Sujet Précédent Sujet Suivant

Xpack.gen

Résolu/Fermé
davcardi Messages postés 14 Date d'inscription dimanche 16 mai 2004 Statut Membre Dernière intervention 14 février 2011 - 14 févr. 2011 à 15:19
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 - 16 févr. 2011 à 11:43
Bonjour,




antivir detecte sur mon PC depuis 3 jours ce virus j'ai essayé de le supprimer avec HIJACK THIS mais celui ci revient toujours. Je vien de refaire un scan avec HIJACK dont voici le rapport.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:52, on 14/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Users\les cardis\AppData\Roaming\dwm.exe
C:\Users\les cardis\AppData\Local\Temp\csrss.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\les cardis\AppData\Roaming\Microsoft\conhost.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\Fun4IM\BndCore.exe
C:\Users\les cardis\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54525
F3 - REG:win.ini: load=C:\Users\LESCAR~1\AppData\Local\Temp\csrss.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Fun4IM\Plugins\IE\ieplugin.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [conhost] C:\Users\les cardis\AppData\Roaming\Microsoft\conhost.exe
O4 - HKCU\..\Run: [conhost] C:\Users\les cardis\AppData\Roaming\Microsoft\conhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: c:\progra~2\fun4im\bndhook.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Policy Service - Unknown owner - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fun4IM Coordinator - Bandoo Media Inc. - C:\PROGRA~2\Fun4IM\Bandoo.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

12 réponses

Réponse 1 / 12
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
14 févr. 2011 à 15:21
Bonjour et bienvenue sur CommentCaMarche !

◈ Suis la procédure jusqu'au bout. Même si le PC semble aller mieux, ce n'est pas pour autant qu'il est totalement désinfecté !

◈ Si tu as des difficultés pour effectuer une procédure ou bien une simple question, n'hésite pas à me demander.


▶▷▶▷▶▷▶▷▶▷ ZHPDiag ◁◀◁◀◁◀◁◀◁◀


◈ Nous allons effectuer un diagnostic de ton ordinateur, pour ce faire, télécharge ZHPDiag ( de Nicolas Coolman ).

◈ Exécute l'installateur -> /!\ Coche la case " créer une icône sur le bureau " /!\

◈ Lance le en double cliquant sur l'icône ZHPDiag qui se trouve sur ton bureau.

Note : Sous Vista/Seven : Clic droit sur l'icône -> " Exécuter en tant qu'administrateur "

◈ Clique sur l'icône en forme de loupe en haut à gauche ( Lancer le diagnostic ).

◈ Une fois l'analyse terminée, clique sur l'icône en forme de disquette bleue puis sauvegarde le fichier sur ton bureau.

◈ Rend toi sur cjoint puis clique sur " Parcourir ".

◈ Sélectionne le fichier ZHPDiag.txt présent sur ton bureau, puis clique sur " Ouvrir ".

◈ Clique ensuite sur " Créer le lien cjoint " puis copie/colle dans ta prochaine réponse le lien créé.
1
Réponse 2 / 12
davcardi Messages postés 14 Date d'inscription dimanche 16 mai 2004 Statut Membre Dernière intervention 14 février 2011
14 févr. 2011 à 15:34
merci pour ta reponse mais sur le liens que tu m'a donné je telecharge ZHPfix???
je suis vraiment pas bon en informatique
Désolé
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
14 févr. 2011 à 15:42
Télécharge ce fichier : ftp://zebulon.fr/ZHPDiag2.exe

Ensuite tu suis les instructions données plus haut ;-)
0
Réponse 3 / 12
davcardi Messages postés 14 Date d'inscription dimanche 16 mai 2004 Statut Membre Dernière intervention 14 février 2011
14 févr. 2011 à 15:52
https://www.cjoint.com/?0copZkhzesn

est ce que c'est bon???
0
Réponse 4 / 12
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
14 févr. 2011 à 15:59
Oui c'est bon j'ai eu le rapport, et non c'est pas bon ton PC est infecté :-) ( même si tu t'en doutais déjà )

On va commencer par déblayer le chemin :

▶▷▶▷▶▷▶▷▶▷ Combofix ◁◀◁◀◁◀◁◀◁◀


◈ Télécharge ComboFix ( de sUBs ) à cette adresse.

