Se connecter / S'enregistrer
Votre question

Infection BHO-KD, il est tenace

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Janvier 2008 22:05:16

Bonjour,

je suis infecte par le virus BHO-KD sur le fichier au niveau du fichier C:\WINDOWS\system32\cfgbken.dll.

J'ai rechercher sur le forum plusieur facon de le supprimer... mais rien y fait. Meme les mises a jour de avast ne peut toujours pas le supprimer.

J'esepre qu'il y aura quelqu'un pour prende quelques secondes de son temps pour m'aider.

voici le raport hijckthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BHO Class - {06358080-33BE-452b-9B31-E54E112ADCCA} - C:\WINDOWS\system32\MSIEMPlayer.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {6373D54A-6AA6-4CD4-B692-A0ECBDA12CBC} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [nisdisa] C:\WINDOWS\nisdisa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1935655697-1682526488-1060284298-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'marlene')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6355 bytes


et pour finir j'ai installécombofix sur mon bureau

Autres pages sur : infection bho tenace

26 Janvier 2008 00:26:07

Bien, on va justement utiliser Combofix.


Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
26 Janvier 2008 09:59:08

ok merci d'avance pour l'aide...
voici le rapport de combofix :

ComboFix 08-01-20.1 - Propriétaire 2008-01-26 9:47:29.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.252 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 11:01 . 2008-01-25 11:02 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic
2008-01-20 15:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 12:05 . 2008-01-20 12:05 <REP> d-------- C:\Documents and Settings\Tous droit\Contacts
2008-01-19 21:27 . 2008-01-20 12:08 <REP> d-------- C:\Documents and Settings\Tous droit\Application Data\SolidDocuments
2008-01-18 21:58 . 2008-01-18 21:58 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-18 21:30 . 2008-01-18 21:30 <REP> d-------- C:\Documents and Settings\Tous droit\Application Data\Logitech
2008-01-18 21:29 . 2007-02-13 21:58 <REP> d--h----- C:\Documents and Settings\Tous droit\Voisinage réseau
2008-01-18 21:29 . 2007-02-13 21:58 <REP> d--h----- C:\Documents and Settings\Tous droit\Voisinage d'impression
2008-01-18 21:29 . 2007-02-13 21:12 <REP> d--h----- C:\Documents and Settings\Tous droit\Modèles
2008-01-18 21:29 . 2008-01-20 12:06 <REP> dr------- C:\Documents and Settings\Tous droit\Mes documents
2008-01-18 21:29 . 2007-02-13 21:58 <REP> dr------- C:\Documents and Settings\Tous droit\Menu Démarrer
2008-01-18 21:29 . 2008-01-18 21:30 <REP> dr------- C:\Documents and Settings\Tous droit\Favoris
2008-01-18 21:29 . 2007-02-13 21:58 <REP> d-------- C:\Documents and Settings\Tous droit\Bureau
2008-01-16 20:17 . 2008-01-16 20:17 45,056 --a------ C:\Documents and Settings\marlene\957123845.exe
2008-01-16 20:17 . 2008-01-16 20:17 45,056 --a------ C:\Documents and Settings\marlene\957123844.exe
2008-01-16 20:17 . 2008-01-16 20:17 45,056 --a------ C:\Documents and Settings\marlene\166.exe
2008-01-16 20:17 . 2008-01-16 20:17 45,056 --a------ C:\Documents and Settings\marlene\149.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\957123845.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\957123845.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\957123844.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\957123844.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\441.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\441.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\155.exe
2008-01-16 06:42 . 2008-01-16 06:42 45,056 --a------ C:\Documents and Settings\Propriétaire\155.exe
2008-01-16 06:42 . 2008-01-17 21:50 9,728 --a------ C:\WINDOWS\system32\MSIEMPlayer.DLL
2008-01-12 07:59 . 2008-01-12 07:59 <REP> d-------- C:\WINDOWS\ulead.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 08:51 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\SolidDocuments
2008-01-25 19:43 --------- d-----w C:\Documents and Settings\marlene\Application Data\SolidDocuments
2008-01-20 14:35 --------- d-----w C:\Program Files\Winamp3
2008-01-20 14:35 --------- d-----w C:\Program Files\SymNetDrv
2008-01-20 14:35 --------- d-----w C:\Program Files\SiSLan
2008-01-20 14:35 --------- d-----w C:\Program Files\QKeys
2008-01-20 14:35 --------- d-----w C:\Program Files\Photo Service Edition
2008-01-20 14:35 --------- d-----w C:\Program Files\PDFCreator
2008-01-20 14:35 --------- d-----w C:\Program Files\MSN Messenger
2008-01-20 14:35 --------- d-----w C:\Program Files\MP3Player
2008-01-20 14:35 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 14:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-20 14:35 --------- d-----w C:\Program Files\Java Web Start
2008-01-20 14:35 --------- d-----w C:\Program Files\Everest Poker
2008-01-20 14:35 --------- d-----w C:\Program Files\DivX
2008-01-20 14:35 --------- d-----w C:\Program Files\AvantGo Connect
2008-01-20 14:35 --------- d-----w C:\Program Files\Audacity
2008-01-20 14:35 --------- d-----w C:\Program Files\Alice
2008-01-07 16:28 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-21 10:18 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-07 05:48 19,456 ----a-w C:\WINDOWS\system32\drivers\doxcdytj.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2005-02-12 21:36 0 ----a-w C:\Documents and Settings\Marlène\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-20_15.42.32.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-20 16:39:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-20 16:39:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-20 16:39:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-27 14:18:30 40,000 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2006-11-22 13:30:31 14,848 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-03-20 08:55:45 43,584 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2008-01-26 05:10:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,257,472 2003-03-11 19:10:02 C:\Program Files\Ahead\InCD\bak\InCD.exe

