

[23/12/2007 16:30:42] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265

[23/12/2007 17:27:07] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23

[23/12/2007 17:51:54] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274

[23/12/2007 17:51:55] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227

[23/12/2007 17:52:26] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265

[23/12/2007 18:28:04] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274

[23/12/2007 18:28:05] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227

[23/12/2007 18:28:36] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265

[23/12/2007 18:48:47] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23

[23/12/2007 18:55:26] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23

[23/12/2007 18:55:27] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274

[23/12/2007 18:55:28] Error: failed to connect to driver, Value: 00000002, Position: .\SelfProtection.cpp, 23

[23/12/2007 18:55:59] Error: failed to create socket, Value: 00002742, Position: .\DownloadHttp.cpp, 212

[23/12/2007 20:22:13] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274

[23/12/2007 20:22:13] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227

[23/12/2007 20:22:45] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265

[23/12/2007 20:30:22] Error: [CProcessInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ProcessInformation.cpp, 274

[23/12/2007 20:30:22] Error: [CConnectionInformation]: Creating snapshot for module enumeration failed., Value: 00000008, Position: .\ConnectionInformation.cpp, 227

[23/12/2007 20:30:54] Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 265

Anthony#10 Mega Power Member

Anthony#10

Posté(e)
Posté(e)

Bonjour,

 

Etape 1 : Téléchargement de logiciels

Télécharge depuis l'ordinateur propre sur ton Bureau :

 

Activer_regedit_taskmgr.reg

 

RHosts

 

WinsockFix

 

Copie-colle ces trois utilitaires dans ta clé USB que tu mettras ensuite dans le PC "malade".

 

Etape 2 : RHosts

Sur le PC "malade", double-clique sur RHosts.exe

Clique sur le bouton Restaurer

Ferme l'outil.

 

Etape 3 : WinsockFix

Sur le PC "malade", décomprasse l'archive WinsockFix.zip (Extraire sur le Bureau).

Double-clique sur WinsockFix.exe pour lancer l'outil.

Clique sur le bouton Fix.

 

Note : Si il y a un besoin de redémarrer, redémarre ton PC normalement.

 

Etape 4 : Activer_regedit_taskmgr.reg

Désactive tout tes logiciels de protection (AVG Anti-Spyware et BitDefender).

Double-clique sur Activer_regedit_taskmgr.reg

Autorise la fusion/inscription des données.

 

Etape 5 : Désinstallations

Double-clique sur "Poste de travail"/"Panneau de configuration"

Clique sur "Ajouter ou supprimer des programmes".

Verifie si ces programmes sont présents dans la liste :

 

EliteProtector

Ultimate Defender

 

S'ils sont présents, les désinstaller en cliquant dessus puis Supprimer

 

Etape 6 : Mode sans échec.

Dans le menu Démarrer, clique sur Arrêter l'ordinateur et clique sur Redémarrer.

Au début du redémarrage, tapote la touche F8 de ton clavier jusqu'à ce que les Options Avancés de Windows apparraissent.

Choisis le mode sans échec et appuis sur Enter.

Choisis ton compte usuel.

 

Etape 7 : HijackThis.

Ferme toutes les applications en cours sauf HijackThis.

Lance HijackThis

Clique sur le bouton Do a system scan only.

Coche la case située devant la ligne suivante (si présente).

 

O4 - HKCU\..\Run: [undefined] C:\WINDOWS\system32\winter.exe

 

Clique sur le bouton Fixed checked.

Ferme le programme.

 

Etape 8 : Regedit

Ouvre le Bloc-Botes.(Notepad)

Copie-colle la citation suivante :

 

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Undefined"=-

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"StartUp"=-

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Printer"=-

 

Clique sur Fichier > Enregistrer sous... > tape zeb1.reg > dans la zone Type choisissez Tous les fichiers > enregistre-le sur ton Bureau puis cliquez sur "Enregistrer"

Double-clique sur zeb1.reg

Si une demande de confirmation de l'opération t'est posée, accepte.

 

Etape 9 : OTMoveIt.

Double-clique sur OTMoveIt.exe pour le lancer.

Copie/colle les fichiers/dossiers suivants dans le cadre de gauche nommé Paste List of Files/Folders to be moved.

 

C:\WINDOWS\system32\winter.exe

C:\WINDOWS\Yrq68.sys

C:\WINDOWS\system32\drivers\Yrq68.sys

C:\WINDOWS\system32\dllgh8jkd1q8.exe

C:\WINDOWS\wsystmp_nfh.exe

C:\WINDOWS\system32\dllgh8jkd1q2.exe

C:\WINDOWS\system32\dllgh8jkd1q1.exe

C:\WINDOWS\system32\wowfx.VIR

C:\WINDOWS\wsystmp_lie.exe

C:\WINDOWS\wsystmp_ndb.exe

C:\WINDOWS\trayicons.exe

C:\Program Files\EliteProtector

C:\Documents and Settings\ALICE\Application Data\Ultimate Defender

 

Clique sur MoveIt! pour lancer la suppression.

Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

 

Etape 10 : Redémarrage et nouveau message.

Redémarre en mode normal.

Génère un nouveau rapport de DSS sur le PC "malade".

Copie-colle sur ta clé USB le nouveau rapport de DSS et le rapport de OTMoveIt (C:\_OTMoveIt\MovedFiles).

Tu m'enverras ces différents rapports depuis le PC sain.

 

Anthony.

Papsded Junior Member

Papsded

Posté(e)
  • Auteur
Posté(e)

Bonsoir

 

Merci et félicitations pour cette procédure claire et détaillée.

Je vais essayer de l'appliquer maintenant mais avant je voudrais signaler ce que j'ai découvert depuis hier soir:

- A l'ouverture de windows en mode normal, 2 utilisateurs apparaissent dont l'administrateur principal. jusque là tout est normal. Mais par la suite je n'en trouve aucun dans "compte utilisateur" et même pas la possibilité d'en créer.

Idem en mode sans échec.

Dans l'Observateur d'événements, il y a l'erreur "sr" dans SOURCE. puis "aucun" dans CATEGORIE et impossible d'avoir les propriétés.

dans ces conditions, est-ce que je dois suivre tes conseils ou faut-il réinstaller windows wp ? (la réparation avec le cd de restauration ne donne rien).

A+

Papsded Junior Member

Papsded

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Après avoir suivi toutes les instructions sans problème, voici les rapports demandés.

Tu t'apercevras certainement qu'entre-temps, j'avais restauré des fichiers supprimés il y a 3 jours avec TuneUp Utilites .

J'espère n'avoir pas fait trop de bêtises.

 

Joyeux Noël également ainsi qu'à toute l'équipe des resto du coeur >>> Restaurateur système bénévoles évidemment !

 

André

 

Deckard's System Scanner v20071014.68

Run by JEAN LOUIS RABASTE on 2007-12-24 18:53:46

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

Total Physical Memory: 511 MiB (512 MiB recommended).

 

 

-- HijackThis (run as JEAN LOUIS RABASTE.exe) ----------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:53:54, on 24/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\JEAN LOUIS RABASTE\Bureau\dss.exe

C:\DOCUME~1\JEANLO~1\MESDOC~1\DOWNLO~1\JEANLO~1.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Toolbar Wanadoo - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - C:\PROGRA~1\WANADO~2\WANADO~1.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [backupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [backupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User '?')

O4 - HKUS\S-1-5-21-2679867663-1831779529-759621608-1007\..\Run: [RecordNow!] (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled

O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled

O4 - Global Startup: Microsoft Office.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

 

--

End of file - 8574 bytes

 

-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

 

2007-12-23 16:30:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Grisoft

2007-12-23 16:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-21 17:54:08 0 d-------- C:\Documents and Settings\ALICE\Application Data\Wannadoo

2007-12-20 21:57:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-20 09:11:11 0 d-------- C:\WINDOWS\system32\fr-fr

2007-12-19 18:38:42 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Favoris

2007-12-19 18:38:42 0 d---s---- C:\Documents and Settings\Administrateur.PC192141439594\Cookies

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Bureau

2007-12-19 18:38:42 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Application Data

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Symantec

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sun

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Sonic

2007-12-19 18:38:42 0 d---s---- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Microsoft

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Identities

2007-12-19 18:38:42 0 d-------- C:\Documents and Settings\Administrateur.PC192141439594\Application Data\Apple Computer

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage réseau

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Voisinage d'impression

2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\SendTo

2007-12-19 18:38:41 0 dr-h----- C:\Documents and Settings\Administrateur.PC192141439594\Recent

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Modèles

2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Mes documents

2007-12-19 18:38:41 0 dr------- C:\Documents and Settings\Administrateur.PC192141439594\Menu Démarrer

2007-12-19 18:38:41 0 d--h----- C:\Documents and Settings\Administrateur.PC192141439594\Local Settings

2007-12-19 18:38:40 786432 --ah----- C:\Documents and Settings\Administrateur.PC192141439594\NTUSER.DAT

2007-12-19 16:24:59 0 d-------- C:\WINDOWS\BDOSCAN8

2007-12-19 15:26:52 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\TuneUp Software

2007-12-19 15:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2007-12-19 15:26:26 0 d-------- C:\Program Files\TuneUp Utilities 2007

2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-12-19 09:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-19 09:24:48 21760 --a------ C:\WINDOWS\Yrq68.sys

2007-12-18 22:27:34 0 d--h----- C:\WINDOWS\PIF

2007-12-18 16:33:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google

2007-12-18 16:33:04 0 dr------- C:\Documents and Settings\LocalService\Favoris

2007-12-17 18:59:51 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor

2007-12-15 23:05:03 21760 --a------ C:\WINDOWS\system32\drivers\Yrq68.sys

2007-12-15 14:57:52 1162732 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Install.dat

2007-12-11 17:40:58 6815744 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\ntuser.dat

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-12-23 17:08:01 0 d-------- C:\Program Files\wanadoo_toolbar

2007-12-22 12:38:41 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Sonic

2007-12-21 22:24:20 0 d-------- C:\Program Files\Wanadoo

2007-12-20 22:15:52 445254 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-12-20 22:15:52 63812 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-12-20 21:25:48 0 d-------- C:\Program Files\eMule

2007-12-19 21:53:09 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\OpenOffice.org2

2007-12-19 15:30:58 0 d-------- C:\Program Files\Yahoo!

2007-12-19 15:25:03 0 d-------- C:\Program Files\Fichiers communs

2007-12-19 08:56:09 6815 --a------ C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\update.log

2007-11-10 18:40:03 0 d-------- C:\Documents and Settings\JEAN LOUIS RABASTE\Application Data\Identities

2007-10-29 23:43:32 1293824 --a------ C:\WINDOWS\system32\quartz.dll <Not Verified; Microsoft Corporation; DirectShow>

2007-10-25 09:28:30 222720 --a------ C:\WINDOWS\system32\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/03/2004 15:57]

"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [13/05/2004 09:28]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [13/05/2004 09:28]

"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [13/05/2004 09:28]

"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [19/08/2003 00:01]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [15/07/2003 20:09]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/07/2003 20:08]

"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [10/06/2003 17:49]

"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [22/05/2003 18:56]

"FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [04/11/2004 11:03]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [30/07/2004 07:33]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [18/03/2004 08:18]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38]

"Logitech Utility"="Logi_MwX.Exe" [11/12/2003 18:50 C:\WINDOWS\LOGI_MWX.EXE]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" []

"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 09:00]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/06/2007 21:54]

"BackupNotify"="C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []

"RecordNow!"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

"Logoff"=0 (0x0)

"StartMenuLogOff"=0 (0x0)

"NoClose"=0 (0x0)

"NoRun"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"DisableTaskMgr"=0 (0x0)

"Logoff"=0 (0x0)

"StartMenuLogOff"=0 (0x0)

"NoClose"=0 (0x0)

"NoRun"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWindowsUpdate"=0 (0x0)

"NoRun"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"FSMA"=2 (0x2)

"FSDFWD"=3 (0x3)

"fsbwsys"=2 (0x2)

"F-Secure Gatekeeper Handler Starter"=2 (0x2)

"BackWeb Plug-in - 8520111"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

"RegistryCleanFixMFC"=C:\Program Files\RegistryCleanerSolution\RegistryCleanerSolution.exe

"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe

"Logitech Utility"=Logi_MwX.Exe

"nwiz"=nwiz.exe /installquiet

"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

"VirusGarde"=C:\Program Files\VirusGarde\pgs.exe

"UADC_2503570351"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c

"UADC_1907356172"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c

"TiscaliParam"=C:\Program Files\Tiscali\Dialer\bootparam.exe

"Salestart"="C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com

"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"

"itunesff"=C:\WINDOWS\system32\itunesff.exe -go -c48 -w21

"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot

"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

"DXDllRegExe"=C:\WINDOWS\system32\dxdllreg.exe

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

AutoRun\command- C:\

open\Command- 322F9439.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2007-12-24 18:54:23 ------------

 

File/Folder C:\WINDOWS\system32\winter.exe not found.

File move failed. C:\WINDOWS\Yrq68.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\Yrq68.sys scheduled to be moved on reboot.

C:\WINDOWS\system32\dllgh8jkd1q8.exe moved successfully.

C:\WINDOWS\wsystmp_nfh.exe moved successfully.

C:\WINDOWS\system32\dllgh8jkd1q2.exe moved successfully.

C:\WINDOWS\system32\dllgh8jkd1q1.exe moved successfully.

C:\WINDOWS\system32\wowfx.VIR moved successfully.

C:\WINDOWS\wsystmp_lie.exe moved successfully.

C:\WINDOWS\wsystmp_ndb.exe moved successfully.

File/Folder C:\WINDOWS\trayicons.exe not found.

C:\Program Files\EliteProtector moved successfully.

C:\Documents and Settings\ALICE\Application Data\Ultimate Defender\logs moved successfully.

C:\Documents and Settings\ALICE\Application Data\Ultimate Defender moved successfully.

File/Folder not found.

 

Created on 12/24/2007 18:42:46

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...