/!\ Ferme toutes les fenêtres de programme ouvertes /!\

/!\ Désactive temporairement toutes les protections résidentes ( Antivirus, Pare-Feu, AntiSpyware ) /!\

◈ Double clique sur " Combofix.exe "

◈ Suis les indications qui sont données à l'écran, à un moment tu auras un message te demandant d'installer la console de récupération, fais le.

◈ Pendant le scan, ne touche à rien ( souris, clavier )

◈ Tu seras peut être invité à redémarrer ton PC. A la fin du scan, combofix ouvrira un rapport, copie/colle le dans ta prochaine réponse.

Note : Si jamais il ne s'ouvrait pas, il se trouve sous C:\Combofix.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
davcardi Messages postés 14 Date d'inscription dimanche 16 mai 2004 Statut Membre Dernière intervention 14 février 2011
14 févr. 2011 à 16:15
ComboFix 11-02-13.04 - les cardis 14/02/2011 16:05:19.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4061.2862 [GMT 1:00]
Lancé depuis: c:\users\les cardis\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
c:\programdata\Desktop
c:\users\les cardis\AppData\Local\Temp\explorer.exe
c:\users\les cardis\AppData\Local\Temp\iexplore.exe
c:\users\les cardis\AppData\Roaming\dwm.exe
c:\users\les cardis\AppData\Roaming\Microsoft\conhost.exe
c:\windows\SysWow64\Temp

.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-14 au 2011-02-14 ))))))))))))))))))))))))))))))))))))
.

2011-02-14 14:28 . 2011-02-14 14:46 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-02-13 19:14 . 2011-02-13 19:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-13 19:14 . 2011-02-13 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-12 06:11 . 2011-02-12 06:11 -------- d-----w- c:\users\les cardis\AppData\Roaming\Bandoo
2011-02-11 17:11 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{863C24C0-DF43-40CC-903C-F3C9294E95D7}\mpengine.dll
2011-02-10 21:58 . 2011-02-10 21:59 -------- d-----w- c:\users\les cardis\AppData\Roaming\vlc
2011-02-10 21:57 . 2011-02-10 21:57 -------- d-----w- c:\programdata\Bandoo
2011-02-10 21:57 . 2011-02-10 21:57 -------- d-----w- c:\programdata\Fun4IM
2011-02-10 21:57 . 2011-02-10 21:57 -------- d-----w- c:\program files (x86)\Fun4IM
2011-02-10 21:57 . 2011-02-10 21:57 -------- d-----w- c:\program files (x86)\VideoLAN
2011-02-09 21:46 . 2011-02-09 21:46 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-5\markup.dll
2011-02-09 19:09 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-08 22:18 . 2011-02-09 00:31 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-08 21:06 . 2011-02-09 21:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-08 21:06 . 2011-02-08 21:06 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-07 11:53 . 2011-02-07 11:53 -------- d-----w- c:\users\les cardis\AppData\Roaming\Avira
2011-02-05 19:38 . 2011-02-07 11:54 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-05 19:38 . 2010-08-17 12:39 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-05 19:38 . 2011-02-05 19:38 -------- d-----w- c:\programdata\Avira
2011-02-05 19:38 . 2011-02-05 19:38 -------- d-----w- c:\program files (x86)\Avira
2011-02-05 09:30 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 10:27 . 2010-03-03 06:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2010-12-20 10:27 . 2010-03-03 06:04 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-12-20 202256]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Fun4IM\BndHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-05 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]
S2 Application Policy Service;Application Policy Service;c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\svchost.exe [2011-02-10 4646400]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~2\Fun4IM\Bandoo.exe [2010-11-19 1942416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

.
Contenu du dossier 'Tâches planifiées'

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 20:13]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 20:13]

2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-01 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-01 410136]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:54525
.
- - - - ORPHELINS SUPPRIMES - - - -

Wow6432Node-HKCU-Run-conhost - c:\users\les cardis\AppData\Roaming\Microsoft\conhost.exe
Wow6432Node-HKLM-Run-conhost - c:\users\les cardis\AppData\Roaming\Microsoft\conhost.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Heure de fin: 2011-02-14 16:13:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-14 15:13