----a-w 108,160 2006-08-05 06:23:12 C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Program Files\Alwil Software\Avast4\ashDisp.exe

----a-w 315,392 2003-02-28 19:00:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 127,022 2002-12-10 16:54:04 C:\Program Files\Fichiers communs\Logitech\QCDriver3\bak\LVCOMS.EXE

----a-w 155,648 2002-12-10 17:32:12 C:\Program Files\Logitech\ImageStudio\bak\ISStart.exe

----a-w 61,440 2002-12-10 17:31:34 C:\Program Files\Logitech\ImageStudio\bak\LogiTray.exe

----a-w 401,491 2004-02-24 15:20:04 C:\Program Files\Microsoft ActiveSync\bak\WCESCOMM.EXE

----a-w 249,856 2002-12-26 06:04:12 C:\Program Files\QKeys\bak\QKeys.EXE

----a-w 81,408 2005-12-16 15:57:42 C:\Program Files\TechCity Solutions\AliceSAV\bak\AliceAgent.exe

----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\Ahead\InCD\bak\_install.exe.vir

----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\bak\_install.exe.vir
----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\_install.exe.vir

----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\bak\_install.exe.vir
----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\_install.exe.vir

----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\bak\_install.exe.vir
----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\_install.exe.vir

----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\bak\_install.exe.vir
----a-w 151,552 2007-12-21 10:18:20 C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\_install.exe.vir

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06358080-33BE-452b-9B31-E54E112ADCCA}]
2008-01-17 21:50 9728 --a------ C:\WINDOWS\system32\MSIEMPlayer.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6373D54A-6AA6-4CD4-B692-A0ECBDA12CBC}]
2004-08-05 13:00 91136 --a------ C:\WINDOWS\system32\cfgbken.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:07 1667584]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-16 10:26 67128]
"nisdisa"="C:\WINDOWS\nisdisa.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 10:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 94208 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Album Fast Start.lnk - C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe [2004-09-11 10:24:15 36864]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-16 10:26:11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-11-13 14:19:20 573440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfk71.sys]
@="Driver"

