Sujet Précédent Sujet Suivant

Plein de virus. Je ne sais plus quoi faire.

stephludo2 Messages postés 19 Statut Membre -  
 Utilisateur anonyme -
Bonjour, je me permets de solliciter votre aide car là le PC est proche de passer par la fenêtre.

Depuis quelques temps on a des petits problèmes pour démarrer, le PC se bloque parfois en cours de route, au démarrage une fenêtre s'affiche en disant que le fichier suivant est introuvable : C:\windows/usnsv.exe
Il y a également une fenêtre Avast qui s'affiche m'informant que le PC est infecté par le cheval de troie suivant :
C:\windows/system32\rdriv.sys et même en exécutant une action (suprimer/quarantaine/rien faire) la fenêtre revient systématiquement !!!!!!

J'ai essayé de lancer une analyse avec Avast, le logiciel a supprimé des virus mais pas tout.

Voila. Si quelqu'un pouvait m'apporter une aide pour résoudre le problème ce serait super.

Voici un rapport Hijackthis pour l'analyse.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:48, on 28/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\vuqhysti.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\ixplorer.exe
C:\WINDOWS\System32\msmssnger.exe
C:\WINDOWS\System32\mdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllcache\wintcps.exe
C:\WINDOWS\nona.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ludovico\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\usnsv.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - C:\WINDOWS\System32\urqRJCTm.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Winedows startup] WinKey.exe
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKLM\..\Run: [Windows Microsoft Services] vuqhysti.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ixplorer] C:\WINDOWS\System32\ixplorer.exe
O4 - HKLM\..\Run: [msmssnger] C:\WINDOWS\System32\msmssnger.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Winedows startup] WinKey.exe
O4 - HKLM\..\RunServices: [Windows Microsoft Services] vuqhysti.exe
O4 - HKLM\..\RunServices: [ixplorer] C:\WINDOWS\System32\ixplorer.exe
O4 - HKLM\..\RunServices: [msmssnger] C:\WINDOWS\System32\msmssnger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Winedows startup] WinKey.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Windows Microsoft Services] vuqhysti.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Microsoft Services] vuqhysti.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Winedows startup] WinKey.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Winedows startup] WinKey.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O20 - Winlogon Notify: urqRJCTm - urqRJCTm.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Microsoft Winedows startup (flys.q8pilots.net) - Unknown owner - C:\WINDOWS\System32\WinKey.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Messenger Sharing USN Journal Service - Unknown owner - C:\WINDOWS\usnsv.exe (file missing)
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe
O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe (file missing)
O23 - Service: nona - Unknown owner - C:\WINDOWS\nona.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: user32 - Unknown owner - C:\WINDOWS\user32.exe (file missing)
A voir également:

11 réponses

Réponse 1 / 11
Utilisateur anonyme
 
Salut désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware,Ccleaner et active le pare-feu Vista.

AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Ccleaner: https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html
Tutoriel Ccleaner: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php (Tu l'installe sans la bare d'outil Yahoo)

PS: TU LES INSTALLES SEULEMENT ET TU NE FAIS PAS D'ANALYSE. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE.
0
Réponse 2 / 11
geoff
 
Avant de "balancer" votre ordinateur par la fenêtre, essayer plutôt d'installer l'antivirus gratuit le plus fiable, Spyware Doctor, et d'installer égallement un pare-feu, comme Spybot - Search and destroy (également gratuit).

Il est vrai que deux antivirus ne sont pas compatibles ensemble, mais Avast!, Spyware Doctor et Spybot - Search and destroy ne se "disputent" pas.

Si ça ne fonctionne toujours pas, essayez un patch anti-trojan.

