Ga naar inhoud

Jion

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    4.549

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Jion

  1. Jion
    Dag Maurits, Heb je al geprobeert om een systeemherstel uit te voeren naar een datum voor dat dit probleem zich stelde?
  2. Jion
    Amai, hier hebben ze toch ook dik geblunderd bij bestekeus.nl... Grundig RCD 1440 MP3 is geen tv maar een radio/cd speler... (Klopt al wat beter voor die prijs he) ;-) https://www.google.be/search?q=grundig+rcd+1440+mp3&hl=nl&prmd=imvns&source=lnms&tbm=isch&ei=jGC2T5a9MoyG-waUtKi-Cg&sa=X&oi=mode_link&ct=mode&cd=2&ved=0CGYQ_AUoAQ&biw=1440&bih=728#hl=nl&tbm=isch&sa=X&ei=5mC2T_2QBcqN-wa5tb3NCg&ved=0CAcQBSgA&q=grundig+rcd1440+mp3&spell=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=9219edc42bca44d&biw=1440&bih=728
  3. Jion
    Wat hier opvalt zijn je hoge temperaturen van je processor en moederbord. (71 en 77°) Te hoge temperaturen van een PC / laptop worden meestal veroorzaakt door een te hoog stofgehalte. Om dit op een veilige manier te verwijderen verwijzen we graag naar deze zeer duidelijke uitleg. Neem de tips grondig door en doe het nodige om je systeem stofvrij te (laten) maken…nadien kan je ons dan de nieuwe resultaten van Speccy bezorgen.
  4. Jion
    Je probleem is nog niet helemaal afgerond hoor. ;-) Kan je je Mbam logje + een nieuw HJT logje plaatsen in je volgend bericht? Dan kunnen de malware specialisten dit nakijken en je verder helpen indien nodig.
  5. Jion
    Dag Haplovie, Welkom op PCH! Hoe zit het met de temperaturen in je laptop? Download en installeer Speccy. Tijdens de installatie heb je nu de mogelijkheid om Nederlands als taal te selecteren. Start nu het programma en er zal een overzicht gemaakt worden van je hardware. Als dit gereed is selecteer je bovenaan " Bestand - Publiceer Snapshot " en vervolgens bevestig je die keuze met " Ja ". In het venster dat nu opent krijg je een link te zien, kopieer nu die link en plak die in je volgende bericht. Wil je in woord en beeld zien hoe je een logje van Speccy maakt en plaatst kun je dat Hier lezen. Ook Dit (KLIK) filmpje laat zien hoe je een Speccy-logje kan plakken in je antwoord. Na het plaatsen van je logje wordt dit door een expert nagekeken.
  6. Jion
    Probeer het eens met DEZE tips i.v.m. de Windows XP .NET Framework updates.
  7. Jion
    Wat is het merk en exacte model van je computer? En met welke Windows versie werk je?
  8. Jion
    Je kan Je Mcafee herstellen met de McAfee Virtual Technician tool: http://mvt.mcafee.com/mvt/en-us/default.html?en-us
  9. Jion
    dag Rianne, McAfee staat er helaas voor bekend om hun foutmeldingen lol. Voer het onderstaande eens uit zodat we kunnen zien welke andere processen je hebt draaien en om zeker te zijn dat malware niet de oorzaak is. 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.
  10. Jion
    Dag Nancy, Welkom op PCH! We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem. 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.
  11. Jion
    Alweer van harte bedankt mijn waarde!
  12. Jion
    De eerste keer ik ook niet. Het is begonnen met de eerste txt toe te voegen in Combofix. Mag ik deze nu verwijderen? Heb zonet alle updates afgerond en moet juist nog een av installeren en mijn collega is terug blij.
  13. Jion
    ComboFix 12-05-15.03 - khalid 15/05/2012 14:08:06.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3000.1489 [GMT 2:00] Lancé depuis: c:\users\khalid\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-04-15 au 2012-05-15 )))))))))))))))))))))))))))))))))))) . . 2012-05-15 12:19 . 2012-05-15 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-15 12:01 . 2012-05-15 12:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-15 11:59 . 2012-05-15 11:59 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-15 11:47 . 2012-05-15 11:47 -------- d-----w- c:\users\khalid\AppData\Local\Secunia PSI 2012-05-15 11:46 . 2012-05-15 11:46 -------- d-----w- c:\program files\Secunia 2012-05-15 11:08 . 2012-04-18 01:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E11C7D9B-A22C-4593-824C-D4D683146F1A}\mpengine.dll 2012-05-15 10:45 . 2012-05-15 10:45 -------- d-----w- c:\programdata\Nokia 2012-05-15 10:45 . 2012-05-15 10:45 -------- d-----w- c:\program files\Common Files\Nokia 2012-05-15 10:42 . 2012-04-22 11:51 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2012-05-15 10:42 . 2012-05-15 10:42 -------- d-----w- c:\program files\PC Connectivity Solution 2012-05-15 10:28 . 2012-05-15 11:57 -------- d-----w- c:\windows\system32\catroot2 2012-05-15 07:43 . 2012-05-15 07:43 -------- d-----w- c:\program files\Defraggler 2012-05-15 07:43 . 2012-05-15 07:43 -------- d-----w- c:\program files\CCleaner 2012-05-15 04:56 . 2012-05-15 04:56 -------- d-----w- c:\users\khalid\AppData\Roaming\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:55 -------- d-----w- c:\programdata\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-15 04:55 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 04:49 . 2012-05-15 04:49 388096 ----a-r- c:\users\khalid\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-15 04:49 . 2012-05-15 04:49 -------- d-----w- c:\program files\Trend Micro 2012-05-15 04:45 . 2012-05-15 04:45 -------- d-----w- c:\program files\VS Revo Group 2012-05-11 19:34 . 2012-05-11 19:34 -------- d-----w- c:\program files\Common Files\Java 2012-05-11 19:33 . 2012-05-11 19:32 476960 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-15 12:01 . 2011-09-25 12:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-11 19:32 . 2010-04-15 10:58 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-07 19:21 . 2009-08-24 17:05 319456 ----a-w- c:\windows\DIFxAPI.dll 2012-02-29 15:11 . 2012-04-13 20:03 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11 . 2012-04-13 20:03 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:09 . 2012-04-13 20:03 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 13:32 . 2012-04-13 20:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-02-23 08:18 . 2010-08-03 21:35 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-04-21 01:18 . 2012-05-15 11:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-15_07.03.26 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-15 11:22 . 2012-05-15 11:22 86528 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_9.1.8112.16421_none_db8554c0f7e0cc45\iesysprep.dll + 2012-05-15 11:22 . 2012-05-15 11:22 78848 c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_9.1.8112.16421_none_5932969685ac9350\inseng.dll + 2012-05-15 11:22 . 2012-05-15 11:22 74752 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_9.1.8112.16421_none_85c3f0149c5d8f80\iesetup.dll + 2012-05-15 11:22 . 2012-05-15 11:22 31744 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_9.1.8112.16421_none_85c3f0149c5d8f80\iernonce.dll + 2012-05-15 11:22 . 2012-05-15 11:22 74240 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_9.1.8112.16421_none_85c3f0149c5d8f80\ie4uinit.exe + 2012-05-15 11:22 . 2012-05-15 11:22 83456 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_9.1.8112.16421_none_ad69259d26702ffe\PDMSetup.exe + 2012-05-15 11:22 . 2012-05-15 11:22 49664 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_9.1.8112.16421_none_ca9ad75f6f438108\JSProfilerCore.dll + 2012-05-15 11:22 . 2012-05-15 11:22 66048 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_9.1.8112.16421_none_1a8eba56a2224d37\icardie.dll + 2012-05-15 11:22 . 2012-05-15 11:22 22016 c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_9.1.8112.16421_none_edf0fb910169dc60\ExtExport.exe + 2012-05-15 11:22 . 2012-05-15 11:22 35840 c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_9.1.8112.16421_none_fde803c430f2c1bf\imgutil.dll + 2012-05-15 11:22 . 2012-05-15 11:22 48640 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_9.1.8112.16421_none_b360c170f80ae253\mshtmler.dll + 2012-05-15 11:22 . 2012-05-15 11:22 72704 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.1.8112.16441_none_0806847f815942e8\mshtmled.dll + 2012-05-15 11:22 . 2012-05-15 11:22 11776 c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_9.1.8112.16421_none_194d2a314741d4f2\mshta.exe + 2012-05-15 11:22 . 2012-05-15 11:22 72704 c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_9.1.8112.16421_none_709e29f82fbc1171\SetDepNx.exe + 2012-05-15 11:22 . 2012-05-15 11:22 74752 c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_9.1.8112.16421_none_e7dc110d61b3a0b1\RegisterIEPKEYs.exe + 2012-05-15 11:22 . 2012-05-15 11:22 10752 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_9.1.8112.16421_none_bc4129fa18a649d7\msfeedssync.exe + 2012-05-15 11:22 . 2012-05-15 11:22 41472 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_9.1.8112.16421_none_bc4129fa18a649d7\msfeedsbs.dll + 2012-05-15 11:22 . 2012-05-15 11:22 23552 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_9.1.8112.16421_none_89d492da8dd6fedf\licmgr10.dll + 2012-05-15 11:22 . 2012-05-15 11:22 66048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16441_none_c1c68e95dfc78fda\WininetPlugin.dll + 2012-05-15 11:22 . 2012-05-15 11:22 65024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16441_none_c1c68e95dfc78fda\jsproxy.dll + 2012-05-15 11:22 . 2012-05-15 11:22 54272 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_9.1.8112.16421_none_adb9aa19514dba01\pngfilt.dll + 2012-05-15 11:22 . 2012-05-15 11:22 76800 c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_9.1.8112.16421_none_c86a3c9afeeda136\SetIEInstalledDate.exe + 2009-08-24 17:02 . 2012-05-15 11:42 25802 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2950043291-1104450502-1531698635-1000_UserData.bin + 2012-05-15 11:22 . 2012-05-15 11:22 76800 c:\windows\System32\SetIEInstalledDate.exe + 2012-05-15 11:22 . 2012-05-15 11:22 74752 c:\windows\System32\RegisterIEPKEYs.exe + 2012-05-15 11:22 . 2012-05-15 11:22 54272 c:\windows\System32\pngfilt.dll + 2008-05-02 09:58 . 2012-01-09 15:28 75264 c:\windows\System32\nmwcdcls.dll + 2012-05-15 11:22 . 2012-05-15 11:22 48640 c:\windows\System32\mshtmler.dll + 2012-05-15 11:22 . 2012-05-15 11:22 72704 c:\windows\System32\mshtmled.dll + 2012-05-15 11:22 . 2012-05-15 11:22 11776 c:\windows\System32\mshta.exe + 2012-05-15 11:22 . 2012-05-15 11:22 10752 c:\windows\System32\msfeedssync.exe + 2012-05-15 11:22 . 2012-05-15 11:22 41472 c:\windows\System32\msfeedsbs.dll + 2012-05-15 11:22 . 2012-05-15 11:22 66048 c:\windows\System32\migration\WininetPlugin.dll + 2012-05-15 11:22 . 2012-05-15 11:22 23552 c:\windows\System32\licmgr10.dll + 2012-05-15 11:22 . 2012-05-15 11:22 65024 c:\windows\System32\jsproxy.dll + 2012-05-15 11:22 . 2012-05-15 11:22 78848 c:\windows\System32\inseng.dll + 2012-05-15 11:22 . 2012-05-15 11:22 35840 c:\windows\System32\imgutil.dll + 2009-08-25 08:34 . 2011-02-11 16:41 57856 c:\windows\System32\igfxsrvc.dll + 2009-08-25 08:34 . 2011-02-11 16:41 23552 c:\windows\System32\igfxexps.dll + 2011-02-11 17:20 . 2011-02-11 17:20 81920 c:\windows\System32\igfxCoIn_v2302.dll + 2011-02-11 17:10 . 2011-02-11 17:10 92356 c:\windows\System32\igfcg500m.bin + 2012-05-15 11:22 . 2012-05-15 11:22 86528 c:\windows\System32\iesysprep.dll + 2012-05-15 11:22 . 2012-05-15 11:22 74752 c:\windows\System32\iesetup.dll + 2012-05-15 11:22 . 2012-05-15 11:22 31744 c:\windows\System32\iernonce.dll + 2012-05-15 11:22 . 2012-05-15 11:22 74240 c:\windows\System32\ie4uinit.exe + 2012-05-15 11:22 . 2012-05-15 11:22 66048 c:\windows\System32\icardie.dll + 2009-08-25 08:34 . 2011-02-11 16:40 95232 c:\windows\System32\hccutils.dll - 2011-09-03 19:18 . 2008-08-26 08:26 18816 c:\windows\System32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2012-05-15 10:42 . 2012-04-22 11:51 18816 c:\windows\System32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys + 2012-01-09 15:28 . 2012-01-09 15:28 75264 c:\windows\System32\DriverStore\FileRepository\nmwcdnsuc.inf_0705381a\nmwcdcls.dll + 2012-01-09 15:28 . 2012-01-09 15:28 75264 c:\windows\System32\DriverStore\FileRepository\nmwcdnsu.inf_6081e305\nmwcdcls.dll + 2011-02-11 17:20 . 2011-02-11 17:20 81920 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igxpco32.dll + 2011-02-11 16:41 . 