R0 ihlpywrw;ihlpywrw;C:\WINDOWS\system32\drivers\doxcdytj.dat []
R2 MP3Driver;MP3Driver;C:\WINDOWS\system32\drivers\MP3Driver.sys [2002-05-28 10:41]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-01-17 04:44]
S3 Bfk71;Bfk71;C:\WINDOWS\System32\drivers\Bfk71.sys []
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\iMSPQMn.sys []
S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 09:51:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 9:53:00
ComboFix-quarantined-files.txt 2008-01-26 08:52:36
ComboFix2.txt 2008-01-25 08:48:37
ComboFix3.txt 2008-01-20 14:43:02
ComboFix4.txt 2008-01-18 08:56:01


et en second lieux voici un autre rapport de hijckthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53, on 2008-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BHO Class - {06358080-33BE-452b-9B31-E54E112ADCCA} - C:\WINDOWS\system32\MSIEMPlayer.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {6373D54A-6AA6-4CD4-B692-A0ECBDA12CBC} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [nisdisa] C:\WINDOWS\nisdisa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6051 bytes

voila....
Contenus similaires
27 Janvier 2008 22:46:54

Re


Ce n'est pas fini.


Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: BHO Class - {06358080-33BE-452b-9B31-E54E112ADCCA} - C:\WINDOWS\system32\MSIEMPlayer.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6373D54A-6AA6-4CD4-B692-A0ECBDA12CBC} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [nisdisa] C:\WINDOWS\nisdisa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\Documents and Settings\marlene\957123845.exe
C:\Documents and Settings\marlene\957123844.exe
C:\Documents and Settings\marlene\166.exe
C:\Documents and Settings\marlene\149.exe
C:\Documents and Settings\Propriétaire\957123845.exe
C:\Documents and Settings\Propriétaire\957123845.exe
C:\Documents and Settings\Propriétaire\957123844.exe
C:\Documents and Settings\Propriétaire\957123844.exe
2C:\Documents and Settings\Propriétaire\441.exe
C:\Documents and Settings\Propriétaire\441.exe
C:\Documents and Settings\Propriétaire\155.exe
C:\Documents and Settings\Propriétaire\155.exe
C:\WINDOWS\system32\MSIEMPlayer.DLL
C:\WINDOWS\nisdisa.exe


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.



Télécharge FindAWF.exe de Noahdfear sur ton Bureau.
http://noahdfear.geekstogo.com/FindAWF.exe
- Double-clique FindAWF.exe
- Un fichier texte sera produit et s'affichera à l'écran (awf.txt)
- Copie/colle le contenu du fichier dans ta prochaine réponse.
28 Janvier 2008 07:38:15

Bonjour,

je n'arrive pas telecharge sur http://download.bleepingcomputer.c [...] MoveIt.exe , le lien marque Error 404 not fund, et je ne trouve pas d'autre lien pour telecharge le programme

merci du temps passé



29 Janvier 2008 13:33:28

Bonjour,


Merci de bien vouloir envoyer un de ces fichiers suivants (ceux avec des chiffres) à l'adresse suivante http://upload.malekal.com pour analyse :

C:\Documents and Settings\marlene\957123845.exe
C:\Documents and Settings\marlene\957123844.exe
C:\Documents and Settings\marlene\166.exe
C:\Documents and Settings\marlene\149.exe
C:\Documents and Settings\Propriétaire\957123845.exe
C:\Documents and Settings\Propriétaire\957123845.exe
C:\Documents and Settings\Propriétaire\957123844.exe
C:\Documents and Settings\Propriétaire\957123844.exe
2C:\Documents and Settings\Propriétaire\441.exe
C:\Documents and Settings\Propriétaire\441.exe
C:\Documents and Settings\Propriétaire\155.exe
C:\Documents and Settings\Propriétaire\155.exe
29 Janvier 2008 18:43:13

bonsoir

j'ai envoyé un fichier.
30 Janvier 2008 07:41:53

Bonjour, merci pour le nouveau lien...
Apres les manips avec OTMovit voici le rapport de celui ci :