Avant-CF: 384 163 811 328 octets libres
Après-CF: 383 630 577 664 octets libres

- - End Of File - - A0DD0466BC50B1A166E2606531732073
0
Réponse 6 / 12
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
14 févr. 2011 à 16:22
▶▷▶▷▶▷▶▷▶▷ CFScript ◁◀◁◀◁◀◁◀◁◀


/!\ Attention : Cette procédure n'est valable que pour davcardi /!\

◈ Copie le texte en gras ci dessous :


KillAll::

Folder::

c:\programdata\Bandoo
c:\users\les cardis\AppData\Roaming\Bandoo
c:\programdata\Fun4IM
c:\program files (x86)\Fun4IM

Registry::

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

DDS::

uInternet Settings,ProxyServer = http=127.0.0.1:54525

Driver::

Fun4IM Coordinator

DirLook::

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service

Reboot::


◈ Ouvre le bloc-note puis colle le texte ci dessus dedans.

◈ Enregistre ce fichier sur ton bureau ( appelle le CFScript.txt ).

◈ Fais un glisser/déposer de ce fichier sur combofix.exe comme expliqué ici.

◈ Combofix va se lancer, patiente le temps du scan.

/!\ Ne fais rien pendant le scan ( clavier/souris ) /!\

◈ Poste le contenu du rapport qui s'ouvrira dans ta prochaine réponse.
0
Réponse 7 / 12
davcardi Messages postés 14 Date d'inscription dimanche 16 mai 2004 Statut Membre Dernière intervention 14 février 2011
14 févr. 2011 à 16:48
ComboFix 11-02-13.04 - les cardis 14/02/2011 16:32:11.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4061.2885 [GMT 1:00]
Lancé depuis: c:\users\les cardis\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\les cardis\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Fun4IM
c:\program files (x86)\Fun4IM\Bandoo.exe
c:\program files (x86)\Fun4IM\BandooGo.exe
c:\program files (x86)\Fun4IM\BandooRes.dll
c:\program files (x86)\Fun4IM\BandooUI.exe
c:\program files (x86)\Fun4IM\BndCore.exe
c:\program files (x86)\Fun4IM\BndHook.dll
c:\program files (x86)\Fun4IM\CrashRpt.dll
c:\program files (x86)\Fun4IM\ExtensionsManager.exe
c:\program files (x86)\Fun4IM\FFSettings.exe
c:\program files (x86)\Fun4IM\FlashAnimator.dll
c:\program files (x86)\Fun4IM\GIFAnimator.dll
c:\program files (x86)\Fun4IM\INSTALL.LOG
c:\program files (x86)\Fun4IM\InstallerHelper.dll
c:\program files (x86)\Fun4IM\libungif4.dll
c:\program files (x86)\Fun4IM\license.rtf
c:\program files (x86)\Fun4IM\Plugins.ini
c:\program files (x86)\Fun4IM\Plugins\IE\ieplugin.dll
c:\program files (x86)\Fun4IM\Plugins\IE\Resources\bandoo.js
c:\program files (x86)\Fun4IM\Plugins\IE\Resources\HTML\blank.html
c:\program files (x86)\Fun4IM\Plugins\IE\Resources\HTML\error.html
c:\program files (x86)\Fun4IM\Plugins\MSN\msnplugin.dll
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\HTML\blank.html
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\HTML\error.html
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\BandooToolbar.xml
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1001.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1002.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1003.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1004.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1005.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1006.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1011.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1012.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1013.dat
c:\program files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1014.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\HTML\blank.html
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\HTML\error.html
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\BandooToolbar.xml
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\BandooToolbarV9.xml
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1001.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1002.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1003.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1004.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1005.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1006.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1051.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1052.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1053.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1054.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1055.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1056.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1057.dat
c:\program files (x86)\Fun4IM\Plugins\Yahoo\YahooPlugin.dll
c:\program files (x86)\Fun4IM\PreUninstall.exe
c:\program files (x86)\Fun4IM\Resources\BandooMessages.xml
c:\program files (x86)\Fun4IM\Resources\downloading.gif
c:\program files (x86)\Fun4IM\Resources\nudge0.wav
c:\program files (x86)\Fun4IM\Resources\nudge1.wav
c:\program files (x86)\Fun4IM\Resources\nudge2.wav
c:\program files (x86)\Fun4IM\Resources\nudge3.wav
c:\program files (x86)\Fun4IM\Resources\nudge4.wav
c:\program files (x86)\Fun4IM\Resources\nudge5.wav
c:\program files (x86)\Fun4IM\UNWISE.EXE
c:\programdata\Bandoo
c:\programdata\Bandoo\config.xml
c:\programdata\Bandoo\CrashReportInfo.xml
c:\programdata\Bandoo\WPSubsystems.xml
c:\programdata\Fun4IM
c:\programdata\Fun4IM\WPSubsystems.xml
c:\users\les cardis\AppData\Roaming\Bandoo

