Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi controllate il log grazie Opzioni
carducci
Inviato: Friday, January 21, 2011 1:54:03 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
dopo un mese ci risiamo ,ancora oggi sono state inviate mail a tutti i miei contatti a mio nome con un file infetto all'interno
con la scansione dell'antivirus nod32 ha trovato questo virus /TrojanDownloader.Agent.QLH cavallo di troia - cancellato
con malwarebytes non ho trovato niente
con antivirus msn non ho trovato niente
una curosità come fa nod 32 trovare questo virus e non averlo intercettato precedentemente con il controllo attivato
vi inserisco il logo per sicurezza. grazie





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.53.34, on 21/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\RunDll32.exe
F:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
F:\Programmi\Eset\nod32kui.exe
F:\Programmi\Windows Defender\MSASCui.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
F:\WINDOWS\vVX1000.exe
F:\WINDOWS\system32\rundll32.exe
F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
F:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
F:\Programmi\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Microsoft LifeCam\MSCamS32.exe
F:\Programmi\Skype\Phone\Skype.exe
F:\Programmi\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
F:\Programmi\Eset\nod32krn.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Windows Live\Messenger\msnmsgr.exe
F:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
F:\Programmi\Windows Live\Contacts\wlcomm.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Mozilla Firefox\firefox.exe
F:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - F:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - F:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "F:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Defender] "F:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VX1000] F:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "F:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UpdateReminder] F:\Programmi\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [Babylon Client] F:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DATAMNGR] F:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0258B1C-68B1-4B0A-B1D9-B7628432A250}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: f:\progra~1\wi9130~1\datamngr\datamngr.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - F:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - F:\Programmi\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Programmi\Eset\nod32krn.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - F:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 9969 bytes
Sponsor
Inviato: Friday, January 21, 2011 1:54:03 PM

 
r16
Inviato: Friday, January 21, 2011 9:25:00 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Elimina queste voci di HJT:
Commenta:
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - F:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - F:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [Babylon Client] F:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DATAMNGR] F:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [Skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O20 - AppInit_DLLs: f:\progra~1\wi9130~1\datamngr\datamngr.dll

Fai una pulizia con CCleaner. (registro compreso.)

Poi:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
carducci
Inviato: Friday, January 21, 2011 11:45:18 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
ciao
posto il log di combofix .il mio so è xp



ComboFix 11-01-20.04 - Franco 21/01/2011 23.15.53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.579 [GMT 1:00]
Eseguito da: f:\documents and settings\Franco\Desktop\ComboFix.exe
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sistema Antivirus NOD32 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Franco\Dati applicazioni\1001_Nights_The_Adventures_Of_Sindbad.exe
f:\documents and settings\Franco\Dati applicazioni\OfferBox
f:\documents and settings\Franco\Dati applicazioni\OfferBox\config.xml
f:\documents and settings\Franco\Dati applicazioni\searchqutb
f:\documents and settings\Franco\Dati applicazioni\searchqutb\dtx.ini
f:\documents and settings\Franco\Dati applicazioni\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
f:\documents and settings\Franco\Dati applicazioni\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
f:\documents and settings\Franco\Dati applicazioni\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
f:\documents and settings\Franco\Dati applicazioni\searchqutb\games\GameCategories.xml
f:\documents and settings\Franco\Dati applicazioni\searchqutb\games\GameTypes.xml
f:\documents and settings\Franco\Dati applicazioni\searchqutb\guid.dat
f:\documents and settings\Franco\Dati applicazioni\searchqutb\preferences.dat
f:\documents and settings\Franco\Dati applicazioni\searchqutb\stats.dat
f:\documents and settings\Franco\Dati applicazioni\searchqutb\uninstallIE.dat
f:\documents and settings\Franco\Dati applicazioni\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
f:\documents and settings\Franco\Dati applicazioni\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
f:\documents and settings\Franco\Dati applicazioni\searchqutb\widgets_cache\category_cache.xml
f:\documents and settings\Franco\Dati applicazioni\searchqutb\widgets_cache\widget_cache.xml
f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\iquaiiy.dat
f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\iquaiiy_nav.dat
f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\iquaiiy_navps.dat
f:\programmi\Windows Searchqu Toolbar
f:\programmi\Windows Searchqu Toolbar\Datamngr\datamngr.dll
f:\programmi\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
f:\programmi\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
f:\programmi\Windows Searchqu Toolbar\ToolBar\manifest.xml
f:\programmi\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
f:\programmi\Windows Searchqu Toolbar\ToolBar\uninstall.exe
f:\programmi\Windows Searchqu Toolbar\uninstall.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-12-21 al 2011-01-21 )))))))))))))))))))))))))))))))))))
.