C:\Documents and Settings\marlene\957123845.exe moved successfully.
C:\Documents and Settings\marlene\957123844.exe moved successfully.
C:\Documents and Settings\marlene\166.exe moved successfully.
C:\Documents and Settings\marlene\149.exe moved successfully.
C:\Documents and Settings\Propriétaire\957123845.exe moved successfully.
File/Folder C:\Documents and Settings\Propriétaire\957123845.exe not found.
C:\Documents and Settings\Propriétaire\957123844.exe moved successfully.
File/Folder C:\Documents and Settings\Propriétaire\957123844.exe not found.
File/Folder 2C:\Documents and Settings\Propriétaire\441.exe not found.
C:\Documents and Settings\Propriétaire\441.exe moved successfully.
C:\Documents and Settings\Propriétaire\155.exe moved successfully.
File/Folder C:\Documents and Settings\Propriétaire\155.exe not found.
File/Folder C:\WINDOWS\system32\MSIEMPlayer.DLL not found.
File/Folder C:\WINDOWS\nisdisa.exe not found.

OTMoveIt2 v1.0.15 log created on 01302008_073220

et voici le rapport de FindAWF.exe :

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\MICROS~4\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
2004-02-24 16:20 401,491 WCESCOMM.EXE
1 fichier(s) 401,491 octets
2 R‚p(s) 21,824,270,336 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\QKEYS\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
2002-12-26 07:04 249,856 QKeys.EXE
1 fichier(s) 249,856 octets
2 R‚p(s) 21,824,270,336 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\WINDOWS\SYSTEM32\BAK

2007-02-13 21:48 <REP> .
2007-02-13 21:48 <REP> ..
0 fichier(s) 0 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\AHEAD\INCD\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2003-03-11 20:10 1,257,472 InCD.exe
1 fichier(s) 1,257,472 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\ALWILS~1\AVAST4\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2006-08-05 07:23 108,160 ashDisp.exe
1 fichier(s) 108,160 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2003-02-28 20:00 315,392 atiptaxx.exe
1 fichier(s) 315,392 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\LOGITECH\IMAGES~1\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2002-12-10 18:32 155,648 ISStart.exe
2002-12-10 18:31 61,440 LogiTray.exe
2 fichier(s) 217,088 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\TECHCI~1\ALICESAV\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2005-12-16 16:57 81,408 AliceAgent.exe
1 fichier(s) 81,408 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
0 fichier(s) 0 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\FICHIE~1\LOGITECH\QCDRIV~2\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
2002-12-10 17:54 127,022 LVCOMS.EXE
1 fichier(s) 127,022 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\QOOBOX\QUARAN~1\C\PROGRA~1\AHEAD\INCD\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2007-12-21 11:18 151,552 _install.exe.vir
1 fichier(s) 151,552 octets
2 R‚p(s) 21,824,266,240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\QOOBOX\QUARAN~1\C\PROGRA~1\ALWILS~1\AVAST4\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2007-12-21 11:18 151,552 _install.exe.vir
1 fichier(s) 151,552 octets
2 R‚p(s) 21,824,262,144 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\QOOBOX\QUARAN~1\C\PROGRA~1\ATITEC~1\ATICON~1\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2007-12-21 11:18 151,552 _install.exe.vir
1 fichier(s) 151,552 octets
2 R‚p(s) 21,824,262,144 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\QOOBOX\QUARAN~1\C\PROGRA~1\LOGITECH\IMAGES~1\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2007-12-21 11:18 151,552 _install.exe.vir
1 fichier(s) 151,552 octets
2 R‚p(s) 21,824,262,144 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\QOOBOX\QUARAN~1\C\PROGRA~1\TECHCI~1\ALICESAV\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2007-12-21 11:18 151,552 _install.exe.vir
1 fichier(s) 151,552 octets
2 R‚p(s) 21,824,262,144 octets libres