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Fun4IM Coordinator


((((((((((((((((((((((((((((( Fichiers créés du 2011-01-14 au 2011-02-14 ))))))))))))))))))))))))))))))))))))
.

2011-02-14 15:35 . 2011-02-14 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 14:28 . 2011-02-14 14:46 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-02-13 19:14 . 2011-02-13 19:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-13 19:14 . 2011-02-13 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-11 17:11 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{863C24C0-DF43-40CC-903C-F3C9294E95D7}\mpengine.dll
2011-02-10 21:58 . 2011-02-10 21:59 -------- d-----w- c:\users\les cardis\AppData\Roaming\vlc
2011-02-10 21:57 . 2011-02-10 21:57 -------- d-----w- c:\program files (x86)\VideoLAN
2011-02-09 21:46 . 2011-02-09 21:46 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-5\markup.dll
2011-02-09 19:09 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-08 22:18 . 2011-02-09 00:31 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-08 21:06 . 2011-02-09 21:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-08 21:06 . 2011-02-08 21:06 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-07 11:53 . 2011-02-07 11:53 -------- d-----w- c:\users\les cardis\AppData\Roaming\Avira
2011-02-05 19:38 . 2011-02-07 11:54 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-05 19:38 . 2010-08-17 12:39 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-05 19:38 . 2011-02-05 19:38 -------- d-----w- c:\programdata\Avira
2011-02-05 19:38 . 2011-02-05 19:38 -------- d-----w- c:\program files (x86)\Avira
2011-02-05 09:30 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 10:27 . 2010-03-03 06:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2010-12-20 10:27 . 2010-03-03 06:04 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service ----