Ps : la fenêtre s'ouvrant "C:\windows/usnsv.exe" peut signifier que vous avez supprimé un fichier ou plus probablement un raccourci. Ce n'est, je pense, pas bien grave. Contentez-vous de fermer cette fenêtre au démarrage...
0
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
geoff,
j'ai jamais vu autant de bétises en une seule phrase
"Avant de "balancer" votre ordinateur par la fenêtre, essayer plutôt d'installer l'antivirus gratuit le plus fiable, Spyware Doctor, et d'installer égallement un pare-feu, comme Spybot - Search and destroy (également gratuit)."
spyware doctor est un antispyware pas un antivirus.
parefeu: spybot??? c'est un antispyware
tu confonds tout.
0
stephludo2 Messages postés 19 Statut Membre > chimay8 Messages postés 7947 Statut Contributeur sécurité
 
Merci pour les réponses.

Bon je me suis penché sur la première solutions, à savoir changer les outils...

J'ai donc téléchargé Antivir, walwarebytes et ccleaner. Ils sont installés et à jour. Et j'ai supprimé les anciers outils.

Mais j'imagine que maintenant il faut faire une analyse ou quelque chose pour nettoyer ??????
0
Utilisateur anonyme > stephludo2 Messages postés 19 Statut Membre
 
Ok Tu fais un scan en mode sans échec avec AntiVir. Tu lances le scan et si il détecte un virus (normalement oui) tu cliques sur "delete" et "apply sélection to all following détections. (pour qu'il le supprimes automatiquement). A la fin du scan tu cliques sur "report" tu redémarre en mode normal puis tu me postes le rapport.

Mode sans Echec:

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

PS: JE TE CONSEILLE D'ENREGISTRER CE MESSAGE DANS TON BUREAU OU CAS OU.
0
stephludo2 Messages postés 19 Statut Membre > Utilisateur anonyme
 
Ok, le scan est en train de se faire. (là j'utilise un autre pc via le wifi pour poster).

Dès que c'est finit je poste le rapport.
0
Réponse 3 / 11
sander_k Messages postés 525 Statut Membre 125
 
Bjr, tout d'abord +1 pour le post numero 3.
Pour ton probleme stephludo2 il te faudrais aussi installer spybot qui se trouve la:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
adaware la:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
et ceci:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Pour commencer tu vas demarrer ton pc en mode sans echec en tapottant sur la touche f8 au demarage et en choisissant mode sans echec dans le menu.ensuite fait ceci:
1)fait une analyse avec sybot et supprime ce qu'il trouve
2)meme manip avec adaware
3)meme manip avec malwarebytes
4)lance ccleaner et fait fait lancer le nettoyage puis clic su registre et chercher des erreus repare les.
5)lance hijackthis que je t'ai fait telcharge plus haut clic sur do a system.... et copie/colle le rapport ici
Cordialement,
0
Utilisateur anonyme
 
Salut sander_k si ca ne dérange pas je continue.
0
Réponse 4 / 11
sander_k Messages postés 525 Statut Membre 125
 
Non pas de probleme avant de composer mon message bah le tiens n'etait pas poster je te laisse terminer la resolution du probleme.
Cordialement,
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
gli69 Messages postés 1 Statut Membre
 
Bonjour,
j'ai un problème avec XP antivirus qui s'affiche sans arrêt et je suis infesté de trojan. J'ai téléchargé plusieurs logiticels comme kasperty et bitdefender rien n'y fait. Pourriez vous m'aider
merci d'avance
0
Utilisateur anonyme
 
Salut gli69 je veux bien t'aider si tu veux en MP.
0
Utilisateur anonyme > Utilisateur anonyme
 
Ok

PS: écrit a la suite.
0
Roxuri > Utilisateur anonyme
 
Ca serait possible que tu m'aides aussi pcq j'ai exactement ce meme probleme... Ca serait vrlt aimable de ta part.. merci d'avance...
0
Utilisateur anonyme > Roxuri
 
Slt roxuri je veux bien t'aider fais un nouveau message avec le titre "Pour boy94450"
0
Roxuri > Utilisateur anonyme
 
Pour boy94450, je ne parviens pas à changer le titre, ça reste l'original, à savoir "Plein de virus. Je ne sais plus quoi faire.
En tt cas merci déjà pr ta rapidité... c'est vrmt très gentil...:)
0
Réponse 6 / 11
stephludo2 Messages postés 19 Statut Membre
 
Re salut, voici le rapport fait par AntiVir :

Avira AntiVir Personal
Report file date: mercredi 28 mai 2008 18:10

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Boot mode: Save mode
Username: *****
Computer name: ********

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 28 mai 2008 18:10

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\vuqhysti.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ixplorer.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\msmssnger.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!