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

401491 24 Feb 2004 "C:\Program Files\Microsoft ActiveSync\bak\WCESCOMM.EXE"
249856 26 Dec 2002 "C:\Program Files\QKeys\bak\QKeys.EXE"
1257472 11 Mar 2003 "C:\Program Files\Ahead\InCD\bak\InCD.exe"
79224 4 Dec 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
108160 5 Aug 2006 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe"
315392 28 Feb 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
155648 10 Dec 2002 "C:\Program Files\Logitech\ImageStudio\bak\ISStart.exe"
61440 10 Dec 2002 "C:\Program Files\Logitech\ImageStudio\bak\LogiTray.exe"
81408 16 Dec 2005 "C:\Program Files\TechCity Solutions\AliceSAV\bak\AliceAgent.exe"
102400 10 Jun 2002 "C:\Program Files\Fichiers communs\Logitech\QCDriver\LVComS.exe"
90112 20 Sep 2002 "C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe"
127022 10 Dec 2002 "C:\Program Files\Fichiers communs\Logitech\QCDriver3\bak\LVCOMS.EXE"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Temp\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alice\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Audacity\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Everest Poker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Internet Explorer\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java Web Start\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft ActiveSync\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Works\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Movie Maker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MP3Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\NetMeeting\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Outlook Express\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\PDFCreator\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Photo Service Edition\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\QKeys\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SiSLan\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SymNetDrv\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Winamp3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows Media Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows NT\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\$MSI31Uninstall_KB893803$\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\inf\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\msagent\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\CoverDesigner\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero ToolKit\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\AvantGo\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\Common\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\PowerDVD\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Eidos\Hitman Contracts\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Google\Google Earth\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{ACD27BF3-7CDC-11D7-9D4D-00010240CE95}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Internet Explorer\Connection Wizard\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.1_04\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\SetPoint\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Games\Combat Flight Simulator 3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Works Suite 2004\Setup\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Monte Cristo\Fire Department 3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MsnInstaller\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\Windows\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Messenger\Device Manager\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\OLYMPUS\CAMEDIA Master 4.1\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\PDFCreator\languages\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SiS7012\Uninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Symantec\LiveUpdate\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows Media Components\Encoder\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows NT\Accessoires\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Yahoo!\Common\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{C9016F05-CBC1-45C8-A349-C0E8C6802A92}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Modio\SLAMR2KV\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Com\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\npp\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\oobe\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Restore\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\usmt\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\wbem\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Acrobat 4.0\Reader\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Adobe Help Viewer\1.0\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\InCD\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero\WaveEditor\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Shared\AudioPlugins\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\NoteSync Forms\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Eidos\Hitman Contracts\BACKUP\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Adobe\Updater5\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\KhalShared\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver2\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\WebColct\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\MSDraw\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\MSInfo\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Note-It\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Shoebox\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Speech\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\WordArt\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Works Shared\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Real\Update\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\SolidDocuments\SolidConverterPDF\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.1_04\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\jre1.5.0_11\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\WME\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Monte Cristo\Fire Department 3\DirectX9\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MSNCoreFiles\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\PDF-XChangeSDKEU\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\WildTangent\Apps\CDA\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Help\Tours\mmTour\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\PCHEALTH\HELPCTR\Binaries\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\PCHEALTH\UploadLB\Binaries\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Macromed\Flash\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\MarlŠne\Local Settings\Temp\WER219.tmp.dir00\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Bureau\CIS\lm\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver2\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver3\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Program\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\PDF-XChangeSDKEU\win2k\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_uninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Driver\7\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\marlene\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_jvm\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3109_norton$20internet$20security$20ids$20signatures_2.0_english\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem529_navnt_10.00.10_french\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem4204_norton$20internet$20security$20ids$20signatures_2.0_english\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\Propri‚taire\Data\6423\10bc4687\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\Propri‚taire\Data\b08\11e4f6f9\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Temp\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alice\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Audacity\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Everest Poker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Internet Explorer\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java Web Start\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft ActiveSync\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Works\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Movie Maker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MP3Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\NetMeeting\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Outlook Express\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\PDFCreator\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Photo Service Edition\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\QKeys\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SiSLan\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SymNetDrv\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Winamp3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows Media Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows NT\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\$MSI31Uninstall_KB893803$\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\inf\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\msagent\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\CoverDesigner\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero ToolKit\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\AvantGo\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\Common\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\PowerDVD\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Eidos\Hitman Contracts\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Google\Google Earth\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{ACD27BF3-7CDC-11D7-9D4D-00010240CE95}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Internet Explorer\Connection Wizard\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.1_04\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\SetPoint\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Games\Combat Flight Simulator 3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Works Suite 2004\Setup\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Monte Cristo\Fire Department 3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MsnInstaller\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\Windows\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Messenger\Device Manager\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\OLYMPUS\CAMEDIA Master 4.1\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\PDFCreator\languages\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SiS7012\Uninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Symantec\LiveUpdate\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows Media Components\Encoder\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows NT\Accessoires\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Yahoo!