2011-02-14 13:41 . 2011-02-14 13:41 2421410 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Custom Application Buttons Class 1.2.4.zip
2011-02-14 13:41 . 2011-02-14 13:41 2429510 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Crescent Moon.rar
2011-02-14 13:41 . 2011-02-14 13:41 2429440 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\queries\4\16
2011-02-14 06:53 . 2011-02-14 06:53 1843200 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Dancin' Feet.exe
2011-02-14 06:53 . 2011-02-14 06:53 2863970 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Constructive Adjustment To A World Under Stress - Side A.zip
2011-02-14 06:53 . 2011-02-14 06:53 2871878 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Conserto per Violini in re maggiore RV 220 Allegro.rar
2011-02-14 06:53 . 2011-02-14 06:53 2871808 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Cosi viaggiando.exe
2011-02-14 06:52 . 2011-02-14 06:52 3343412 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Concerto for Violin and Orchestra, Movement 1.zip
2011-02-14 06:52 . 2011-02-14 06:52 3351110 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Coeur De Pierre.rar
2011-02-14 06:52 . 2011-02-14 06:52 3351040 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Concerto in F, Op. 9 N 3, Mov. 3.exe
2011-02-14 06:52 . 2011-02-14 06:52 3785981 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Cinqui Me Jour Prime 5.zip
2011-02-14 06:52 . 2011-02-14 06:52 3793478 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Children's song No. 8.rar
2011-02-14 06:51 . 2011-02-14 06:52 3793408 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Clean Up Before She Comes.exe
2011-02-14 06:51 . 2011-02-14 06:51 4228545 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Chi c per farmi i ricci.zip
2011-02-14 06:51 . 2011-02-14 06:51 4235846 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Chariot Chase.rar
2011-02-14 06:50 . 2011-02-14 06:51 4235776 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Children Are A Treasure From The Lord.exe
2011-02-14 06:50 . 2011-02-14 06:50 4707986 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Cash'n'carry Acid.zip
2011-02-14 06:50 . 2011-02-14 06:50 4715078 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Carolina Amatissima.rar
2011-02-14 06:50 . 2011-02-14 06:50 4715008 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Chain Mail.exe
2011-02-14 06:50 . 2011-02-14 06:50 5150557 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Camfrog Video Chat 5.4.231.zip
2011-02-14 06:50 . 2011-02-14 06:50 5157446 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Calcuthon 0.5.rar
2011-02-14 06:49 . 2011-02-14 06:50 5157376 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Cant Explain.exe
2011-02-14 06:49 . 2011-02-14 06:49 5593118 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Ca Cache Quekchose.zip
2011-02-14 06:49 . 2011-02-14 06:49 5599814 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Business - The Chinese Car Industry.rar
2011-02-13 20:19 . 2011-02-14 06:49 5599744 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Ca Mnerve.exe
2011-02-13 20:19 . 2011-02-13 20:19 6079046 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Black Jack Old Black Joe Old Black Joe.rar
2011-02-13 20:19 . 2011-02-13 20:19 6078976 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Brother With An Ego.exe
2011-02-13 20:19 . 2011-02-13 20:19 6515125 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Beggin You Dont Go.zip
2011-02-13 20:19 . 2011-02-13 20:19 6521414 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Beckoning Lady 3 08.rar
2011-02-13 20:19 . 2011-02-13 20:19 6521344 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Believe (Dda Remix Edit).exe
2011-02-13 20:18 . 2011-02-13 20:18 6957680 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Barrington Levy - Jah The Creator.zip
2011-02-13 20:18 . 2011-02-13 20:18 6963782 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Balloon Monstersound (Radio Mix).rar
2011-02-13 20:18 . 2011-02-13 20:18 6963712 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Battlefield Earth - 042.exe
2011-02-13 20:18 . 2011-02-13 20:18 7437133 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Backseat Mama.zip
2011-02-13 20:18 . 2011-02-13 20:18 7443014 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Asteroid Attack.rar
2011-02-13 20:17 . 2011-02-13 20:17 7442944 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Baila Guaraguao.exe
2011-02-13 20:17 . 2011-02-13 20:17 7879691 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Artur Rubinstein - The Chopin Collection ( 11 CD ) - CD7.zip
2011-02-13 20:17 . 2011-02-13 20:17 7885382 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Ancient Near Eastern Mythology Cd16.rar
2011-02-13 20:17 . 2011-02-13 20:17 7885312 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Ascend to the Stars.exe
2011-02-13 20:17 . 2011-02-13 20:17 8322259 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Air (Tenor Padmorer O let it not in Gath be heard.zip
2011-02-13 20:17 . 2011-02-13 20:17 8327750 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Accsex Denied Vs. Jelly Dish - Supermassive!!.rar
2011-02-13 20:17 . 2011-02-13 20:17 8327680 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Amis, lamour tendre et reveur.exe
2011-02-13 20:17 . 2011-02-13 20:17 8801702 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\A Taste Of Honey (The Beatles).zip
2011-02-13 20:17 . 2011-02-13 20:17 8806982 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\A Stained Glass Romance.rar
2011-02-13 20:16 . 2011-02-13 20:17 8806912 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\Abiti Nobili.exe
2011-02-13 20:16 . 2011-02-13 20:16 9244264 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\A Devil Among The Tailors.zip
2011-02-13 20:16 . 2011-02-13 20:16 9249350 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\76 - Legacy 5 - Sacrifice.rar
2011-02-13 20:15 . 2011-02-13 20:15 9249280 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\A Greatest Hits Collection.exe
2011-02-13 20:15 . 2011-02-13 20:15 9686833 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\3. Non troppo lento.zip
2011-02-13 20:15 . 2011-02-13 20:15 9691718 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\(LP Version).rar
2011-02-13 20:15 . 2011-02-13 20:15 9691648 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\3.O.I.F..exe
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\66.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\61.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\62.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\63.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\64.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\65.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\53.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\54.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\55.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\56.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\57.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\58.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\59.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\60.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\50.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\51.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\52.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\44.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\45.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\46.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\47.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\48.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\49.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\43.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\36.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\37.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\38.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\39.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\40.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\41.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\42.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\35.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\27.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\28.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\29.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\30.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\31.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\32.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\33.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\34.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\24.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\25.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\26.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\18.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\19.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\20.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\21.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\22.patch
2011-02-13 20:14 . 2011-02-13 18:39 139 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3\23.patch
2011-02-13 20:14 . 2011-02-13 19:13 683 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\13980.iso
2011-02-13 19:13 . 2011-02-13 19:13 683 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\13980.iso
2011-02-13 19:06 . 2011-02-13 19:12 586240 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming\8147.iso
2011-02-10 22:01 . 2011-02-14 14:44 10795 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-01.cache
2011-02-10 22:01 . 2011-02-14 15:23 1790 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-00.cache
2011-02-10 22:01 . 2011-02-14 15:04 5 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\server.met
2011-02-10 22:01 . 2011-02-14 15:00 515 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\server_met.old
2011-02-10 22:01 . 2011-02-14 15:04 9779 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\known.met
2011-02-10 22:00 . 2011-02-14 14:44 135520 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-05.cache
2011-02-10 21:58 . 2011-02-14 15:11 28 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\key_index.dat
2011-02-10 21:58 . 2011-02-14 15:11 1412 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\load_index.dat
2011-02-10 21:58 . 2011-02-14 15:11 23 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-04.cache
2011-02-10 21:58 . 2011-02-14 15:11 12 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\src_index.dat
2011-02-10 21:58 . 2011-02-14 15:11 5792 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\nodes.dat
2011-02-10 21:58 . 2011-02-14 14:08 457473 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\known2_64.met
2011-02-10 21:58 . 2011-02-10 21:58 361 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-06.cache
2011-02-10 21:58 . 2011-02-14 15:04 17 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-07.cache
2011-02-10 21:58 . 2011-02-14 15:10 96 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-03.cache
2011-02-10 21:57 . 2011-02-14 15:31 200 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\queries-02.cache
2011-02-10 21:57 . 2011-02-10 20:32 4646400 ----a-w- c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\svchost.exe