2011-02-11 16:41 57856 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxsrvc.dll + 2011-02-11 16:41 . 2011-02-11 16:41 23552 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxexps.dll + 2011-02-11 17:10 . 2011-02-11 17:10 92356 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfcg500m.bin + 2011-02-11 16:40 . 2011-02-11 16:40 95232 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\hccutils.dll + 2012-01-09 15:28 . 2012-01-09 15:28 75264 c:\windows\System32\DriverStore\FileRepository\ccdcmbo.inf_be0d8369\nmwcdcls.dll + 2012-01-09 15:28 . 2012-01-09 15:28 23168 c:\windows\System32\DriverStore\FileRepository\ccdcmbo.inf_be0d8369\ccdcmbo.sys + 2012-01-09 15:28 . 2012-01-09 15:28 75264 c:\windows\System32\DriverStore\FileRepository\ccdcmb.inf_bed27f02\nmwcdcls.dll + 2012-01-09 15:28 . 2012-01-09 15:28 18176 c:\windows\System32\DriverStore\FileRepository\ccdcmb.inf_bed27f02\ccdcmb.sys + 2010-09-01 08:30 . 2010-09-01 08:30 15544 c:\windows\System32\drivers\psi_mf.sys + 2009-08-25 00:03 . 2012-05-15 11:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-08-25 00:03 . 2012-05-15 06:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-08-25 00:03 . 2012-05-15 11:47 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-08-25 00:03 . 2012-05-15 06:27 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-08-25 00:03 . 2012-05-15 11:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-08-25 00:03 . 2012-05-15 06:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-05-15 10:35 . 2012-05-15 10:35 29184 c:\windows\Installer\76367.msi + 2012-05-15 11:50 . 2012-05-15 11:50 81920 c:\windows\Installer\{F9D28ACF-D568-4D4C-9601-2ECEE27479A3}\ARPPRODUCTICON.exe + 2012-05-15 10:42 . 2012-05-15 10:42 10134 c:\windows\Installer\{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}\ARPPRODUCTICON.exe + 2012-05-15 10:45 . 2012-05-15 10:45 54489 c:\windows\Installer\{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}\ARPPRODUCTICON.exe - 2006-11-02 10:25 . 2012-02-25 20:34 86016 c:\windows\inf\infstor.dat + 2006-11-02 10:25 . 2012-05-15 11:23 86016 c:\windows\inf\infstor.dat + 2006-11-02 10:25 . 2012-05-15 11:24 51200 c:\windows\inf\infpub.dat - 2006-11-02 10:25 . 2012-02-25 20:34 51200 c:\windows\inf\infpub.dat + 2011-02-11 16:40 . 2011-02-11 16:40 4096 c:\windows\System32\IGFXDEVLib.dll + 2012-01-09 15:28 . 2012-01-09 15:28 8576 c:\windows\System32\DriverStore\FileRepository\nmwcdnsuc.inf_0705381a\nmwcdnsuc.sys + 2011-02-11 16:40 . 2011-02-11 16:40 4096 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\IGFXDEVLib.dll + 2012-01-09 15:28 . 2012-01-09 15:28 8192 c:\windows\System32\DriverStore\FileRepository\ccdcmbm.inf_17da0767\usbser_lowerflt.sys + 2012-01-09 15:28 . 2012-01-09 15:28 8192 c:\windows\System32\DriverStore\FileRepository\ccdcmbj.inf_9e8ccd64\usbser_lowerfltj.sys + 2012-05-15 11:36 . 2012-05-15 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-15 06:26 . 2012-05-15 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-15 11:36 . 2012-05-15 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-15 06:26 . 2012-05-15 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-15 10:41 . 2012-05-15 10:41 3262 c:\windows\Installer\{A57025CC-5F2E-4D01-B387-06DB10500D43}\ARPPRODUCTICON.exe + 2012-05-15 11:22 . 2012-05-15 11:22 420864 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.1.8112.16421_none_084d3e3f6bcb495b\vbscript.dll + 2012-05-15 11:22 . 2012-05-15 11:22 716800 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.16441_none_42bd83af3518d501\jscript.dll + 2012-05-15 11:22 . 2012-05-15 11:22 161792 c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_9.1.8112.16421_none_8bf30ea6e05803fd\msls31.dll + 2012-05-15 11:22 . 2012-05-15 11:22 104448 c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_9.1.8112.16421_none_faeb724c3c991d81\jsdebuggeride.dll + 2012-05-15 11:22 . 2012-05-15 11:22 466432 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_9.1.8112.16421_none_a88f140ecf86a393\ieinstal.exe + 2012-05-15 11:22 . 2012-05-15 11:22 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.16441_none_248007b7ec13873d\ieui.dll + 2012-05-15 11:22 . 2012-05-15 11:22 231936 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.1.8112.16441_none_b0086c5e9bbede84\url.dll + 2012-05-15 11:22 . 2012-05-15 11:22 766976 c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.1.8112.16421_none_ad2a4c5b269f3d94\VGX.dll + 2012-05-15 11:22 . 2012-05-15 11:22 141112 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.16441_none_07814571ca78ae37\sqmapi.dll + 2012-05-15 11:22 . 2012-05-15 11:22 162304 c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_9.1.8112.16421_none_878579449a9f80d9\msrating.dll + 2009-12-22 22:05 . 2009-01-08 01:20 355832 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_9.1.8112.16421_none_ad69259d26702ffe\pdm.dll + 2009-12-22 22:05 . 2009-01-08 01:20 265720 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_9.1.8112.16421_none_ad69259d26702ffe\msdbg2.dll + 2012-05-15 11:22 . 2012-05-15 11:22 203776 c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_9.1.8112.16421_none_211f1de88f9dd6a7\webcheck.dll + 2012-05-15 11:22 . 2012-05-15 11:22 123392 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_9.1.8112.16421_none_f719a31c52075bc3\occache.dll + 2012-05-15 11:22 . 2012-05-15 11:22 301056 c:\windows\winsxs\x86_microsoft-windows-ie-networkinspection_31bf3856ad364e35_9.1.8112.16421_none_34efc55991e4e7bf\networkinspection.dll + 2012-05-15 11:22 . 2012-05-15 11:22 149504 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_9.1.8112.16421_none_b2f234980c173d9f\jsprofilerui.dll + 2012-05-15 11:22 . 2012-05-15 11:22 386560 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.1.8112.16421_none_7a5f89ce0b8982e1\jsdbgui.dll + 2012-05-15 11:22 . 2012-05-15 11:22 142848 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.1.8112.16421_none_ef553af957e2c6db\ieUnatt.exe + 2012-05-15 11:22 . 2012-05-15 11:22 152064 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.1.8112.16421_none_246f17d17c9637f2\wextract.exe + 2012-05-15 11:22 . 2012-05-15 11:22 150528 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.1.8112.16421_none_246f17d17c9637f2\iexpress.exe + 2012-05-15 11:22 . 2012-05-15 11:22 194048 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.1.8112.16441_none_076acb0dd82d80c7\IEShims.dll + 2012-05-15 11:22 . 2012-05-15 11:22 193536 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.1.8112.16421_none_50221f4f8874e277\ieproxy.dll + 2012-05-15 11:22 . 2012-05-15 11:22 222720 c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_9.1.8112.16421_none_c6694716af1f003d\ielowutil.exe + 2012-05-15 11:22 . 2012-05-15 11:22 307200 c:\windows\winsxs\x86_microsoft-windows-ie-iediag_31bf3856ad364e35_9.1.8112.16421_none_d6d367eccf35ac38\iediagcmd.exe + 2012-05-15 11:22 . 2012-05-15 11:22 107008 c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_9.1.8112.16421_none_7dd99028d27230f3\iecleanup.exe + 2012-05-15 11:22 . 2012-05-15 11:22 110592 c:\windows\winsxs\x86_microsoft-windows-ie-ieadvpack_31bf3856ad364e35_9.1.8112.16421_none_8ee585650c72e0e5\IEAdvpack.dll + 2012-05-15 11:22 . 2012-05-15 11:22 580608 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_9.1.8112.16421_none_1fd9c53c785aaab0\msfeeds.dll + 2012-05-15 11:22 . 2012-05-15 11:22 223232 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.1.8112.16421_none_57b989ffbf885879\dxtrans.dll + 2012-05-15 11:22 . 2012-05-15 11:22 353792 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.1.8112.16421_none_57b989ffbf885879\dxtmsft.dll + 2012-05-15 11:22 . 2012-05-15 11:22 678912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.1.8112.16441_none_fb82a7e87dcadc1b\iedvtool.dll + 2012-05-15 11:22 . 2012-05-15 11:22 118784 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_9.1.8112.16421_none_fcb6bf9f2ff2205a\iepeers.dll + 2012-05-15 11:22 . 2012-05-15 11:22 434176 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_9.1.8112.16421_none_bb855147a9a2d24b\ieapfltr.dll + 2012-05-15 11:22 . 2012-05-15 11:22 163840 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_9.1.8112.16421_none_6e255cbd44aa2f9e\ieakui.dll + 2012-05-15 11:22 . 2012-05-15 11:22 227840 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_9.1.8112.16421_none_6e255cbd44aa2f9e\ieaksie.dll + 2012-05-15 11:22 . 2012-05-15 11:22 101888 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_9.1.8112.16421_none_6e255cbd44aa2f9e\admparse.dll + 2012-05-15 11:22 . 2012-05-15 11:22 130560 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_9.1.8112.16421_none_640971200617dbf4\ieakeng.dll + 2012-05-15 11:22 . 2012-05-15 11:22 353584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_9.1.8112.16421_none_3443a769956178bf\iedkcs32.dll + 2012-05-15 11:22 . 2012-05-15 11:22 748336 c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe + 2012-05-15 11:22 . 2012-05-15 11:22 114176 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_9.1.8112.16421_none_6bbea06a30b4d402\advpack.dll + 2012-05-15 11:22 . 2012-05-15 11:22 152064 c:\windows\System32\wextract.exe + 2012-05-15 11:22 . 2012-05-15 11:22 203776 c:\windows\System32\webcheck.dll + 2008-01-21 01:58 . 2012-05-15 11:42 102746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2012-05-15 11:42 100262 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2011-06-12 20:57 . 2011-02-17 06:23 420864 c:\windows\System32\vbscript.dll + 2012-05-15 11:22 . 2012-05-15 11:22 420864 c:\windows\System32\vbscript.dll + 2012-05-15 11:22 . 2012-05-15 11:22 231936 c:\windows\System32\url.dll + 2009-03-03 15:14 . 2012-05-15 07:32 679042 c:\windows\System32\perfh00C.dat + 2006-11-02 10:33 . 2012-05-15 07:32 595996 c:\windows\System32\perfh009.dat + 2009-03-03 15:14 . 2012-05-15 07:32 126626 c:\windows\System32\perfc00C.dat + 2006-11-02 10:33 . 2012-05-15 07:32 104070 c:\windows\System32\perfc009.dat + 2012-05-15 11:22 . 2012-05-15 11:22 123392 c:\windows\System32\occache.dll + 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\System32\msvcr100.dll + 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\System32\msvcp100.dll + 2012-05-15 11:22 . 2012-05-15 11:22 162304 c:\windows\System32\msrating.dll + 2012-05-15 11:22 . 2012-05-15 11:22 161792 c:\windows\System32\msls31.dll + 2012-05-15 11:22 . 2012-05-15 11:22 580608 c:\windows\System32\msfeeds.dll + 2012-05-15 12:01 . 2012-05-15 12:01 352416 c:\windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe + 2012-05-15 12:01 . 2012-05-15 12:01 424096 c:\windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll + 2012-05-15 11:50 . 2012-05-15 11:50 245408 c:\windows\System32\Macromed\Flash\FlashUtil10zb_Plugin.exe + 2012-05-15 11:22 . 2012-05-15 11:22 716800 c:\windows\System32\jscript.dll + 2009-08-24 23:56 . 2011-02-11 17:26 948760 c:\windows\System32\igxpun.exe + 2011-02-11 16:35 . 2011-02-11 16:35 208896 c:\windows\System32\iglhsip32.dll + 2011-02-11 16:35 . 2011-02-11 16:35 147456 c:\windows\System32\iglhcp32.dll + 2011-02-11 17:10 . 2011-02-11 17:10 982240 c:\windows\System32\igkrng500.bin + 2009-08-25 08:34 . 2011-02-11 17:26 137752 c:\windows\System32\igfxtray.exe + 2009-08-25 08:34 . 2011-02-11 16:41 261632 c:\windows\System32\igfxTMM.dll + 2009-08-25 08:34 . 2011-02-11 17:26 267800 c:\windows\System32\igfxsrvc.exe + 2009-08-25 08:34 . 2011-02-11 16:40 828928 c:\windows\System32\igfxress.dll + 2011-02-11 16:41 . 2011-02-11 16:41 195584 c:\windows\System32\igfxpph.dll + 2009-08-25 08:34 . 2011-02-11 17:26 172568 c:\windows\System32\igfxpers.exe + 2009-08-25 08:34 . 2011-02-11 17:26 179224 c:\windows\System32\igfxext.exe + 2011-02-11 16:40 . 2011-02-11 16:40 130048 c:\windows\System32\igfxdo.dll + 2009-08-25 08:34 . 2011-02-11 16:40 228864 c:\windows\System32\igfxdev.dll + 2009-08-25 08:34 . 2011-02-11 17:09 571904 c:\windows\System32\igdumdx32.dll + 2011-02-11 17:10 . 2011-02-11 17:10 439308 c:\windows\System32\igcompkrng500.bin + 2012-05-15 11:22 . 2012-05-15 11:22 150528 c:\windows\System32\iexpress.exe + 2012-05-15 11:22 . 2012-05-15 11:22 142848 c:\windows\System32\ieUnatt.exe + 2012-05-15 11:22 . 