\Common\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{C9016F05-CBC1-45C8-A349-C0E8C6802A92}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Modio\SLAMR2KV\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Com\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\npp\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\oobe\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Restore\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\usmt\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\wbem\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Acrobat 4.0\Reader\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Adobe Help Viewer\1.0\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\InCD\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero\WaveEditor\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Shared\AudioPlugins\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\NoteSync Forms\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Eidos\Hitman Contracts\BACKUP\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Adobe\Updater5\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\KhalShared\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver2\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\WebColct\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\MSDraw\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\MSInfo\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Note-It\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Shoebox\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Speech\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\WordArt\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Works Shared\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Real\Update\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\SolidDocuments\SolidConverterPDF\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.1_04\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\jre1.5.0_11\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\WME\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Monte Cristo\Fire Department 3\DirectX9\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MSNCoreFiles\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\PDF-XChangeSDKEU\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\WildTangent\Apps\CDA\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Help\Tours\mmTour\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\PCHEALTH\HELPCTR\Binaries\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\PCHEALTH\UploadLB\Binaries\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Macromed\Flash\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\MarlŠne\Local Settings\Temp\WER219.tmp.dir00\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Bureau\CIS\lm\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver2\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver3\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Program\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\PDF-XChangeSDKEU\win2k\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_uninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Driver\7\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\marlene\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_jvm\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3109_norton$20internet$20security$20ids$20signatures_2.0_english\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem529_navnt_10.00.10_french\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem4204_norton$20internet$20security$20ids$20signatures_2.0_english\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\Propri‚taire\Data\6423\10bc4687\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\Propri‚taire\Data\b08\11e4f6f9\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Temp\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alice\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Audacity\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Everest Poker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Internet Explorer\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java Web Start\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft ActiveSync\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Works\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Movie Maker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MP3Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\NetMeeting\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Outlook Express\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\PDFCreator\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Photo Service Edition\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\QKeys\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SiSLan\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SymNetDrv\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Winamp3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows Media Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows NT\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\$MSI31Uninstall_KB893803$\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\inf\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\msagent\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\CoverDesigner\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero ToolKit\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\AvantGo\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\Common\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\PowerDVD\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Eidos\Hitman Contracts\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Google\Google Earth\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{ACD27BF3-7CDC-11D7-9D4D-00010240CE95}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Internet Explorer\Connection Wizard\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.1_04\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\SetPoint\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Games\Combat Flight Simulator 3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Works Suite 2004\Setup\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Monte Cristo\Fire Department 3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MsnInstaller\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\Windows\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Messenger\Device Manager\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\OLYMPUS\CAMEDIA Master 4.1\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\PDFCreator\languages\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SiS7012\Uninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Symantec\LiveUpdate\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Viewpoint\Viewpoint Media Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows Media Components\Encoder\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows NT\Accessoires\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Yahoo!\Common\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Installer\{C9016F05-CBC1-45C8-A349-C0E8C6802A92}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Modio\SLAMR2KV\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Com\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\npp\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\oobe\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Restore\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\usmt\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\wbem\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Acrobat 4.0\Reader\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Adobe Help Viewer\1.0\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\InCD\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero\WaveEditor\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Shared\AudioPlugins\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\NoteSync Forms\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Eidos\Hitman Contracts\BACKUP\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Adobe\Updater5\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\KhalShared\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver2\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\WebColct\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\MSDraw\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\MSInfo\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Note-It\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Shoebox\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Speech\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\WordArt\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Works Shared\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Real\Update\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\SolidDocuments\SolidConverterPDF\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.1_04\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java\jre1.5.0_11\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\ImageStudio\WME\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Monte Cristo\Fire Department 3\DirectX9\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MSNCoreFiles\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\PDF-XChangeSDKEU\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\TechCity Solutions\AliceSAV\bak\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\WildTangent\Apps\CDA\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\Help\Tours\mmTour\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\PCHEALTH\HELPCTR\Binaries\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\PCHEALTH\UploadLB\Binaries\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\Macromed\Flash\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\MarlŠne\Local Settings\Temp\WER219.tmp.dir00\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Bureau\CIS\lm\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver2\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Logitech\QCDriver3\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Program\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SolidDocuments\SolidConverterPDF\PDF-XChangeSDKEU\win2k\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_uninst\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\Propri‚taire\Application Data\Microsoft\Installer\{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Driver\7\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\engine\6\Intel 32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\marlene\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\THQ\Disney-Pixar\Cars\_jvm\bin\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3109_norton$20internet$20security$20ids$20signatures_2.0_english\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem529_navnt_10.00.10_french\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem4204_norton$20internet$20security$20ids$20signatures_2.0_english\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\Propri‚taire\Data\6423\10bc4687\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Users\Propri‚taire\Data\b08\11e4f6f9\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Temp\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alice\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Audacity\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Everest Poker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Internet Explorer\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Java Web Start\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft ActiveSync\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Microsoft Works\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Movie Maker\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MP3Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\MSN Messenger\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\NetMeeting\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Outlook Express\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\PDFCreator\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Photo Service Edition\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\QKeys\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SiSLan\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\SymNetDrv\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Winamp3\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows Media Player\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Windows NT\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\$MSI31Uninstall_KB893803$\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\inf\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\msagent\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\WINDOWS\system32\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\CoverDesigner\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Ahead\Nero ToolKit\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Alwil Software\Avast4\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\AvantGo Connect\AvantGo\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\Common\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\CyberLink\PowerDVD\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\DivX\DivX\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Eidos\Hitman Contracts\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\Google\Google Earth\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\_install.exe.vir"
151552 21 Dec 2007 "C:\QooBox\Quarantine\C\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\_install.exe.vir"
151552 21 De
30 Janvier 2008 09:14:56