2011-01-21 12:21 . 2011-01-21 12:21 388096 ----a-r- f:\documents and settings\Franco\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-21 12:21 . 2011-01-21 12:21 -------- d-----w- f:\programmi\Trend Micro
2011-01-21 09:43 . 2011-01-13 09:41 5890896 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{45B04768-DFF2-4D53-B3F4-D7C54BC858A0}\mpengine.dll
2011-01-12 22:58 . 2011-01-12 22:58 -------- d-----w- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Mozilla
2011-01-12 15:23 . 2011-01-12 15:23 -------- d-----w- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Apple
2011-01-08 20:39 . 2011-01-08 20:39 -------- d-----w- f:\documents and settings\Franco\Dati applicazioni\VendelGAMES
2011-01-08 00:10 . 2011-01-08 00:10 -------- d-----w- f:\documents and settings\Franco\Dati applicazioni\LockHunter
2011-01-04 12:52 . 2011-01-04 12:52 -------- d-----w- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Vuze_Remote
2010-12-31 13:52 . 2010-12-31 13:52 -------- d-----w- f:\documents and settings\Franco\Dati applicazioni\HitPoint Studios
2010-12-31 13:52 . 2010-12-31 13:52 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\HitPoint Studios
2010-12-28 17:29 . 2010-12-28 22:47 -------- d-----w- f:\programmi\RealArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-12-01 13:44 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-01 13:43 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-05-13 18:47 86016 ----a-w- f:\windows\system32\isign32.dll
2010-11-10 04:33 . 2009-01-06 20:43 6273872 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:51 . 2004-08-30 20:00 249856 ----a-w- f:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2004-08-30 20:00 916480 ----a-w- f:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-30 20:00 43520 ----a-w- f:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-30 20:00 1469440 ------w- f:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2004-08-30 20:00 385024 ----a-w- f:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-30 20:00 40960 ----a-w- f:\windows\system32\drivers\ndproxy.sys
2010-11-01 12:17 . 2010-10-27 11:15 4770 ----a-w- f:\windows\system32\PerfStringBackup.TMP
2010-10-28 13:13 . 2004-08-30 20:00 290048 ----a-w- f:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-08-30 20:00 1853312 ----a-w- f:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="f:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="f:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"GrooveMonitor"="f:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nod32kui"="f:\programmi\Eset\nod32kui.exe" [2008-09-01 949376]
"anvshell"="anvshell.exe" [2002-06-04 331776]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"TrueImageMonitor.exe"="f:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-03-10 2617808]
"AcronisTimounterMonitor"="f:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-03-10 909592]
"Acronis Scheduler2 Service"="f:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-03-10 140568]
"VX1000"="f:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="f:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"UpdateReminder"="f:\programmi\Eset\UpdateReminder.exe" [2010-11-03 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="f:\windows\system32\tscupgrd.exe" [2004-08-30 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ sprestrt\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\programmi vari\\Emule\\emule 3.1.2\\eMule Applejuice\\emule.exe"=
"h:\\Programmi\\Emule\\eMule Applejuice\\emule.exe"=
"h:\\Programmi\\Azureus\\Azureus.exe"=
"f:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"f:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Programmi\\Skype\\Phone\\Skype.exe"=
"f:\\Programmi\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 ANVOSDNT;ASUS Keyboard Filter Driver;f:\windows\system32\drivers\anvosdnt.sys [07/01/2009 13.18.41 322859]
R1 nod32drv;nod32drv;f:\windows\system32\drivers\nod32drv.sys [01/09/2008 10.56.56 15424]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;f:\programmi\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30/09/2010 13.39.10 196912]
R2 WinDefend;Windows Defender;f:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S1 ANVIOCTL;ANVIOCTL;f:\windows\system32\drivers\anvioctl.sys [07/01/2009 13.17.37 216496]
S2 gupdate;Servizio di Google Update (gupdate);f:\programmi\Google\Update\GoogleUpdate.exe [08/09/2010 8.14.06 136176]
S3 AVFSFilter;AVFSFilter;f:\windows\system32\DRIVERS\avfsfilter.sys --> f:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 DFE528TX;D-Link DFE-528TX PCI Adapter;f:\windows\system32\drivers\DLKRTL.SYS [13/05/2008 20.10.56 45568]
S3 PentaxUsb;PENTAX Optio 50L on USB;f:\windows\system32\drivers\CoachUsb.sys [14/05/2008 20.27.22 50976]
S3 PentaxVc;PENTAX Optio 50L Video Capture;f:\windows\system32\drivers\CoachVc.sys [14/05/2008 20.27.22 44256]
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-21 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\programmi\Google\Update\GoogleUpdate.exe [2010-09-08 07:12]

2011-01-21 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\programmi\Google\Update\GoogleUpdate.exe [2010-09-08 07:12]

2011-01-21 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1606980848-1060284298-1003Core.job
- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-01-13 19:20]

2011-01-21 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1606980848-1060284298-1003UA.job
- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-01-13 19:20]

2011-01-21 f:\windows\Tasks\MP Scheduled Scan.job
- f:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2011-01-21 f:\windows\Tasks\User_Feed_Synchronization-{E9463A99-1661-4C8F-88CF-ABC83AE94A29}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi all'elenco di stampa Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - f:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - f:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stampa ad alta velocità Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {E0258B1C-68B1-4B0A-B1D9-B7628432A250} = 192.168.1.1
FF - ProfilePath - f:\documents and settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\p0vigcot.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - f:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 23:26
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-73586283-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BBB9DF4D-2D5C-B764-C944-8F38A77CFC5F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oahampkfcbclhdpghaibhibmlllemp"=hex:64,61,6b,70,6a,62,6a,68,00,90
"oalcdmlhdmghoplbmjnnopmjjdonoh"=hex:6a,61,6b,70,6a,62,61,6e,6d,6c,67,65,6e,63,
6a,6a,62,6b,61,6a,00,cb
"nafbnhjkikpgjapllikbclboihhm"=hex:6a,61,6b,70,6a,62,61,6e,6d,6c,67,65,6e,63,
6a,6a,62,6b,61,6a,00,cb

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(1672)
f:\windows\system32\WININET.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\btncopy.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
f:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
f:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
f:\programmi\Java\jre6\bin\jqs.exe
f:\programmi\Microsoft LifeCam\MSCamS32.exe
f:\programmi\Eset\nod32krn.exe
f:\programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
f:\windows\system32\RunDll32.exe
f:\windows\system32\RUNDLL32.EXE
f:\windows\system32\rundll32.exe
f:\programmi\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-21 23:34:30 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-01-21 22:34

Pre-Run: 57.125.269.504 byte disponibili
Post-Run: 56.960.536.576 byte disponibili

- - End Of File - - B67795E8FCC98F73A0FCEA5EF00484A5
r16
Inviato: Saturday, January 22, 2011 12:02:57 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop .
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

RegNull::
[HKEY_USERS\S-1-5-21-73586283-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BBB9DF4D-2D5C-B764-C944-8F38A77CFC5F}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::
AVFSFilter


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix
carducci
Inviato: Saturday, January 22, 2011 2:16:40 AM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
ti posto il nuovo log



ComboFix 11-01-20.04 - Franco 22/01/2011 1.57.30.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.572 [GMT 1:00]
Eseguito da: f:\documents and settings\Franco\Desktop\ComboFix.exe
Opzioni usate :: f:\documents and settings\Franco\Desktop\CFScript.txt.txt
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sistema Antivirus NOD32 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVFSFILTER
-------\Service_AVFSFilter


((((((((((((((((((((((((( Files Creati Da 2010-12-22 al 2011-01-22 )))))))))))))))))))))))))))))))))))
.

2011-01-21 12:21 . 2011-01-21 12:21 388096 ----a-r- f:\documents and settings\Franco\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-21 12:21 . 2011-01-21 12:21 -------- d-----w- f:\programmi\Trend Micro
2011-01-21 09:43 . 2011-01-13 09:41 5890896 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{45B04768-DFF2-4D53-B3F4-D7C54BC858A0}\mpengine.dll
2011-01-12 22:58 . 2011-01-12 22:58 -------- d-----w- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Mozilla
2011-01-12 15:23 . 2011-01-12 15:23 -------- d-----w- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Apple
2011-01-08 20:39 . 2011-01-08 20:39 -------- d-----w- f:\documents and settings\Franco\Dati applicazioni\VendelGAMES
2011-01-08 00:10 . 2011-01-08 00:10 -------- d-----w- f:\documents and settings\Franco\Dati applicazioni\LockHunter
2011-01-04 12:52 . 2011-01-04 12:52 -------- d-----w- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Vuze_Remote
2010-12-31 13:52 . 2010-12-31 13:52 -------- d-----w- f:\documents and settings\Franco\Dati applicazioni\HitPoint Studios
2010-12-31 13:52 . 2010-12-31 13:52 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\HitPoint Studios
2010-12-28 17:29 . 2010-12-28 22:47 -------- d-----w- f:\programmi\RealArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-12-01 13:44 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-01 13:43 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-05-13 18:47 86016 ----a-w- f:\windows\system32\isign32.dll
2010-11-10 04:33 . 2009-01-06 20:43 6273872 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:51 . 2004-08-30 20:00 249856 ----a-w- f:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2004-08-30 20:00 916480 ----a-w- f:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-30 20:00 43520 ----a-w- f:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-30 20:00 1469440 ------w- f:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2004-08-30 20:00 385024 ----a-w- f:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-30 20:00 40960 ----a-w- f:\windows\system32\drivers\ndproxy.sys
2010-11-01 12:17 . 2010-10-27 11:15 4770 ----a-w- f:\windows\system32\PerfStringBackup.TMP
2010-10-28 13:13 . 2004-08-30 20:00 290048 ----a-w- f:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-08-30 20:00 1853312 ----a-w- f:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="f:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="f:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"GrooveMonitor"="f:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nod32kui"="f:\programmi\Eset\nod32kui.exe" [2008-09-01 949376]
"anvshell"="anvshell.exe" [2002-06-04 331776]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"TrueImageMonitor.exe"="f:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-03-10 2617808]
"AcronisTimounterMonitor"="f:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-03-10 909592]
"Acronis Scheduler2 Service"="f:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-03-10 140568]
"VX1000"="f:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="f:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"UpdateReminder"="f:\programmi\Eset\UpdateReminder.exe" [2010-11-03 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="f:\windows\system32\tscupgrd.exe" [2004-08-30 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ sprestrt\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\programmi vari\\Emule\\emule 3.1.2\\eMule Applejuice\\emule.exe"=
"h:\\Programmi\\Emule\\eMule Applejuice\\emule.exe"=
"h:\\Programmi\\Azureus\\Azureus.exe"=
"f:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"f:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Programmi\\Skype\\Phone\\Skype.exe"=
"f:\\Programmi\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 ANVOSDNT;ASUS Keyboard Filter Driver;f:\windows\system32\drivers\anvosdnt.sys [07/01/2009 13.18.41 322859]
R1 nod32drv;nod32drv;f:\windows\system32\drivers\nod32drv.sys [01/09/2008 10.56.56 15424]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;f:\programmi\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30/09/2010 13.39.10 196912]
R2 WinDefend;Windows Defender;f:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;f:\windows\system32\drivers\DLKRTL.SYS [13/05/2008 20.10.56 45568]
S1 ANVIOCTL;ANVIOCTL;f:\windows\system32\drivers\anvioctl.sys [07/01/2009 13.17.37 216496]
S2 gupdate;Servizio di Google Update (gupdate);f:\programmi\Google\Update\GoogleUpdate.exe [08/09/2010 8.14.06 136176]
S3 PentaxUsb;PENTAX Optio 50L on USB;f:\windows\system32\drivers\CoachUsb.sys [14/05/2008 20.27.22 50976]
S3 PentaxVc;PENTAX Optio 50L Video Capture;f:\windows\system32\drivers\CoachVc.sys [14/05/2008 20.27.22 44256]
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-22 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\programmi\Google\Update\GoogleUpdate.exe [2010-09-08 07:12]

2011-01-22 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\programmi\Google\Update\GoogleUpdate.exe [2010-09-08 07:12]

2011-01-21 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1606980848-1060284298-1003Core.job
- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-01-13 19:20]

2011-01-22 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1606980848-1060284298-1003UA.job
- f:\documents and settings\Franco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-01-13 19:20]

2011-01-22 f:\windows\Tasks\MP Scheduled Scan.job
- f:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2011-01-21 f:\windows\Tasks\User_Feed_Synchronization-{E9463A99-1661-4C8F-88CF-ABC83AE94A29}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi all'elenco di stampa Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - f:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - f:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stampa ad alta velocità Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - f:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {E0258B1C-68B1-4B0A-B1D9-B7628432A250} = 192.168.1.1
FF - ProfilePath - f:\documents and settings\Franco\Dati applicazioni\Mozilla\Firefox\Profiles\p0vigcot.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - f:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 02:07
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(972)
f:\windows\system32\WININET.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\btncopy.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
f:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
f:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
f:\programmi\Java\jre6\bin\jqs.exe
f:\programmi\Microsoft LifeCam\MSCamS32.exe
f:\programmi\Eset\nod32krn.exe
f:\programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
f:\windows\system32\RUNDLL32.EXE
f:\windows\system32\rundll32.exe
f:\programmi\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Ora fine scansione: 2011-01-22 02:14:00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-01-22 01:13
ComboFix2.txt 2011-01-21 22:34

Pre-Run: 56.977.682.432 byte disponibili
Post-Run: 56.965.066.752 byte disponibili

- - End Of File - - AA077619FD053FC6D0D63B6BD091FBA4
r16
Inviato: Saturday, January 22, 2011 12:08:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.

Per eliminare i vari Tooll scaricati: (Combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Disattiva il ripristino configurazione di sistema,
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Poi:
Dai una pulita (registro compreso)con CCleaner http://www.aiutamici.com/software?ID=11223

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch
SVUOTA IL CESTINO

Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):
clicca sulla voce Open the misc tool section .
clicca su Open ads spy.
togli la spunta alla voce Quick scan (windows base folder only) .
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected .

Fai uno ScanDisk, e una deframmentazione del HD.

Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Se il pc funziona bene abbiamo concluso.
carducci
Inviato: Saturday, January 22, 2011 12:57:20 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
Hijackthis e pulisci gli ADS scusa la mia ignoranza cosa sono gli ADS e come faccio a riconoscerli
ciao
r16
Inviato: Saturday, January 22, 2011 1:24:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
carducci ha scritto:
Hijackthis e pulisci gli ADS scusa la mia ignoranza cosa sono gli ADS e come faccio a riconoscerli
ciao

Non devi riconoscerli tu....
Sarà il programma che li riconosce.
Limitati a selezionare tutte le caselline e cliccare su Remove selected .
Nessun programma legittimo, verrà eliminato.
carducci
Inviato: Saturday, January 22, 2011 2:46:43 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
ciao e grazie per l'aiuto
r16
Inviato: Saturday, January 22, 2011 2:54:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Di niente.
Ciao.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.