2012-05-15 11:22 176640 c:\windows\System32\ieui.dll + 2012-05-15 11:22 . 2012-05-15 11:22 118784 c:\windows\System32\iepeers.dll + 2012-05-15 11:22 . 2012-05-15 11:22 353584 c:\windows\System32\iedkcs32.dll + 2012-05-15 11:22 . 2012-05-15 11:22 434176 c:\windows\System32\ieapfltr.dll - 2009-12-22 22:06 . 2009-03-08 11:32 163840 c:\windows\System32\ieakui.dll + 2012-05-15 11:22 . 2012-05-15 11:22 163840 c:\windows\System32\ieakui.dll + 2012-05-15 11:22 . 2012-05-15 11:22 227840 c:\windows\System32\ieaksie.dll + 2012-05-15 11:22 . 2012-05-15 11:22 130560 c:\windows\System32\ieakeng.dll + 2012-05-15 11:22 . 2012-05-15 11:22 110592 c:\windows\System32\IEAdvpack.dll + 2009-08-25 08:34 . 2011-02-11 17:26 171032 c:\windows\System32\hkcmd.exe + 2011-02-11 16:40 . 2011-02-11 16:40 120320 c:\windows\System32\gfxSrvc.dll - 2006-11-02 12:47 . 2012-05-15 06:27 346264 c:\windows\System32\FNTCACHE.DAT + 2006-11-02 12:47 . 2012-05-15 10:27 346264 c:\windows\System32\FNTCACHE.DAT + 2012-05-15 11:22 . 2012-05-15 11:22 223232 c:\windows\System32\dxtrans.dll + 2012-05-15 11:22 . 2012-05-15 11:22 353792 c:\windows\System32\dxtmsft.dll + 2012-04-22 11:51 . 2012-04-22 11:51 592896 c:\windows\System32\DriverStore\FileRepository\pccswpddriver.inf_1986e3b8\PCCSWpdDriver.dll + 2012-01-09 15:28 . 2012-01-09 15:28 137600 c:\windows\System32\DriverStore\FileRepository\nmwcdnsu.inf_6081e305\nmwcdnsu.sys + 2011-02-11 16:35 . 2011-02-11 16:35 208896 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\iglhsip32.dll + 2011-02-11 16:35 . 2011-02-11 16:35 147456 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\iglhcp32.dll + 2011-02-11 17:10 . 2011-02-11 17:10 874048 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igkrng575.bin + 2011-02-11 17:10 . 2011-02-11 17:10 982240 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igkrng500.bin + 2011-02-11 17:26 . 2011-02-11 17:26 137752 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxtray.exe + 2011-02-11 16:41 . 2011-02-11 16:41 261632 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxTMM.dll + 2011-02-11 17:26 . 2011-02-11 17:26 267800 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxsrvc.exe + 2011-02-11 16:40 . 2011-02-11 16:40 828928 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxress.dll + 2011-02-11 16:41 . 2011-02-11 16:41 195584 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxpph.dll + 2011-02-11 17:26 . 2011-02-11 17:26 172568 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxpers.exe + 2011-02-11 17:26 . 2011-02-11 17:26 179224 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxext.exe + 2011-02-11 16:40 . 2011-02-11 16:40 130048 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxdo.dll + 2011-02-11 16:40 . 2011-02-11 16:40 228864 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfxdev.dll + 2011-02-11 17:10 . 2011-02-11 17:10 104796 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igfcg575m.bin + 2011-02-11 17:09 . 2011-02-11 17:09 571904 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igdumdx32.dll + 2011-02-11 17:10 . 2011-02-11 17:10 127868 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igcompkrng575.bin + 2011-02-11 17:10 . 2011-02-11 17:10 439308 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igcompkrng500.bin + 2011-02-11 17:26 . 2011-02-11 17:26 171032 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\hkcmd.exe + 2011-02-11 16:40 . 2011-02-11 16:40 120320 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\gfxSrvc.dll + 2011-02-11 16:35 . 2011-02-11 16:35 452440 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\d3dx10_40.dll + 2012-01-09 15:28 . 2012-01-09 15:28 605696 c:\windows\System32\DriverStore\FileRepository\ccdcmb.inf_bed27f02\nmwcdcocls.dll + 2012-01-09 15:28 . 2012-01-09 15:28 123904 c:\windows\System32\DriverStore\FileRepository\ccdcmb.inf_bed27f02\ccdcmbwu.dll + 2009-08-24 23:56 . 2006-11-02 13:21 319456 c:\windows\System32\difxapi.dll - 2009-08-24 23:56 . 2006-11-10 16:25 319456 c:\windows\System32\difxapi.dll + 2011-02-11 16:35 . 2011-02-11 16:35 452440 c:\windows\System32\d3dx10_40.dll + 2012-05-15 11:53 . 2012-05-15 11:53 533504 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\jdk1.6.0_31\jdk1.6.0_31.msi + 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\System32\atl100.dll + 2012-05-15 11:22 . 2012-05-15 11:22 114176 c:\windows\System32\advpack.dll + 2012-05-15 11:22 . 2012-05-15 11:22 101888 c:\windows\System32\admparse.dll - 2010-10-31 20:06 . 2012-05-15 05:39 333664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-10-31 20:06 . 2012-05-15 11:26 333664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-15 11:56 . 2012-05-15 11:56 390144 c:\windows\Installer\ec672.msi + 2012-05-15 11:54 . 2012-05-15 11:54 533504 c:\windows\Installer\ec3e4.msi + 2012-05-15 10:42 . 2012-05-15 10:42 496128 c:\windows\Installer\763b5.msi + 2012-05-15 10:41 . 2012-05-15 10:41 337920 c:\windows\Installer\76381.msi + 2006-11-02 10:25 . 2012-05-15 11:24 143360 c:\windows\inf\infstrng.dat - 2006-11-02 10:25 . 2012-02-25 20:34 143360 c:\windows\inf\infstrng.dat + 2012-05-15 11:22 . 2012-05-15 11:22 1798656 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.16441_none_42bd83af3518d501\jscript9.dll + 2012-05-15 11:22 . 2012-05-15 11:22 9705472 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.16441_none_248007b7ec13873d\ieframe.dll + 2012-05-15 11:22 . 2012-05-15 11:22 1792000 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.16441_none_07814571ca78ae37\iertutil.dll + 2012-05-15 11:22 . 2012-05-15 11:22 3695416 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_9.1.8112.16421_none_bb855147a9a2d24b\ieapfltr.dat + 2012-05-15 11:22 . 2012-05-15 11:22 1127424 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16441_none_c1c68e95dfc78fda\wininet.dll + 2012-05-15 11:22 . 2012-05-15 11:22 1103360 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.1.8112.16441_none_74c0b2f414be6947\urlmon.dll + 2012-05-15 11:22 . 2012-05-15 11:22 1127424 c:\windows\System32\wininet.dll + 2012-05-15 11:22 . 2012-05-15 11:22 1103360 c:\windows\System32\urlmon.dll + 2011-02-11 17:26 . 2011-02-11 17:26 8198680 c:\windows\System32\TVWSetup.exe + 2006-11-02 10:22 . 2012-05-15 11:37 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat - 2006-11-02 10:22 . 2012-05-10 21:18 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat + 2010-01-27 01:07 . 2012-05-15 11:50 6277280 c:\windows\System32\Macromed\Flash\NPSWF32.dll + 2012-05-15 11:22 . 2012-05-15 11:22 1798656 c:\windows\System32\jscript9.dll + 2009-08-25 08:34 . 2011-02-11 17:12 4967424 c:\windows\System32\igdumd32.dll + 2011-02-11 17:04 . 2011-02-11 17:04 4411392 c:\windows\System32\igd10umd32.dll + 2012-05-15 11:22 . 2012-05-15 11:22 1792000 c:\windows\System32\iertutil.dll + 2012-05-15 11:22 . 2012-05-15 11:22 9705472 c:\windows\System32\ieframe.dll + 2012-05-15 11:22 . 2012-05-15 11:22 3695416 c:\windows\System32\ieapfltr.dat + 2011-02-11 17:26 . 2011-02-11 17:26 3157528 c:\windows\System32\GfxUI.exe + 2012-04-22 11:51 . 2012-04-22 11:51 1837296 c:\windows\System32\DriverStore\FileRepository\pccswpddriver.inf_1986e3b8\WUDFUpdate_01009.dll + 2011-02-11 17:26 . 2011-02-11 17:26 8198680 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\TVWSetup.exe + 2011-02-11 17:12 . 2011-02-11 17:12 4967424 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igdumd32.dll + 2011-02-11 17:12 . 2011-02-11 17:12 9036800 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igdkmd32.sys + 2011-02-11 17:04 . 2011-02-11 17:04 4411392 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\igd10umd32.dll + 2011-02-11 17:26 . 2011-02-11 17:26 3157528 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\GfxUI.exe + 2012-01-09 15:28 . 2012-01-09 15:28 1461992 c:\windows\System32\DriverStore\FileRepository\ccdcmb.inf_bed27f02\wdfcoinstaller01009.dll + 2011-02-11 17:12 . 2011-02-11 17:12 9036800 c:\windows\System32\drivers\igdkmd32.sys + 2012-05-15 11:50 . 2012-05-15 11:50 1093632 c:\windows\Installer\ec3df.msi + 2012-05-15 10:45 . 2012-05-15 10:45 1225728 c:\windows\Installer\76713.msi + 2012-05-15 12:06 . 2012-05-15 12:06 6471680 c:\windows\ERDNT\Hiv-backup\schema.dat + 2012-05-15 11:22 . 2012-05-15 11:22 12282368 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16441_none_d320adb4601df910\mshtml.dll + 2012-05-15 11:22 . 2012-05-15 11:22 12282368 c:\windows\System32\mshtml.dll + 2011-02-11 16:51 . 2011-02-11 16:51 11039744 c:\windows\System32\ig4icd32.dll + 2011-02-11 16:51 . 2011-02-11 16:51 11039744 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_96f7c31e\ig4icd32.dll + 2009-08-25 10:04 . 2012-05-15 11:23 178197619 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Facebook Update"="c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-29 137536] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-08 1084800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-17 30192] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] . c:\users\khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2950043291-1104450502-1531698635-1000] "EnableNotificationsRef"=dword:00000001 . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - PSI . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2012-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000Core.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000UA.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: ????3?? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: ???????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ???????????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\43gkvfb3.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-15 14:19 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(6128) c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll . Heure de fin: 2012-05-15 14:30:54 ComboFix-quarantined-files.txt 2012-05-15 12:30 ComboFix2.txt 2012-05-15 09:27 ComboFix3.txt 2012-05-15 08:32 ComboFix4.txt 2012-05-15 07:16 . Avant-CF: 339.768.659.968 octets libres Après-CF: 338.818.007.040 octets libres . - - End Of File - - 54B7C0B9D586242C4F1D3CC8A019D62E
  14. Jion
    heb Firefox volledig verwijderd en opnieuw geïnstalleerd. Geen Incredibar meer te vinden. Java 6 Update 23 vind ik ook niet. Wel Update 32. Bedoel je deze? ps: Bij het opstarten van Combofix meldt deze steeds dat er een niewere versie uit is en moet ik eerst updaten. Kan het zijn dat de download link verouderd is? Logje komt er zo dadelijk aan.
  15. Jion