scala un grand merci pour l'envoi!
30 Janvier 2008 23:07:47

Bonjour


Supprime C:\QooBox


Double-clique sur l'icône FindAWF. Appuie sur une touche pour poursuivre le lancement de l'outil.

Si une alerte de sécurité apparait, autorise le programme à s'exécuter.
Comme indiqué, presse une touche pour continuer.
Choisis l'option suivante : Press 2 then Enter to restore files from bak folders
Appuie sur une touche pour poursuivre.


Un fichier texte s'ouvre appelé : files.txt
Clique en dessous de la ligne et colle la liste de fichiers qui suit :

C:\Program Files\Microsoft ActiveSync\bak\WCESCOMM.EXE
C:\Program Files\QKeys\bak\QKeys.EXE
C:\Program Files\Ahead\InCD\bak\InCD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
C:\Program Files\Logitech\ImageStudio\bak\ISStart.exe
C:\Program Files\Logitech\ImageStudio\bak\LogiTray.exe
C:\Program Files\TechCity Solutions\AliceSAV\bak\AliceAgent.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVComS.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\bak\LVCOMS.EXE


Ensuite, ferme le fichier et clique sur Yes pour sauvegarder les changements.

Une fois que le fichier files.txt est sauvegardé, FindAWF fait ce qui suit:
-Il stoppe les processus nommés dans la liste précédente, si ceux-ci tournent.
-Supprime les rogues dans le dossier parent si présent.
-Copie le fichier original dans le dossier parent.

Quand il aura terminé toutes ces opérations, il commencera automatiquement un nouveau scan et ouvrira un nouveau rapport.
Poste ce nouveau rapport FindAWF dans ta prochaine réponse.
31 Janvier 2008 07:31:17

bonjour, voici le rapport...

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully



bak folders found
~~~~~~~~~~~

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\MICROS~4\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
2004-02-24 16:20 401,491 WCESCOMM.EXE
1 fichier(s) 401,491 octets
2 R‚p(s) 21,818,028,032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\QKEYS\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
2002-12-26 07:04 249,856 QKeys.EXE
1 fichier(s) 249,856 octets
2 R‚p(s) 21,818,028,032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\WINDOWS\SYSTEM32\BAK

2007-02-13 21:48 <REP> .
2007-02-13 21:48 <REP> ..
0 fichier(s) 0 octets
2 R‚p(s) 21,818,023,936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\AHEAD\INCD\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2003-03-11 20:10 1,257,472 InCD.exe
1 fichier(s) 1,257,472 octets
2 R‚p(s) 21,818,023,936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\ALWILS~1\AVAST4\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2006-08-05 07:23 108,160 ashDisp.exe
1 fichier(s) 108,160 octets
2 R‚p(s) 21,818,023,936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2003-02-28 20:00 315,392 atiptaxx.exe
1 fichier(s) 315,392 octets
2 R‚p(s) 21,818,023,936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\LOGITECH\IMAGES~1\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2002-12-10 18:32 155,648 ISStart.exe
2002-12-10 18:31 61,440 LogiTray.exe
2 fichier(s) 217,088 octets
2 R‚p(s) 21,818,023,936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\TECHCI~1\ALICESAV\BAK

2008-01-20 15:35 <REP> .
2008-01-20 15:35 <REP> ..
2005-12-16 16:57 81,408 AliceAgent.exe
1 fichier(s) 81,408 octets
2 R‚p(s) 21,818,023,936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
0 fichier(s) 0 octets
2 R‚p(s) 21,818,023,936 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 48CA-AF21

R‚pertoire de C:\PROGRA~1\FICHIE~1\LOGITECH\QCDRIV~2\BAK

2006-09-24 21:07 <REP> .
2006-09-24 21:07 <REP> ..
2002-12-10 17:54 127,022 LVCOMS.EXE
1 fichier(s) 127,022 octets
2 R‚p(s) 21,818,023,936 octets libres


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

401491 24 Feb 2004 "C:\Program Files\Microsoft ActiveSync\bak\WCESCOMM.EXE"
249856 26 Dec 2002 "C:\Program Files\QKeys\bak\QKeys.EXE"
1257472 11 Mar 2003 "C:\Program Files\Ahead\InCD\bak\InCD.exe"
79224 4 Dec 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
108160 5 Aug 2006 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe"
315392 28 Feb 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
155648 10 Dec 2002 "C:\Program Files\Logitech\ImageStudio\bak\ISStart.exe"
61440 10 Dec 2002 "C:\Program Files\Logitech\ImageStudio\bak\LogiTray.exe"
81408 16 Dec 2005 "C:\Program Files\TechCity Solutions\AliceSAV\bak\AliceAgent.exe"
102400 10 Jun 2002 "C:\Program Files\Fichiers communs\Logitech\QCDriver\LVComS.exe"
90112 20 Sep 2002 "C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVComS.exe"
127022 10 Dec 2002 "C:\Program Files\Fichiers communs\Logitech\QCDriver3\bak\LVCOMS.EXE"


end of report
1 Février 2008 23:45:38

il est toujours là ...tenace cette bestiole
2 Février 2008 00:05:49

Un dll ces des fois chiant a supprimé.
Bon un truc, mais bon ces pas dit que sa marche prend regcleaner une fois télécharger clic outil et voir les fichiers DLL système essaye de le trouver, mais bon t'aura une sacrée liste si tu le trouve coche le et supprime de sélection.
Va dans sauvegarde et surprime le aussi.
J'ai une fois réussi a enlever un fichier emmerdant comme sa une fois.
2 Février 2008 11:11:06

Merci de l'info.

je vais continuer a suivre les procedures de chercheur_

Mais je reconnais qu'il a du mal a etre suprpimé...

Merci quand meme
5 Février 2008 21:34:46

Bonsoir,

Plus personne pour m'aider a supprimer ce canaçon de troie.???!!
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS