Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

2 pages: [1] 2
Controllo log Opzioni
Topic Precedente · Topic Sucessivo
pinuccio53
Inviato: Sunday, January 01, 2012 8:51:10 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Buona serata ragazzi/e, prima di tutto rinnovo i miei migliori auguri per il nuovo anno.
In secondo luogo vorrei che mi controllaste il log che allego, perchè..... anno nuovo problemi vecchi.
Il p/c e parecchio rallentato, navigando su internet alcune pagine riesco ad aprirle altre no e sono quindi costretto a uscire ( uso I.E.8 ). Ricollegandomi sembra che tutto si risolva, ma non va per niente bene.
Grazie sin d'ora a chi vorrà intervenire in soccorso.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Versione database: v2012.01.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pinuccio :: PINUCCIO-A6435D [amministratore]

01/01/2012 19.08.46
mbam-log-2012-01-01 (19-08-46).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 241791
Tempo impiegato: 32 minuti, 48 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\System Volume Information\_restore{5789A7D4-8D3B-46B1-8658-39295944F50B}\RP265\A0047980.exe (Adware.Agent) -> Spostato in quarantena ed eliminato con successo.

(fine)

Questo invece è l'altro log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.50.13, on 01/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\vVX3000.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\PhotoJoy\bin\PjApp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI9130~1\Datamngr\BROWSE~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoJoy] C:\Programmi\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKCU\..\Run: [BrowserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-448539723-1957994488-1417001333-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 6693 bytes


Grazie
Pinuccio
Torna in alto
 
Sponsor
Inviato: Sunday, January 01, 2012 8:51:10 PM

 
Torna in alto
 
gabnik
Inviato: Sunday, January 01, 2012 9:12:11 PM
Rank: AiutAmico

Iscritto dal : 1/5/2010
Posts: 2,559
Ciao pinuccio53,
pare tu abbia delle toolbar che ti rallentano i browser.
Anche se non me ne intendo puoi fixare queste voci, però aspetta qualcuno di più esperto:

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

Secondo me hai troppi programmi all'avvio.

Ciao

Gabnik
Torna in alto
 
shapiro
Inviato: Sunday, January 01, 2012 9:26:24 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao

come dice gabnik hai delle toolbar che devi eliminare ma anche altre installazioni poco sicure come queste ad esempio

C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll

C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll

se vuoi un consiglio fai una scansione con combofix per eliminare la maggior parte del tuoi problemi

lo scarichi da qui e lo esegui senza installare la recovery console quando te lo chiede

segui le instruzioni del tool e posta il log che rilascia a fine scansione
Torna in alto
 
pinuccio53
Inviato: Sunday, January 01, 2012 10:14:18 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Sto cercando seguire i tuoi consigli shapiro ma cliccando per scaricare combofix non mi si apre nessuna pagina, e questo è uno dei problemi che evidenziavo nel mio post.
Come faccio???
Torna in alto
 
pinuccio53
Inviato: Sunday, January 01, 2012 10:15:13 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Sto cercando seguire i tuoi consigli shapiro ma cliccando per scaricare combofix non mi si apre nessuna pagina, e questo è uno dei problemi che evidenziavo nel mio post.
Come faccio???
Torna in alto
 
shapiro
Inviato: Sunday, January 01, 2012 10:19:48 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


hai provato con un altro browser? (mozilla - opera )
Torna in alto
 
cbbusto
Inviato: Sunday, January 01, 2012 10:32:48 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao pinuccio, se non riesci a scaricare Combofix si potrebbero eliminare alcune voci dal log di HJT, non so cosa ne
pensa shapiro, si potrebbero avere dei miglioramenti.
Torna in alto
 
pinuccio53
Inviato: Sunday, January 01, 2012 10:38:31 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
ciao cbbusto, con mozzilla sembra che vada meglio ma ho difficoltà nell'eseguire combo , non mi da nessuna opzione come diceva shapiro.
Ciao
Pinuccio
Torna in alto
 
shapiro
Inviato: Sunday, January 01, 2012 10:41:55 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao cbbusto io inizierei ad eliminare la Searchqu Toolbar che crea molti problemi qui c'e' una descrizione se nemmeno cosi' funziona oltre le voci da fixare si puo' disinstallare I.E.8 potrebbe essere corrotto qualche file

tentare anche una scansione da start esegui digita mrt e dai ok lascia avviare la scansione ed elimina tutto cio' che trova, dopo semmai riiprovi combofix


edit

ma combofix lo hai scaricato e non riesci ad eseguirlo al momento?
Torna in alto
 
pinuccio53
Inviato: Sunday, January 01, 2012 10:50:00 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Si con mozzilla sono riuscito a scaricarlo, ma non mi appare l'opzione da te evidenziata " senza installare la recovery console quando te lo chiede ".
Help
Torna in alto
 
shapiro
Inviato: Sunday, January 01, 2012 10:52:44 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Si con mozzilla sono riuscito a scaricarlo, ma non mi appare l'opzione da te evidenziata " senza installare la recovery console quando te lo chiede ".



no no pinuccio se vuoi installare la recovery console te lo chiede dopo che lo hai avviato e tu dovrai cliccare su NO
Torna in alto
 
pinuccio53
Inviato: Sunday, January 01, 2012 10:53:56 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
ok provo di nuovo
Torna in alto
 
pinuccio53
Inviato: Sunday, January 01, 2012 11:09:52 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Eccomi di nuovo qua, allego il reporto prodotto da combofix :

ComboFix 12-01-01.04 - Pinuccio 01/01/2012 23.00.10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2489 [GMT 1:00]
Eseguito da: c:\documents and settings\Pinuccio\Documenti\Download\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Windows Searchqu Toolbar
c:\programmi\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\programmi\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\programmi\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\programmi\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\programmi\Windows Searchqu Toolbar\sysid.ini
c:\programmi\Windows Searchqu Toolbar\uninstall.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-01 al 2012-01-01 )))))))))))))))))))))))))))))))))))
.
.
2012-01-01 22:04 . 2012-01-01 22:04 56200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{108FE8AB-B4DA-44FD-80D4-438EE5C90974}\offreg.dll
2012-01-01 21:47 . 2011-11-30 01:21 6823496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{108FE8AB-B4DA-44FD-80D4-438EE5C90974}\mpengine.dll
2011-12-31 14:15 . 2011-12-31 14:15 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\SumatraPDF
2011-12-31 14:14 . 2011-12-31 14:14 -------- d-----w- c:\programmi\BabylonToolbar
2011-12-31 14:14 . 2011-12-31 14:14 1491 ----a-w- C:\user.js
2011-12-31 14:14 . 2011-12-31 14:14 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\Babylon
2011-12-31 14:14 . 2011-12-31 14:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2011-12-31 14:14 . 2011-12-31 14:14 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\Babylon
2011-12-28 13:38 . 2011-12-28 13:38 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\Jasc
2011-12-28 13:35 . 2011-12-28 13:36 -------- d-----w- c:\programmi\Jasc Software Inc
2011-12-26 17:59 . 2011-12-26 18:05 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar
2011-12-26 17:59 . 2011-12-26 17:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2011-12-26 17:59 . 2011-12-26 18:03 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\FreeVideoConverter
2011-12-26 15:03 . 2011-12-26 15:03 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\Mozilla
2011-12-13 13:45 . 2011-12-13 13:45 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\Help
2011-12-13 11:58 . 2011-12-13 11:58 -------- d-----w- c:\programmi\ImageShack Uploader
2011-12-11 12:17 . 2011-12-11 12:19 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\PhotoJoy
2011-12-11 12:17 . 2011-12-11 12:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PhotoJoy
2011-12-11 12:16 . 2011-12-11 12:17 -------- d-----w- c:\programmi\PhotoJoy
2011-12-10 19:12 . 2011-12-10 19:12 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\FreeCDRipper
2011-12-10 13:37 . 2011-11-30 01:21 6823496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-09 20:00 . 2011-12-09 20:00 388096 ----a-r- c:\documents and settings\Pinuccio\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-09 19:57 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 19:46 . 2011-12-09 19:46 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
2011-12-09 19:43 . 2011-12-09 19:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-09 19:40 . 2011-12-09 19:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-12-09 19:33 . 2011-12-09 19:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2011-12-09 13:23 . 2011-12-09 13:40 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-12-09 13:23 . 2011-12-09 13:40 -------- d-----w- c:\programmi\W3i, LLC
2011-12-09 13:23 . 2011-12-09 13:23 -------- d-----w- c:\programmi\Free Offers from Freeze.com
2011-12-09 13:23 . 2011-12-09 13:29 -------- d-----w- c:\programmi\Yahoo!
2011-12-09 13:23 . 2011-12-09 13:28 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\Yahoo!
2011-12-07 21:06 . 2011-12-07 21:06 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-13 16:50 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-04-13 17:13 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-13 17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-13 17:13 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:24 . 2008-04-13 16:50 385024 ------w- c:\windows\system32\html.iec
2011-11-03 14:07 . 2011-09-14 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07 . 2008-04-13 17:13 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-13 18:55 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-13 16:54 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-13 17:13 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-08-25 20:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-21 08:00 . 2012-01-01 21:26 121816 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"PhotoJoy"="c:\programmi\PhotoJoy\bin\PhotoJoy.exe" [2011-04-04 976256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\deepinvent\\MailStore Home\\MailStoreLocal.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PjApp.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PjImp.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PhotoJoy.exe"=
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [26/08/2011 17.00.07 2255464]
S1 MpKsl4d872bf4;MpKsl4d872bf4;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7B4F987A-21BC-4C78-9389-64373AA80018}\MpKsl4d872bf4.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7B4F987A-21BC-4C78-9389-64373AA80018}\MpKsl4d872bf4.sys [?]
S1 MpKsla011a66a;MpKsla011a66a;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8BE22D99-848A-462F-A95F-99F55A7D4738}\MpKsla011a66a.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8BE22D99-848A-462F-A95F-99F55A7D4738}\MpKsla011a66a.sys [?]
S1 MpKsldf1a2254;MpKsldf1a2254;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{108FE8AB-B4DA-44FD-80D4-438EE5C90974}\MpKsldf1a2254.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{108FE8AB-B4DA-44FD-80D4-438EE5C90974}\MpKsldf1a2254.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-01-01 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2011-09-07 12:08]
.
2012-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-01-01 c:\windows\Tasks\User_Feed_Synchronization-{0D9442FE-DC7E-476A-B9BF-1A6749F8AC66}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
IE: Cerca nel web
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
TCP: DhcpNameServer = 192.168.0.1
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\documents and settings\Pinuccio\Dati applicazioni\Mozilla\Firefox\Profiles\vyk3zmwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.it/
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
AddRemove-Windows Searchqu Toolbar - c:\programmi\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3016)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\programmi\PhotoJoy\bin\PjApp.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-01-01 23:07:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-01-01 22:07
.
Pre-Run: 174.400.307.200 byte disponibili
Post-Run: 174.349.824.000 byte disponibili
.
- - End Of File - - 04EB75A053BACFAE367104EA2674602D
Torna in alto
 
shapiro
Inviato: Sunday, January 01, 2012 11:16:37 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


era la Searchqu Toolbar a creare il problema insieme ad altre infezioni, dammi il tempo di controllare il log credo ci sia altro da togliere

nel frattempo rimuovi I.E.8 e reinstallalo pulito
Torna in alto
 
shapiro
Inviato: Sunday, January 01, 2012 11:37:22 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

Code:
file::
c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE

folder::
c:\programmi\BabylonToolbar
c:\progra~1\WI9130~1\Datamngr
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar

Dirlook::
c:\documents and settings\Pinuccio\Dati applicazioni\Jasc



salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.
Torna in alto
 
pinuccio53
Inviato: Sunday, January 01, 2012 11:56:08 PM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Fatto Shapiro, questo è il log:

ComboFix 12-01-01.04 - Pinuccio 01/01/2012 23.44.25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2353 [GMT 1:00]
Eseguito da: c:\documents and settings\Pinuccio\Documenti\Download\ComboFix.exe
Opzioni usate :: c:\documents and settings\Pinuccio\Documenti\Programmi\Combofix\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\dtx.ini
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\geodata.xml
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\geoip.xml
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\guid.dat
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\log.txt
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\preferences.dat
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\stats.dat
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\uninstallIE.dat
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\version.xml
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\weather\2a4c7095d3bb92e2987f37ce76c86e39
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\weather\6b74c7d507661b451106bd0e69ddd957
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\weather\forecasts_cache.xml
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\weather\observations_cache.xml
c:\documents and settings\Pinuccio\Dati applicazioni\searchqutoolbar\weatherbutton_prefs.xml
c:\programmi\BabylonToolbar
c:\programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-01 al 2012-01-01 )))))))))))))))))))))))))))))))))))
.
.
2012-01-01 22:10 . 2012-01-01 22:10 29904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6233CCCD-D131-4505-92DE-2F0CF0F4298A}\MpKsl896aecc5.sys
2012-01-01 22:10 . 2012-01-01 22:10 56200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6233CCCD-D131-4505-92DE-2F0CF0F4298A}\offreg.dll
2012-01-01 22:10 . 2011-11-30 01:21 6823496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6233CCCD-D131-4505-92DE-2F0CF0F4298A}\mpengine.dll
2011-12-31 14:15 . 2011-12-31 14:15 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\SumatraPDF
2011-12-31 14:14 . 2011-12-31 14:14 1491 ----a-w- C:\user.js
2011-12-31 14:14 . 2011-12-31 14:14 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\Babylon
2011-12-31 14:14 . 2011-12-31 14:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2011-12-31 14:14 . 2011-12-31 14:14 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\Babylon
2011-12-28 13:38 . 2011-12-28 13:38 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\Jasc
2011-12-28 13:35 . 2011-12-28 13:36 -------- d-----w- c:\programmi\Jasc Software Inc
2011-12-26 17:59 . 2011-12-26 17:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2011-12-26 17:59 . 2011-12-26 18:03 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\FreeVideoConverter
2011-12-26 15:03 . 2011-12-26 15:03 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\Mozilla
2011-12-13 13:45 . 2011-12-13 13:45 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\Help
2011-12-13 11:58 . 2011-12-13 11:58 -------- d-----w- c:\programmi\ImageShack Uploader
2011-12-11 12:17 . 2011-12-11 12:19 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\PhotoJoy
2011-12-11 12:17 . 2011-12-11 12:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PhotoJoy
2011-12-11 12:16 . 2011-12-11 12:17 -------- d-----w- c:\programmi\PhotoJoy
2011-12-10 19:12 . 2011-12-10 19:12 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\FreeCDRipper
2011-12-10 13:37 . 2011-11-30 01:21 6823496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-09 20:00 . 2011-12-09 20:00 388096 ----a-r- c:\documents and settings\Pinuccio\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-09 19:57 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 19:46 . 2011-12-09 19:46 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
2011-12-09 19:43 . 2011-12-09 19:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-09 19:40 . 2011-12-09 19:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-12-09 19:33 . 2011-12-09 19:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2011-12-09 13:23 . 2011-12-09 13:40 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-12-09 13:23 . 2011-12-09 13:40 -------- d-----w- c:\programmi\W3i, LLC
2011-12-09 13:23 . 2011-12-09 13:23 -------- d-----w- c:\programmi\Free Offers from Freeze.com
2011-12-09 13:23 . 2011-12-09 13:29 -------- d-----w- c:\programmi\Yahoo!
2011-12-09 13:23 . 2011-12-09 13:28 -------- d-----w- c:\documents and settings\Pinuccio\Dati applicazioni\Yahoo!
2011-12-07 21:06 . 2011-12-07 21:06 -------- d-----w- c:\documents and settings\Pinuccio\Impostazioni locali\Dati applicazioni\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-04-13 16:50 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-04-13 17:13 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-13 17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-13 17:13 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:24 . 2008-04-13 16:50 385024 ------w- c:\windows\system32\html.iec
2011-11-03 14:07 . 2011-09-14 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07 . 2008-04-13 17:13 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-13 18:55 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-13 16:54 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-04-13 17:13 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-08-25 20:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-21 08:00 . 2012-01-01 21:26 121816 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Pinuccio\Dati applicazioni\Jasc ----
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"PhotoJoy"="c:\programmi\PhotoJoy\bin\PhotoJoy.exe" [2011-04-04 976256]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\deepinvent\\MailStore Home\\MailStoreLocal.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PjApp.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PjImp.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PhotoJoy.exe"=
.
R1 MpKsl896aecc5;MpKsl896aecc5;c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{6233CCCD-D131-4505-92DE-2F0CF0F4298A}\MpKsl896aecc5.sys [01/01/2012 23.10.41 29904]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [26/08/2011 17.00.07 2255464]
S1 MpKsl4d872bf4;MpKsl4d872bf4;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7B4F987A-21BC-4C78-9389-64373AA80018}\MpKsl4d872bf4.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7B4F987A-21BC-4C78-9389-64373AA80018}\MpKsl4d872bf4.sys [?]
S1 MpKsla011a66a;MpKsla011a66a;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8BE22D99-848A-462F-A95F-99F55A7D4738}\MpKsla011a66a.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{8BE22D99-848A-462F-A95F-99F55A7D4738}\MpKsla011a66a.sys [?]
S1 MpKsldf1a2254;MpKsldf1a2254;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{108FE8AB-B4DA-44FD-80D4-438EE5C90974}\MpKsldf1a2254.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{108FE8AB-B4DA-44FD-80D4-438EE5C90974}\MpKsldf1a2254.sys [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - APPMGMT
*NewlyCreated* - MPKSL896AECC5
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-01-01 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2011-09-07 12:08]
.
2012-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-01-01 c:\windows\Tasks\User_Feed_Synchronization-{0D9442FE-DC7E-476A-B9BF-1A6749F8AC66}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tiscali.it/
IE: Cerca nel web
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
TCP: DhcpNameServer = 192.168.0.1
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\documents and settings\Pinuccio\Dati applicazioni\Mozilla\Firefox\Profiles\vyk3zmwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.it/
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-BabylonToolbar - c:\programmi\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 23:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2012-01-01 23:48:16
ComboFix-quarantined-files.txt 2012-01-01 22:48
ComboFix2.txt 2012-01-01 22:07
.
Pre-Run: 174.319.915.008 byte disponibili
Post-Run: 174.323.490.816 byte disponibili
.
- - End Of File - - 4C1D2FBC0AF86D0C3EC3DD2B978CA919

Un'ultimo aiuto se possibile, mi daresti una mano a disinstallare e reinstallare IE8, dal pannello di controllo non è evidenziato
Grazie ancora
Pinuccio
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 12:01:49 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


questa cartella la conosci ?

c:\documents and settings\Pinuccio\Dati applicazioni\Jasc
Torna in alto
 
pinuccio53
Inviato: Monday, January 02, 2012 12:04:20 AM

Rank: AiutAmico

Iscritto dal : 1/26/2010
Posts: 682
Si, è relativa a un programmino che ho scaricato, ma se da fastidio si può anche eliminare, era solo una prova.
Torna in alto
 
shapiro
Inviato: Monday, January 02, 2012 12:07:50 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

no no se ti serve lasciala

fammi questa scansione

scarica TDSSKiller sul desktop

Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Per eliminare le infezioni trovate, si deve necessariamente riavviare il pc.
Posta il log che trovi in C:\
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.