The registry was scanned ( '29' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\69W72PUV\redora[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\ludovico\Local Settings\Temp\casnjfq.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\ludovico\Local Settings\Temp\dkezrbkd.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Belle journée.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a984c3.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Camemberts.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48aa84bf.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Céramique.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48af8547.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Glacier.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e84ca.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Nature.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b184c0.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Punch aux agrumes.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab84d4.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Réseau.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08548.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Sucreries.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a084d4.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Technique.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a084c5.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Tournesol.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b284cf.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Vierge.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a284c9.qua'!
C:\Program Files\Fichiers communs\System\ado\MDACReadme.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '487e84a7.qua'!
C:\Program Files\Jeux de cartes\Bel Atout\Aide\belatout.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98503.qua'!
C:\Program Files\Livre Album Fuji Photo\data\invoice\invoice_template.html
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b38513.qua'!
C:\Program Files\MSN\MSNCoreFiles\msnread.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8525.qua'!
C:\Program Files\NetMeeting\netmeet.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b1851a.qua'!
C:\WINDOWS\Wild_Party_jpg.zip
[0] Archive type: ZIP
--> www.Wild_Party_jpg-msn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Help\ciadmin.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e85aa.qua'!
C:\WINDOWS\Help\ciquery.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ae85aa.qua'!
C:\WINDOWS\Help\ixqlang.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ae85c3.qua'!
C:\WINDOWS\Help\migwiz.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a485b6.qua'!
C:\WINDOWS\Help\migwiz2.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492a0f77.qua'!
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\snd.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a185cf.qua'!
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\contents.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab85d1.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\AboutCompat.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac85f8.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatMode.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48aa8606.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatOffline.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493b27a7.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\LearnCompat.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e85fc.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\privacy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a68609.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\uplddrvinfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98608.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\DFS\xmldialog.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98605.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\dvdupgrd.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a1860e.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\ErrorMessagesOffline.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48af860b.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\errors\connection.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8608.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\dglogs.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98601.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\dglogshelp.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493827a2.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8606.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\panels\NavBar.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b385fb.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\rc\rcRequest.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488f85fe.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\helpeeaccept.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98600.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\RAStartPage.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489085dd.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\rcBuddy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '487f85ff.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\ConnIssue.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab860b.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\LearnInternet.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8602.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\RCMoreInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488a85e0.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAChatClient.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488085de.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAClient.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488085df.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489085df.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08601.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\setting.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b18603.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48af8611.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488385e2.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488685ee.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar1.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b38609.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar2.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492036ea.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\RAChatServer.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488085e1.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\SettingServer.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b18606.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a88602.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\msinfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a68614.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysComponentInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0861b.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysEvtLogInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492127bc.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysHealthInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0861d.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysinfosum.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0861c.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysRemoteInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492127bd.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysServicesInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492127be.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysSoftwareInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0861f.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\AboutWU.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8606.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\Learn.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e860a.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\LearnInternet.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '490f27ab.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\learnWU.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e860c.qua'!
C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\updatecenter.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a18615.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8615.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a3860c.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493227ad.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8616.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0860a.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493836f7.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e860d.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488a85eb.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '4880860c.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0860c.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49243dfd.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0860e.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '4881860d.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '4886860d.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0860d.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49243dff.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b085f0.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49243e01.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0860f.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49243de0.qua'!
C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08611.qua'!
C:\WINDOWS\system32\redora.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\themida.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\update.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\winini.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\winsys.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\oobe\actshell.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b186f6.qua'!
C:\WINDOWS\system32\oobe\dtsgnup.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08707.qua'!
C:\WINDOWS\system32\oobe\msobshel.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8708.qua'!
C:\WINDOWS\system32\oobe\actsetup\actconn.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b186f8.qua'!
C:\WINDOWS\system32\oobe\actsetup\actdone.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49211cf9.qua'!
C:\WINDOWS\system32\oobe\actsetup\activ.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b186f9.qua'!
C:\WINDOWS\system32\oobe\actsetup\activerr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49211cfa.qua'!
C:\WINDOWS\system32\oobe\actsetup\activsvc.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b186fb.qua'!
C:\WINDOWS\system32\oobe\actsetup\actlan.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b186fa.qua'!
C:\WINDOWS\system32\oobe\actsetup\adeskerr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a286fb.qua'!
C:\WINDOWS\system32\oobe\actsetup\adrdyreg.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48af86fb.qua'!
C:\WINDOWS\system32\oobe\actsetup\apolicy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8707.qua'!
C:\WINDOWS\system32\oobe\actsetup\areg1.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a2870a.qua'!
C:\WINDOWS\system32\oobe\actsetup\aregdial.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49321d0b.qua'!
C:\WINDOWS\system32\oobe\actsetup\aregdone.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a2870c.qua'!
C:\WINDOWS\system32\oobe\actsetup\ausrinfo.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0870e.qua'!
C:\WINDOWS\system32\oobe\error\cnncterr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8707.qua'!
C:\WINDOWS\system32\oobe\error\dialtone.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8702.qua'!
C:\WINDOWS\system32\oobe\error\hndshake.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a18708.qua'!
C:\WINDOWS\system32\oobe\error\isp2busy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad870d.qua'!
C:\WINDOWS\system32\oobe\error\noanswer.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8709.qua'!
C:\WINDOWS\system32\oobe\error\pberr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a286fc.qua'!
C:\WINDOWS\system32\oobe\error\pulse.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98710.qua'!
C:\WINDOWS\system32\oobe\error\toobusy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac870a.qua'!
C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a9870e.qua'!
C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a9870f.qua'!
C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493826b0.qua'!
C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab86ff.qua'!
C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac86ff.qua'!
C:\WINDOWS\system32\oobe\html\isptype\isptype.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad8710.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b2870c.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_a.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492326ad.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_b.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b2870d.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492326ae.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b2870f.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492326b0.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b2870e.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492326af.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b28710.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492326b1.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b28711.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492326b2.qua'!
C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8704.qua'!
C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8704.qua'!
C:\WINDOWS\system32\oobe\icserror\icsdc.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08704.qua'!
C:\WINDOWS\system32\oobe\isperror\ispcnerr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad8716.qua'!
C:\WINDOWS\system32\oobe\isperror\ispdtone.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493d1d17.qua'!
C:\WINDOWS\system32\oobe\isperror\isphdshk.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad8718.qua'!
C:\WINDOWS\system32\oobe\isperror\ispins.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad8717.qua'!
C:\WINDOWS\system32\oobe\isperror\ispnoanw.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493d1d18.qua'!
C:\WINDOWS\system32\oobe\isperror\isppberr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad8719.qua'!
C:\WINDOWS\system32\oobe\isperror\ispphbsy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '493d1d19.qua'!
C:\WINDOWS\system32\oobe\isperror\ispsbusy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad871a.qua'!
C:\WINDOWS\system32\oobe\regerror\rcnterr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8708.qua'!
C:\WINDOWS\system32\oobe\regerror\rdtone.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b18709.qua'!
C:\WINDOWS\system32\oobe\regerror\rhndshk.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab870e.qua'!
C:\WINDOWS\system32\oobe\regerror\rnomdm.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8714.qua'!