((((((((((((((((((((((((((((( SnapShot@2011-02-14_15.10.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-02-14 15:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-14 15:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-14 15:10 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-14 15:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-14 15:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-14 15:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-04 15:40 . 2011-02-14 15:11 32420 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-14 15:11 37064 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-05 00:08 . 2011-02-14 14:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-05 00:08 . 2011-02-14 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-05 00:08 . 2011-02-14 14:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-05 00:08 . 2011-02-14 15:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-14 14:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-14 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-04 15:19 . 2011-02-14 15:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-04 15:19 . 2011-02-14 15:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-04 15:19 . 2011-02-14 15:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-04 15:19 . 2011-02-14 15:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-04 15:19 . 2011-02-14 15:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-04 15:19 . 2011-02-14 15:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-04 15:19 . 2011-02-14 15:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-04 15:19 . 2011-02-14 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-04 15:19 . 2011-02-14 15:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-04 15:19 . 2011-02-14 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-04 15:14 . 2011-02-14 15:11 8904 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1729457257-3968760211-2845492844-1001_UserData.bin
- 2011-02-14 15:09 . 2011-02-14 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-14 15:36 . 2011-02-14 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-14 15:36 . 2011-02-14 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-14 15:09 . 2011-02-14 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-06 08:57 . 2011-02-14 15:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-06 08:57 . 2011-02-14 15:36 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-02-14 13:44 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-02-14 15:18 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-02-14 15:35 300584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-14 15:09 300584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-04 15:38 . 2011-02-14 15:35 1898272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729457257-3968760211-2845492844-1001-8192.dat
- 2010-12-04 15:38 . 2011-02-14 15:09 1898272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729457257-3968760211-2845492844-1001-8192.dat
- 2009-07-14 02:34 . 2011-02-14 13:53 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-02-14 15:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-12-20 202256]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-05 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]
S2 Application Policy Service;Application Policy Service;c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\svchost.exe [2011-02-10 4646400]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