    ComboFix 12-05-15.01 - khalid 15/05/2012 11:16:34.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3000.1581 [GMT 2:00] Lancé depuis: c:\users\khalid\Downloads\ComboFix.exe Commutateurs utilisés :: c:\users\khalid\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\chrome\FlashGet3.jar c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\install.rdf c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\META-INF\manifest.mf c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\META-INF\zigbert.rsa c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\META-INF\zigbert.sf . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-04-15 au 2012-05-15 )))))))))))))))))))))))))))))))))))) . . 2012-05-15 09:25 . 2012-05-15 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-15 07:43 . 2012-05-15 07:43 -------- d-----w- c:\program files\Defraggler 2012-05-15 07:43 . 2012-05-15 07:43 -------- d-----w- c:\program files\CCleaner 2012-05-15 04:56 . 2012-05-15 04:56 -------- d-----w- c:\users\khalid\AppData\Roaming\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:55 -------- d-----w- c:\programdata\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-15 04:55 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 04:49 . 2012-05-15 04:49 388096 ----a-r- c:\users\khalid\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-15 04:49 . 2012-05-15 04:49 -------- d-----w- c:\program files\Trend Micro 2012-05-15 04:45 . 2012-05-15 04:45 -------- d-----w- c:\program files\VS Revo Group 2012-05-11 19:34 . 2012-05-11 19:34 -------- d-----w- c:\program files\Common Files\Java 2012-05-11 19:33 . 2012-05-11 19:32 476960 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-11 19:32 . 2010-04-15 10:58 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-07 19:21 . 2009-08-24 17:05 319456 ----a-w- c:\windows\DIFxAPI.dll 2012-03-13 20:31 . 2011-09-25 12:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 15:11 . 2012-04-13 20:03 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11 . 2012-04-13 20:03 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:09 . 2012-04-13 20:03 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 13:32 . 2012-04-13 20:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-02-28 11:30 . 2012-04-12 18:10 916992 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 11:25 . 2012-04-12 18:10 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-28 11:25 . 2012-04-12 18:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 11:25 . 2012-04-12 18:10 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-28 11:25 . 2012-04-12 18:10 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-02-28 10:07 . 2012-04-12 18:10 385024 ----a-w- c:\windows\system32\html.iec 2012-02-28 08:12 . 2012-04-12 18:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-28 08:08 . 2012-04-12 18:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-17 21:08 . 2010-09-17 21:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-01 401728] "Facebook Update"="c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-29 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-17 30192] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2950043291-1104450502-1531698635-1000] "EnableNotificationsRef"=dword:00000001 . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2012-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000Core.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000UA.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: ????3?? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: ???????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ???????????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://badoo.com/startpage/?source=bsb&q= FF - prefs.js: network.proxy.type - 2 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Interest Recognizer for Moovida: moovida@spointer.com - c:\program files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8kPNy2Id&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - be5eaf400000000000000017c49d6379 FF - user.js: extensions.incredibar_i.hardId - be5eaf400000000000000017c49d6379 FF - user.js: extensions.incredibar_i.instlDay - 15393 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2720:55 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8kPNy2Id FF - user.js: extensions.incredibar_i.upn2n - 92823901250070621 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10595 FF - user.js: extensions.incredibar_i.ppd - . . ************************************************************************** Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j&A*s*i*a*6*6*6*k&a*v*i*\OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Heure de fin: 2012-05-15 11:27:25 ComboFix-quarantined-files.txt 2012-05-15 09:27 ComboFix2.txt 2012-05-15 08:32 ComboFix3.txt 2012-05-15 07:16 . Avant-CF: 336.855.998.464 octets libres Après-CF: 338.127.069.184 octets libres . - - End Of File - - 92A5F2FEF494E2FA3DFFE69FDC327E63
  16. Jion
    ComboFix 12-05-14.03 - khalid 15/05/2012 10:06:46.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3000.1560 [GMT 2:00] Lancé depuis: c:\users\khalid\Downloads\ComboFix.exe Commutateurs utilisés :: c:\users\khalid\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\components\AskHPRFF.js c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D} c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\chrome\FlashGetMini.jar c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\components\FlashGetXPI.dll c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\components\IFlashgetXpi.xpt c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\install.rdf c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\META-INF\manifest.mf c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\META-INF\zigbert.rsa c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D}\META-INF\zigbert.sf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\chrome.manifest c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\components\acplus-autocomplete.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\babylon.css c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\babylon.xul c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\home.gif c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\mtstart.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\server.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\tmplt.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\install.rdf c:\users\khalid\AppData\Local\ClickPotatoLiteSA\bin\12.0.15.0\firefox\extensions c:\users\khalid\AppData\Local\ClickPotatoLiteSA\bin\12.0.15.0\firefox\extensions\chrome.manifest c:\users\khalid\AppData\Local\ClickPotatoLiteSA\bin\12.0.15.0\firefox\extensions\install.rdf c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome.manifest c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\data\search\engines.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\data\search\search.xsl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\imeshcode.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\about.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\dtxpanel.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\dtxpaneltransparent.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\dtxpanelwin.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\dtxprefwin.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\dtxtransparentwin.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\dtxwin.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\emailnotifierproviders.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\external.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\imeshcode.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\neterror.xhtml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\rsspreview.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\rsswin.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\rsswin.xsl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\vmncode.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\lib\wmpstreamer.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\modules\datastore.jsm c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\modules\nsDragAndDrop.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\neterror.xhtml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\partner.coupons.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\preferences.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\radiobeta.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\template.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\toolbar.htm c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\toolbar.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\vmncode.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\vmnrsswin.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\about_logo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\babylon_logo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\bluelite.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\bluesky.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\btn-search-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\btn-search.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\btn-settings-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\btn-settings.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\btn-widgets-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\btn-widgets.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\btn_settings.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\ca.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\dictionary.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\divider.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\downloadcom.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\dtxlogo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\ebay.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\ebay_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\email.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\email_on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\email_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\facebook.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\games.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\go_idle.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\go_rollover.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred0.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred0_5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred1.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred1_5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred2.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred2_5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred3.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred3_5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred4.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred4_5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphred5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\graphredna.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\grey.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\ico-shield.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\icon_amazon.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\icon_games.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\icon_seperator_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\icon_twitter.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\icon_youtube.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\images.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\imesh.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\add.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\aol.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\arrow-dn.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\arrow-right-disabled.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\arrow-right.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\arrow-up.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btn-divider.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btn-end.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btn-mdl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btn-mdl_ff.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btn-start.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btnover-divider.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btnover-end.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btnover-mdl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btnover-mdl_ff.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\bg-btnover-start.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\blank.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btn-widgets-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btn-widgets.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btn_slider.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btnback-down-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btnback-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btnleft-down-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btnleft-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btnright-down-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\btnright-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\button-splitter-down-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\button-splitter-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\checkmark.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\chevron.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\collapse.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\comcast.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\dtx.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\edit-back-hot.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\edit-back.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\expand.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\found.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\gmail.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\highlight.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\highlight_blue.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\highlight_cyan.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\highlight_lime.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\highlight_magenta.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\highlight_yellow.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\hotmail.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\ico-check.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\imap.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\lastsearch-thumb-back.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\loadingMid.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\lock.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\logo-separator.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\mailcom.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menu_bg-basic.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menu_separator_bar.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menu_separator_white.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menuitem-splitter.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menuitemback-down-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menuitemback-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menuitemleft-down-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menuitemleft-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menuitemright-down-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\menuitemright-vista.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\modify.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\move.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\movetarget.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\css\panels.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\css\popupAbout.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\css\popupGames.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\css\popupRSS.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\css\popupWidgets.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\css\dialog.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\bg.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\btn-search.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\default.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\tab-off-l.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\tab-off-r.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\tab-on-l.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\tab-on-r.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\transparent.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\ttlbar-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\ttlbar-mdl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\ttlbar-right.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\win-btm-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\win-btm-right.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\win-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\images\win-right.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\main.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\default\scripts\defscript.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\footer.htm c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\gamecategory.xsl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\gameData.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\gameList.xsl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\games.xsl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\gametype.xsl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\arrow-dn.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\arrow-sml.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\arrow-up.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\bg-aboutbox.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\bg-btnover.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-addtoolbar-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-addtoolbar-right.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-back.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-close-grey.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-close-greyover.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-drag.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-mdl-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-mdl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-moredetails.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-next-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-next.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-play-left-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-play-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-previous-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-previous.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-right-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-try-left-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\btn-try-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\bullet-orange.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\gamethumb-on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\gamethumb2-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\ico-calendar.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\ico-dollar.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\ico-download.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\ico-joystick24.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\ico-news24.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\ico-play.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\ico-tags.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\icon-Add.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\icon-download.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\icon-Info.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\icon-play.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\icon-shop.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\menul-bgon.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\menul-bgover.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scroll-bg-206.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scroll-bg.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scroll-topwin.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollb-disable.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollb-down.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollb-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollb.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollt-disable.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollt-down.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollt-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\scrollt.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\star_x_grey.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\star_x_orange.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\TRUSTe_about.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\view-detailed-on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\view-detailed-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\view-thumb-on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\view-thumb-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\widgets-square-16px.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\widgets-square-24px.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\images\widgets.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\initHTML.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\popupGames.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\popupHTML.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\popupRSS.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\popupWidgets.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\panels\scroll.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\pop.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\css\manager.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\css\slider.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\bg-pnl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\btn-close-grey.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\btn-close-greyover.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\collapsed_button.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\expanded_button.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\ico-playstation-down.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\ico-playstation-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\ico-playstation.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\ico-radio.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\music-note.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-btn-pause.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-btn-play.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-eq-bg.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-eq-off.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-eq-on.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-eq-warning.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-options-design-on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-options-design.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-options-on.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-options.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-volume-0.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-volume-1.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-volume-2.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-volume-3.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\radio-volume-mute.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\scrollbar-handle.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\scrollbar-track.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\slider.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\slideron.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\images\track.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\managerpanel.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radio\volumeslider.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radiobeta-buffering.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radiobeta-connecting.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radiobeta-playing.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radiobeta-stopped.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\radiobeta.ico c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\reload.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\remove.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\rename.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\resize-box.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\rss.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\rsschannelback.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\RSSLogo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\rsstabdivider.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\scroll-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\scroll-right.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\search-go.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\search.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\text-ellipsis.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\throbber.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\toolbarsplitter.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\transparent_1px.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_02.