C:\WINDOWS\system32\oobe\regerror\rpberr.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489f8716.qua'!
C:\WINDOWS\system32\oobe\regerror\rpulse.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b28716.qua'!
C:\WINDOWS\system32\oobe\regerror\rtoobusy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac871b.qua'!
C:\WINDOWS\system32\oobe\setup\acterror.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b1870a.qua'!
C:\WINDOWS\system32\oobe\setup\activate.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49211d0b.qua'!
C:\WINDOWS\system32\oobe\setup\act_plcy.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b1870b.qua'!
C:\WINDOWS\system32\oobe\setup\badeula.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a18709.qua'!
C:\WINDOWS\system32\oobe\setup\badpkey.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49311d0a.qua'!
C:\WINDOWS\system32\oobe\setup\compname.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48aa8718.qua'!
C:\WINDOWS\system32\oobe\setup\dialup.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8712.qua'!
C:\WINDOWS\system32\oobe\setup\drdyisp.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a1871b.qua'!
C:\WINDOWS\system32\oobe\setup\dtiwait.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a6871d.qua'!
C:\WINDOWS\system32\oobe\setup\fini.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8713.qua'!
C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b48718.qua'!
C:\WINDOWS\system32\oobe\setup\iconn.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac870d.qua'!
C:\WINDOWS\system32\oobe\setup\ics.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0870d.qua'!
C:\WINDOWS\system32\oobe\setup\ident1.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a2870f.qua'!
C:\WINDOWS\system32\oobe\setup\ident2.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49321d10.qua'!
C:\WINDOWS\system32\oobe\setup\isp.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad871e.qua'!
C:\WINDOWS\system32\oobe\setup\jndomain.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a1871a.qua'!
C:\WINDOWS\system32\oobe\setup\jndom_a.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49311d1b.qua'!
C:\WINDOWS\system32\oobe\setup\keybd.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b68711.qua'!
C:\WINDOWS\system32\oobe\setup\keybdcmt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49261d12.qua'!
C:\WINDOWS\system32\oobe\setup\migdial.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a48716.qua'!
C:\WINDOWS\system32\oobe\setup\miglist.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49341d17.qua'!
C:\WINDOWS\system32\oobe\setup\migpage.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a48718.qua'!
C:\WINDOWS\system32\oobe\setup\neweula.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b48713.qua'!
C:\WINDOWS\system32\oobe\setup\neweula2.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49241d14.qua'!
C:\WINDOWS\system32\oobe\setup\oempriv.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48aa8713.qua'!
C:\WINDOWS\system32\oobe\setup\prvcyms.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b38720.qua'!
C:\WINDOWS\system32\oobe\setup\refdial.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a38714.qua'!
C:\WINDOWS\system32\oobe\setup\reg1.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a48714.qua'!
C:\WINDOWS\system32\oobe\setup\reg3.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49341d15.qua'!
C:\WINDOWS\system32\oobe\setup\regdial.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a48715.qua'!
C:\WINDOWS\system32\oobe\setup\security.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a08715.qua'!
C:\WINDOWS\system32\oobe\setup\timezone.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48aa8719.qua'!
C:\WINDOWS\system32\oobe\setup\username.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a28724.qua'!
C:\WINDOWS\system32\oobe\setup\welcome.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98716.qua'!
C:\WINDOWS\Web\tip.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad8723.qua'!
Begin scan in 'F:\' <HP_PAVILION>
F:\Documents and Settings\Propriétaire\Bureau\papa maman\christiane\Plans et Itinéraires.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8778.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ADSAdClient31[1].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48908922.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ADSAdClient31[3].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49022063.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ads[1].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08942.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ads[2].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08943.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ads[3].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49222004.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ads[5].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08944.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ads[6].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49222005.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\ads[7].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b08946.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\0L9IELLO\search[1].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8949.qua'!
F:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7WMAX83L\nwshp[1].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b0895d.qua'!
F:\Documents and Settings\Propriétaire\Mes documents\Mes albums\Numérisation_09-04-2007\Numérisation_09-04-2007_1.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48aa897d.qua'!
F:\Documents and Settings\Propriétaire\Mes documents\Mes albums\Numérisation_09-04-2007\Numérisation_09-04-2007_2.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48aa897e.qua'!
F:\Documents and Settings\Propriétaire\Mes documents\Mes images\Divers\salle de bain\getmsg.html
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b18a19.qua'!
F:\hp\KBD\STATIC\buttonconfig.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b18bbe.qua'!
F:\hp\KBD\STATIC\AR\buttonconfig.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '492111bf.qua'!
F:\hp\KBD\STATIC\AR\Chat.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8bb1.qua'!
F:\hp\KBD\STATIC\AR\Connect.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8bb9.qua'!
F:\hp\KBD\STATIC\AR\Copy of HP.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ad8bb9.qua'!
F:\hp\KBD\STATIC\AR\email.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8bb7.qua'!
F:\hp\KBD\STATIC\AR\Entertainment.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b18bb8.qua'!
F:\hp\KBD\STATIC\AR\Finance.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ab8bb4.qua'!
F:\hp\KBD\STATIC\AR\help.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a98bb0.qua'!
F:\hp\KBD\STATIC\AR\HP.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '486b8b9b.qua'!
F:\hp\KBD\STATIC\AR\People.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8bb0.qua'!
F:\hp\KBD\STATIC\AR\Search.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '490e11b2.qua'!
F:\hp\KBD\STATIC\AR\Shopping.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8bb4.qua'!
F:\hp\KBD\STATIC\AR\Sports.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac8bbc.qua'!
F:\hp\KBD\STATIC\AR\video.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48a18bb5.qua'!
F:\hp\KBD\STATIC\AR\weather.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489e8bb2.qua'!
F:\hp\KBD\STATIC\DA\buttonconfig.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b18bc3.qua'!
F:\hp\KBD\STATIC\DA\Chat.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '490e11b8.qua'!
F:\hp\K
0
stephludo2 Messages postés 19 Statut Membre
 