.
Contenu du dossier 'Tâches planifiées'

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 20:13]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 20:13]

2011-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF12260.cfxxe" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-01 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-01 410136]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-Bandoo - c:\program files (x86)\Fun4IM\PreUninstall.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Heure de fin: 2011-02-14 16:39:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-14 15:39
ComboFix2.txt 2011-02-14 15:13

Avant-CF: 383 946 784 768 octets libres
Après-CF: 383 477 137 408 octets libres

- - End Of File - - E56ED4C1C74990814EA9454AC4C716B7
0
Réponse 8 / 12
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
14 févr. 2011 à 17:40
Ok fais ceci maintenant :

▶▷▶▷▶▷▶▷▶▷ OtMoveIt ◁◀◁◀◁◀◁◀◁◀


◈ Télécharge OtMoveIt sur ton bureau.

◈ Lance le , puis copie/colle le texte ci dessous dans l'encadré " Paste instructions for items to be moved ". 


:files

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service

:commands

[emptytemp]


◈ Clique maintenant sur " MoveIt! "

◈ Copie/Colle le contenu du rapport qui s'ouvrira dans ton prochain message.

Note : Le rapport est également sauvegardé sous C:\_OTM\MovedFiles
0
Réponse 9 / 12
davcardi Messages postés 14 Date d'inscription dimanche 16 mai 2004 Statut Membre Dernière intervention 14 février 2011
14 févr. 2011 à 18:20
All processes killed
========== FILES ==========
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\temp folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\mtemp folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\incoming folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\queries\4 folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\queries folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data\3 folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db\data folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\db folder moved successfully.
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: les cardis
->Temp folder emptied: 32904 bytes
->Temporary Internet Files folder emptied: 140402088 bytes
->Flash cache emptied: 35344 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50674 bytes
RecycleBin emptied: 209 bytes

Total Files Cleaned = 134.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 02142011_181718

Files moved on Reboot...
C:\Users\les cardis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
0
Réponse 10 / 12
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
14 févr. 2011 à 18:50
Impeccable :) Refais moi un rapport ZHPDiag s'il te plait.
0
Réponse 11 / 12
davcardi Messages postés 14 Date d'inscription dimanche 16 mai 2004 Statut Membre Dernière intervention 14 février 2011
14 févr. 2011 à 19:23
https://www.cjoint.com/?0cotwBAbZCp
0
Réponse 12 / 12
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
16 févr. 2011 à 11:43
Bonjour,

Désolé du délais de répondre :)

Pour commencer, désinstalle Spybot S&D , il est obsolète et son tea-timer est un gouffre en consommation de mémoire vive. Ensuite, fais ceci :

▶▷▶▷▶▷▶▷▶▷ ZHPFix ◁◀◁◀◁◀◁◀◁◀


/!\ Utilisateurs de vista/7 , cette manipulation est à effectuer en tant qu'administrateur ( Clic droit -> [Exécuter en tant qu'administrateur] ) /!\

◈ Copie le texte en gras ci-dessous ( CTRL + C pour copier )


[HKCU\Software\AppDataLow\Software\searchqutb]
O69 - SBI: SearchScopes [HKCU] {8A96AF9E-4074-43b7-BEA3-87217BDA7403} [DefaultScope] - (Web Search) - http://www.searchnu.com/
SS - | Auto 2/7/2011 0 | (Application Policy Service) . (.Pas de propriétaire.) - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Policy Service\svchost.
O23 - Service: (Application Policy Service) - Clé orpheline


◈ Lance ZHPFix qui est présent sur ton bureau.

Clique sur le "H" bleu ( Coller les lignes Helper )

◈ Les lignes précédemment copiées apparaîtront à l'écran dans l'encadré jaune pâle.

◈ Vérifie que seules les lignes indiquées plus haut sont présentes puis clique sur [Ok]

◈ Clique maintenant sur [Tous] , puis sur [Nettoyer]

◈ Copie/Colle le contenu du rapport à l'écran dans ton prochain message.

◈ Note : le rapport se trouve également sous C:\Program Files\ZHPDiag\ZHPFixReport.txt
0