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_03.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_04.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_06.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_07.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_08.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_09.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_10.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_11.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_12.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_13.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_14.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_15.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_16.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_18.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_19.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_20.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\border_21.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\btn-close-grey.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\btn-close-greyover.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\close-hot.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\close-normal.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\loadingMid.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\proxy.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\template.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\template.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\templateFF.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\uwa\throbber.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\icons\cond999.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\icons\icons.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\icons\na-s.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\icons\na-t.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\icons\na.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\add.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lib\yahoo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\lichen.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo-about.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo-separator.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo_about_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo_over_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo_over_t_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\logo_t_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\mail.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\maps.bmp c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\menuseparatorback.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\modify-save.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\modify.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\modifyhot.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\music.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\news.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\options\options-main.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\options\options-search.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\options\options-weather.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\options\options-weather.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\options\options-widgets.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\orange.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\pixsy.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\protect-id.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\radiobeta-buffering.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\radiobeta-connecting.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\radiobeta-playing.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\radiobeta-stopped.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\radiobeta.ico c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\relatedlinks.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-collapse.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-delete.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-expand.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-feed.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-folder-remove.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-folder-rename.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-folder.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-found.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-reload.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss-subscribe.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rss.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rssback.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\rsstopback.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\search-over.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\search.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\search_button_over_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\search_button_png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\searchbar\searchbar-background-left.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\searchbar\searchbar-background-middle.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\searchbar\searchbar-background-right.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\settings.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\shopping.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\siteinfo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\skin-bluelite.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\skin-bluesky.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\skin-grey.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\skin-lichen.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\skin-orange.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\skin-yellow.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\skin.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\technorati.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\throbber.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\toolbarsplitter.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\translate.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\TRUSTe_about.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\video.bmp c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\vmn.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\vmn.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\weather.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\web.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\widgets-square-16px.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\wikipedia.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\Wincore_icon20.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\Wincore_with_shade.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\Wincore_with_shade16.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\yahoosearch.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\yellow.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\youtube.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\skin\zoom.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\IdtTransparency.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\IdtTransparency3.5.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\IdtTransparency3.6.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\windowmediator.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\install.rdf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\manifest.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a} c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\chrome.manifest c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\chrome\interdescargas-fr.jar c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\ConduitAutoCompleteSearch.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\ConduitAutoCompleteSearch.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\ConduitToolbar.idl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\ConduitToolbar.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\ConduitToolbar.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\FFExternalAlert.dll c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\FFExternalAlert.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\npmozax.dll c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\nsAxSecurityPolicy.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\components\nsIMozAxPlugin.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\defaults\default_radio_skin.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\install.rdf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\lib\xpcom.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\META-INF\manifest.mf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\META-INF\zigbert.rsa c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\META-INF\zigbert.sf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\searchplugin\conduit.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\searchplugin\conduit.ico c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\searchplugin\conduit.PNG c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\searchplugin\conduit.src c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\searchplugin\conduit.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a}\version.txt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome.manifest c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome\softonic-eng7.jar c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.idl c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.xpt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\default_radio_skin.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\fbAlert.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\install.rdf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\lib\xpcom.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\manifest.mf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.rsa c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.sf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.ico c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.PNG c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.src c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\setup.ini c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\version.txt c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\facebox.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\facebox.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\b.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\bl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\br.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\closelabel.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\loading.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\tl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\tr.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\jquery-1.4.2.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\socialapi.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\utilityapi.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\chrome\content\workers_chain.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\install.rdf c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\crossriderapp2258@crossrider.com\skin\update.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\chrome.manifest c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\arwDwn.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ae.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\bg.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ch.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cn.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cz.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\de.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\eg.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\en.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\es.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\fr.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\gr.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\he.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\il.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\it.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ja.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\jp.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\nl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\no.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pl.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pt.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ro.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ru.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sa.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\se.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sv.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\tr.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ua.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\us.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\help_16.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\home.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\logo.png c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\privecy_16_hot.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\specialoffer.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\tellafriend.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\imgs\uninstall.gif c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\mtstart.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\content\tmplt.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\defaults\preferences\instlPref.js c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffxtlbr@incredibar.com\install.rdf . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-04-15 au 2012-05-15 )))))))))))))))))))))))))))))))))))) . . 2012-05-15 08:20 . 2012-05-15 08:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-15 07:43 . 2012-05-15 07:43 -------- d-----w- c:\program files\Defraggler 2012-05-15 07:43 . 2012-05-15 07:43 -------- d-----w- c:\program files\CCleaner 2012-05-15 04:56 . 2012-05-15 04:56 -------- d-----w- c:\users\khalid\AppData\Roaming\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:55 -------- d-----w- c:\programdata\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-15 04:55 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 04:49 . 2012-05-15 04:49 388096 ----a-r- c:\users\khalid\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-15 04:49 . 2012-05-15 04:49 -------- d-----w- c:\program files\Trend Micro 2012-05-15 04:45 . 2012-05-15 04:45 -------- d-----w- c:\program files\VS Revo Group 2012-05-11 19:34 . 2012-05-11 19:34 -------- d-----w- c:\program files\Common Files\Java 2012-05-11 19:33 . 2012-05-11 19:32 476960 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-11 19:32 . 2010-04-15 10:58 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-07 19:21 . 2009-08-24 17:05 319456 ----a-w- c:\windows\DIFxAPI.dll 2012-03-13 20:31 . 2011-09-25 12:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 15:11 . 2012-04-13 20:03 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11 . 2012-04-13 20:03 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:09 . 2012-04-13 20:03 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 13:32 . 2012-04-13 20:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-02-28 11:30 . 2012-04-12 18:10 916992 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 11:25 . 2012-04-12 18:10 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-28 11:25 . 2012-04-12 18:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 11:25 . 2012-04-12 18:10 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-28 11:25 . 2012-04-12 18:10 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-02-28 10:07 . 2012-04-12 18:10 385024 ----a-w- c:\windows\system32\html.iec 2012-02-28 08:12 . 2012-04-12 18:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-28 08:08 . 2012-04-12 18:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-17 21:08 . 2010-09-17 21:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-15_07.03.26 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 13:05 . 2012-05-15 07:57 99002 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-08-24 17:02 . 2012-05-15 07:57 25326 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2950043291-1104450502-1531698635-1000_UserData.bin + 2009-08-25 00:03 . 2012-05-15 07:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-08-25 00:03 . 2012-05-15 06:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-08-25 00:03 . 2012-05-15 06:27 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-08-25 00:03 . 2012-05-15 07:55 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-08-25 00:03 . 2012-05-15 07:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-08-25 00:03 . 2012-05-15 06:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-05-15 06:26 . 2012-05-15 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-15 07:55 . 2012-05-15 07:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-15 06:26 . 2012-05-15 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-15 07:55 . 2012-05-15 07:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-01-21 01:58 . 2012-05-15 07:57 101742 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-01-21 01:58 . 2012-05-15 06:28 101742 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-03 15:14 . 2012-05-15 07:32 679042 c:\windows\System32\perfh00C.dat + 2006-11-02 10:33 . 2012-05-15 07:32 595996 c:\windows\System32\perfh009.dat + 2009-03-03 15:14 . 2012-05-15 07:32 126626 c:\windows\System32\perfc00C.dat + 2006-11-02 10:33 . 2012-05-15 07:32 104070 c:\windows\System32\perfc009.dat - 2010-10-31 20:06 . 2012-05-15 05:39 333664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-10-31 20:06 . 2012-05-15 07:54 333664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-01 401728] "Facebook Update"="c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-29 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-17 30192] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2950043291-1104450502-1531698635-1000] "EnableNotificationsRef"=dword:00000001 . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2012-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000Core.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000UA.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: ????3?? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: ???????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ???????????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\ FF - prefs.js: network.proxy.type - 2 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Interest Recognizer for Moovida: moovida@spointer.com - c:\program files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8kPNy2Id&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - be5eaf400000000000000017c49d6379 FF - user.js: extensions.incredibar_i.hardId - be5eaf400000000000000017c49d6379 FF - user.js: extensions.incredibar_i.instlDay - 15393 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2720:55 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8kPNy2Id FF - user.js: extensions.incredibar_i.upn2n - 92823901250070621 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10595 FF - user.js: extensions.incredibar_i.ppd - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-15 10:20 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j&A*s*i*a*6*6*6*k&a*v*i*\OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Heure de fin: 2012-05-15 10:32:38 ComboFix-quarantined-files.txt 2012-05-15 08:32 ComboFix2.txt 2012-05-15 07:16 . Avant-CF: 337.802.125.312 octets libres Après-CF: 336.684.539.904 octets libres . - - End Of File - - 55F992564A431F8DFB572448C7C055B6
  17. Jion
    Opm.: Combofix is na de installatie onmiddelijk beginnen scannen zonder de keuze te geven om deze op te slaan op het bureaublad (wat dus niet gebeurd is) ComboFix 12-05-14.03 - khalid 15/05/2012 8:47.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3000.1722 [GMT 2:00] Lancé depuis: c:\users\khalid\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\program files\Antbar\Ant.com Toolbar\tbHElper.dll c:\program files\Incredibar.com c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibar.crx c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe c:\program files\Mozilla Firefox\components\AskHPRFF.js c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD RegistryCleaner\Aide de QUAD Registry Cleaner.chm c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles c:\program files\Windows Searchqu Toolbar c:\program files\Windows Searchqu Toolbar\sysid.ini c:\program files\Windows Searchqu Toolbar\uninstall.exe c:\users\khalid\AppData\Roaming\.# c:\users\khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities c:\users\khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk c:\users\khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk c:\users\khalid\AppData\Roaming\QUAD Backups c:\users\khalid\AppData\Roaming\Setup_WebGameAR.exe c:\users\khalid\Favorites\BackupManager.list c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf c:\windows\Instaler Setup Log.txt . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-04-15 au 2012-05-15 )))))))))))))))))))))))))))))))))))) . . 2012-05-15 07:02 . 2012-05-15 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-15 06:29 . 2012-05-15 06:29 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9AE9675-3DAB-45EA-9CF7-6BF5A33E787E}\offreg.dll 2012-05-15 04:56 . 2012-05-15 04:56 -------- d-----w- c:\users\khalid\AppData\Roaming\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:55 -------- d-----w- c:\programdata\Malwarebytes 2012-05-15 04:55 . 2012-05-15 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-15 04:55 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 04:49 . 2012-05-15 04:49 388096 ----a-r- c:\users\khalid\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-15 04:49 . 2012-05-15 04:49 -------- d-----w- c:\program files\Trend Micro 2012-05-15 04:45 . 2012-05-15 04:45 -------- d-----w- c:\program files\VS Revo Group 2012-05-14 17:19 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9AE9675-3DAB-45EA-9CF7-6BF5A33E787E}\mpengine.dll 2012-05-12 20:18 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-11 19:34 . 2012-05-11 19:34 -------- d-----w- c:\program files\Common Files\Java 2012-05-11 19:33 . 2012-05-11 19:32 476960 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-11 19:32 . 2010-04-15 10:58 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-07 19:21 . 2009-08-24 17:05 319456 ----a-w- c:\windows\DIFxAPI.dll 2012-03-20 18:44 . 2012-03-20 18:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-13 20:31 . 2011-09-25 12:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 15:11 . 2012-04-13 20:03 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11 . 2012-04-13 20:03 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:09 . 2012-04-13 20:03 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 13:32 . 2012-04-13 20:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-02-28 11:30 . 2012-04-12 18:10 916992 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 11:25 . 2012-04-12 18:10 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-28 11:25 . 2012-04-12 18:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 11:25 . 2012-04-12 18:10 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-28 11:25 . 2012-04-12 18:10 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-02-28 10:07 . 2012-04-12 18:10 385024 ----a-w- c:\windows\system32\html.iec 2012-02-28 08:12 . 2012-04-12 18:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-28 08:08 . 2012-04-12 18:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-17 21:08 . 2010-09-17 21:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-01 401728] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 68856] "Facebook Update"="c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-29 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-17 30192] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2950043291-1104450502-1531698635-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2012-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000Core.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950043291-1104450502-1531698635-1000UA.job - c:\users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 21:28] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . 2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:06] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: ????3?? IE: ????3?????? IE: ???????? IE: ???????????? IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: ????3?? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: ???????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ???????????? - c:\users\khalid\AppData\Roaming\FlashGetBHO\GetAllUrl.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: network.proxy.type - 2 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: flashgetMini Extension: {4BC2D9AA-6CE4-41b4-9864-89F58D21660D} - c:\program files\Mozilla Firefox\extensions\{4BC2D9AA-6CE4-41b4-9864-89F58D21660D} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Babylon: ffxtlbr@babylon.com - c:\program files\Mozilla Firefox\extensions\ffxtlbr@babylon.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Interest Recognizer for Moovida: moovida@spointer.com - c:\program files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: interdescargas-FR Toolbar: {31c322dc-5878-452e-a2d8-c4aab9973c9a} - %profile%\extensions\{31c322dc-5878-452e-a2d8-c4aab9973c9a} FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} FF - Ext: I Want This: crossriderapp2258@crossrider.com - %profile%\extensions\crossriderapp2258@crossrider.com FF - Ext: Bandoo for Firefox: ffox@bandoo.com - %profile%\extensions\ffox@bandoo.com FF - Ext: Incredibar Toolbar: ffxtlbr@incredibar.com - %profile%\extensions\ffxtlbr@incredibar.com FF - Ext: WincoreMediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - %profile%\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} FF - Ext: ClickPotatoLite Component: ClickPotatoLite@ClickPotatoLite.com - c:\users\khalid\AppData\Local\ClickPotatoLiteSA\bin\12.0.15.0\firefox\extensions FF - Ext: Bandoo for Firefox: ffox@bandoo.com - c:\users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\yh6ibyy4.default\extensions\ffox@bandoo.com FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8kPNy2Id&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - be5eaf400000000000000017c49d6379 FF - user.js: extensions.incredibar_i.hardId - be5eaf400000000000000017c49d6379 FF - user.js: extensions.incredibar_i.instlDay - 15393 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2720:55 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8kPNy2Id FF - user.js: extensions.incredibar_i.upn2n - 92823901250070621 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10595 FF - user.js: extensions.incredibar_i.ppd - . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-10 - (no file) WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{31C322DC-5878-452E-A2D8-C4AAB9973C9A} - (no file) WebBrowser-{FE37BE35-B028-49F9-BB0C-6A38C4E55B97} - (no file) WebBrowser-{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - (no file) WebBrowser-{9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - (no file) WebBrowser-{EC69794B-60B3-44FE-A0B1-1EFEBFC131EB} - (no file) AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-15 09:03 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\khalid\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_USERS\S-1-5-21-2950043291-1104450502-1531698635-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j&A*s*i*a*6*6*6*k&a*v*i*\OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Heure de fin: 2012-05-15 09:16:02 ComboFix-quarantined-files.txt 2012-05-15 07:15 . Avant-CF: 336.149.372.928 octets libres Après-CF: 336.928.047.104 octets libres . - - End Of File - - 650DFAB0EB9A013CEB5ACB83A561F8CE
  18. Jion
    Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Version de la base de données: v2012.05.15.01 Windows Vista Service Pack 2 x86 NTFS (Mode sans échec/Réseau) Internet Explorer 8.0.6001.19222 khalid :: PC-DE-KHALID [administrateur] 15/05/2012 8:18:14 mbam-log-2012-05-15 (08-18-14).txt Type d'examen: Examen rapide Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 200730 Temps écoulé: 6 minute(s), 45 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 2 HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:38:00, on 15/05/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19222) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Windows\system32\igfxext.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\khalid\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\igfxext.exe C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Interest recogniser for Moovida (powered by Spointer) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S4153.tmp" /EF "HKCU" O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\irmon.dll,-2000 (Irmon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 24665 bytes
  19. Jion
    Beste Kape, Kweezie Wabbit, Hierbij terug is een Hjt logje van een zwaar geïnfecteerd systeem. Alvast bedankt voor de hulp! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:44:16, on 15/05/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19222) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: interdescargas-FR Toolbar - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - C:\Program Files\interdescargas-FR\tbint1.dll R3 - URLSearchHook: Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz1.dll R3 - URLSearchHook: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll R3 - URLSearchHook: Nova-FR Toolbar - {ec69794b-60b3-44fe-a0b1-1efebfc131eb} - C:\Program Files\Nova-FR\tbNova.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing) O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: interdescargas-FR Toolbar - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - C:\Program Files\interdescargas-FR\tbint1.dll O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O2 - BHO: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Interest recogniser for Moovida (powered by Spointer) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: Nova-FR Toolbar - {ec69794b-60b3-44fe-a0b1-1efebfc131eb} - C:\Program Files\Nova-FR\tbNova.dll O2 - BHO: Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: interdescargas-FR Toolbar - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - C:\Program Files\interdescargas-FR\tbint1.dll O3 - Toolbar: Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz1.dll O3 - Toolbar: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll O3 - Toolbar: Nova-FR Toolbar - {ec69794b-60b3-44fe-a0b1-1efebfc131eb} - C:\Program Files\Nova-FR\tbNova.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (file missing) O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S4153.tmp" /EF "HKCU" O4 - HKCU\..\Run: [badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: ¹·¹·¾²µçBBS - wwW.DoGGiEhoMe.CoM O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\bandoo\bndhook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\irmon.dll,-2000 (Irmon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 27606 bytes
  20. Jion
    De malware experts worden verwittigd en zullen je verder helpen doorheen het verdere proces.
  21. Jion
    Dag mevrouwtje, Welkom op PCH! Laat ons is kijken of dat alle malware effectief van je systeem verwijderd is. 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.
  22. Jion
    Je kan je systeem is opkuisen zodat je zeker bent dat de laatste sporen verwijderd worden. Download CCleaner. (Als je het nog niet hebt) Installeer het (Als je niet wil dat Google Chrome op je pc als standaard webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Sluit hierna CCleaner terug af. Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.
  23. Jion
    Open de iTunes-voorkeuren. Windows: kies Bewerken > Voorkeuren. Mac: kies iTunes > Voorkeuren. Klik op de knop Algemeen, klik vervolgens op de knop Importinstellingen in de tweede sectie van het venster. Kies in het venstermenu Importeer met (Mac) of Importeren met (Windows) de coderingsstructuur waarnaar u uw muziek wilt converteren en klik vervolgens op OK om de instellingen te bewaren. Selecteer een of meer nummers in uw muziekbibliotheek en kies vervolgens in het menu Geavanceerd een van de volgende (het menuonderdeel verandert om te tonen wat in uw importvoorkeuren is geselecteerd): Maak versie voor MP3 aan (Mac) of MP3-versie aanmaken (Windows) Maak versie voor AAC aan (Mac) of AAC-versie aanmaken (Windows) Maak versie voor AIFF aan (Mac) of AIFF-versie aanmaken (Windows) Maak versie voor WAV aan (Mac) of WAV-versie aanmaken (Windows) Maak versie voor Apple Lossless aan (Mac) of Apple Lossless-versie aanmaken (Windows) Als u bepaalde nummers nog niet in iTunes hebt geïmporteerd, kunt u deze tegelijk importeren en converteren. Hierdoor wordt een geconverteerde kopie van het bestand in uw iTunes-bibliotheek gemaakt op basis van uw iTunes-voorkeuren. Als u alle nummers in een map of op een schijf wilt converteren, houdt u de Option-toets (Mac) of Shift-toets (Windows) ingedrukt en kiest u Geavanceerd > Converteer naar (Mac) of Converteren naar (Windows) ingestelde importvoorkeur. De ingestelde importvoorkeur komt overeen met uw keuze in stap 3. In iTunes wordt u gevraagd naar de locatie van de map of schijf die u wilt importeren en converteren. Alle nummers in de map of op de schijf worden geconverteerd. Opmerking: bepaalde gekochte nummers zijn gecodeerd met een beveiligde AAC-structuur waardoor deze niet kunnen worden geconverteerd. iTunes Plus-aankopen zijn niet beveiligd en kunnen worden geconverteerd. Het nummer in de originele structuur en het geconverteerde nummer worden in uw muziekbibliotheek weergegeven. Bron: iTunes: een nummer naar een andere bestandsstructuur converteren
  24. Jion
    Heb ter info ook onderstaande info teruggevonden op de officiële site van Sweet Im: o Om SweetIM voor Messenger te verwijderen, gaat u naar “Programma’s toevoegen of verwijderen” in het controlepaneel. Zoek naar het “SweetIM voor Messenger” programma en klik op de knop “verwijderen”. o Om de SweetIM Toolbar te verwijderen: Indien u Internet Explorer gebruikt, gaat u naar “Programma’s toevoeren of verwijderen” in het configuratiescherm. Zoek naar het “SweetIM Toolbar voor Internet Explorer” programma en klik op de knop “verwijderen”. Indien u de Firefox browser gebruikt, volg dan de onderstaande instructies voor het verwijderen: 1. Klik op “Tools” aan de bovenkant van uw browser. 2. Selecteer “Add-ons”. 3. Selecteer “SweetIM Toolbar” en klik op “Verwijderen”. 4. Sluit alle Firefoxvensters. Als u Firefox weer opent, is de Toolbar verwijderd. Let op - U kunt ervoor kiezen om zowel één of beide SweetIM componenten te verwijderen. Indien u problemen ervaart met het verwijderen van de componenten, kunt u: o Naar de FAQ pagina gaan: Download Free Emoticons, Smileys, Winks and Games for MSN, AIM, Yahoo & ICQ Messenger - SweetIM en raadpleeg het onderdeel “Verwijderen” o Ons ondersteuningsteam raadplegen, dat binnen 72 uur beschikbaar wordt gesteld na uw hulpverzoek via: http://www.sweetim.com/help o Bij het verwijderen van SweetIM voor Messenger: o Wordt een registervermelding achtergelaten (simapp_id) dat het mogelijk maakt om SweetIM te identificeren, indien u SweetIM opnieuw wilt installeren. o In geval dat u de SweetIM Display Pictures hebt gebruikt – deze blijven achter in het messenger provider geheugen. Als u deze wilt verwijderen, neem dan contact op met de Helpsectie van uw messenger provider.
  25. Jion
    Ik heb deze APP zelf eens geïnstalleerd om te testen. Vreemd dat ik deze toolbar niet krijg?... Ga eens naar je Facebook startpagina en klik op APPS (links in het licht grijs). Als Sweet Im in de lijst die je nu krijgt staat, mag je deze app alvast verwijderen.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.