Le post précèdent était trop long, est il utile que je copie le reste du détail du rapport ?????

sinon voici ce qu'il y a écrit à la fin de ce fameux rapport :

The scan has been done completely.

6717 Scanning directories
360363 Files were scanned
12 viruses and/or unwanted programs were found
1344 Files were classified as suspicious:
12 files were deleted
0 files were repaired
1344 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
360351 Files not concerned
18210 Archives were scanned
1 Warnings
1356 Notes


voila voila
0
Roxuri > stephludo2 Messages postés 19 Statut Membre
 
Merci bcp... Non non, pas besoin de me publier le reste du rapport mais par contre mnt une fois que le rapport est fait, je suis sensé faire quoi pour virer tous ces fichiers infectés et programme malveillants...?
0
stephludo2 Messages postés 19 Statut Membre > Roxuri
 
Euh... le rapport concerne le problème de départ...
0
Roxuri > stephludo2 Messages postés 19 Statut Membre
 
Désolé, je suis trop con, j'avais pas vu que t'avais supprimer les fichiers infectés, merci bcp bcp, si seulement je pouvias vous servir à qqch, ça serait avec grd plaisir, mais bon, je suis loin d'être calé en inforamtique... Encore merci bcp, c'est trop sympa... Si vous voulez m'ajouter dans vos contacts messenger, c'est sans problème, on ne sait jamais que je puisse vous être utile pr qqch...;)
0
Utilisateur anonyme > Roxuri
 
Pourquoi as tu mis les virus en quarantaine ? Supprime les.
0
Réponse 7 / 11
roxuri
 
Ah ok, c'est juste pcq j'avais peur de supprimer des fichiers importants mais ok je les supprimerai tous dorénavant. Au fait si j'ai des virus qui comporte le chemin d'accès "system32" je dois aussi les supprimer...?
Et comment tu sais voir quand je met en quarantaine ou quand je supprime...? Impressionnant en tt cas.
0
Utilisateur anonyme
 
Car il y ' a écrit que tu as mis en quarantaine. (supprime les tous ) en fin bref.

2) Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Scan avec Malwarebyte's Anti-Malware

*Lance Malwarebyte's Anti-Malware
*Puis vs dans l'onglet "Recherche" puis coche "Exécuter un examen complet" puis "Rechercher sélectionne tes disques durs" puis clique sur "Lancer l’examen"
*A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
*Suppression des éléments détectés >>>> clique sur Supprimer la sélection
*S'il t'es demandé de redémarrer >>> clique sur "Yes"

*--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
0
Réponse 8 / 11
roxuri
 
Impossible de faire une analyse complète, mon ordi s'éteint automatiquement après un certain moment, comme s'il y avait une coupure de courant... enfin j'ai supprimer qd meme qlq virus et voici le rapport

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 794

Type de recherche: Examen rapide
Eléments examinés: 9565
Temps écoulé: 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f608c2d0-846d-4f0e-e47a-88367c887707} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-b432-46fc-9143-b82b832b1b14} (Spyware.Banker) -> No action taken.
HKEY_CLASSES_ROOT\msapp.bhoapp (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{aad1c6ad-10ab-4cae-97fb-0aaddec8a14b} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\msapp.bhoapp.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ccf3b40-253e-4d22-a790-c2a25de3f25b} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f3619035-750e-4a0a-8fb2-31d5c4bdc2d4} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{dc8305b3-1ee7-4d58-83ef-2c5bc6c6566c} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f7f6584c-864b-411d-a410-bb2de0d33ca1} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7f6584c-864b-411d-a410-bb2de0d33ca1} (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f7f6584c-864b-411d-a410-bb2de0d33ca1} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ufkbnker.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\reknbkfu.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sincim32.dll (Spyware.Banker) -> No action taken.
C:\WINDOWS\system32\hmlphl.dll (Trojan.Agent) -> No action taken.

LA SUITE

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 794

Type de recherche: Examen rapide
Eléments examinés: 9565
Temps écoulé: 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f608c2d0-846d-4f0e-e47a-88367c887707} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-b432-46fc-9143-b82b832b1b14} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msapp.bhoapp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aad1c6ad-10ab-4cae-97fb-0aaddec8a14b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msapp.bhoapp.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ccf3b40-253e-4d22-a790-c2a25de3f25b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3619035-750e-4a0a-8fb2-31d5c4bdc2d4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dc8305b3-1ee7-4d58-83ef-2c5bc6c6566c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7f6584c-864b-411d-a410-bb2de0d33ca1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7f6584c-864b-411d-a410-bb2de0d33ca1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f7f6584c-864b-411d-a410-bb2de0d33ca1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ufkbnker.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reknbkfu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sincim32.dll (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmlphl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 9 / 11
roxuri
 
Ce sont le deux mêmes rapport donc fait pas attention, après "La suite"...
0
Réponse 10 / 11
roxuri
 
Qqch à faire pour le fait qu'il s'éteint et que je ne sais pas faire une analyse digne de ce nom...?
0
Utilisateur anonyme
 
Salut tu as fais une analyse rapide alors que je t'ai demandé une analyse complète. A REFAIRE.
0
Réponse 11 / 11
roxuri
 
Mais j'ai fait l'analyse rapide pcq avec l'autre mon ordi s'éteignait d'un coup après max 10min d'analyse... J'essayerai demain pcq là je dois aller bosser et je rentre pas avant 6h du matin donc je le ferai demain en me levant. En tt cas merci pour ton aide très précieuse...
0
Utilisateur anonyme
 
De rien @+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses