Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

impossibile trovare ..csrss.exe posto log di combofix aiuto

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

impossibile trovare ..csrss.exe posto log di combofix aiuto

Messaggioda PhotoMANU » lun mar 21, 2011 6:08 pm

salve a tutti.
inizio col farvi i miei complimenti per l'introduzione che mi fa capire di aver trovato sicuramente un ottimo sito.
spero in secondo luogo di non aver sbagliato postando il log.

all'accensione mi appare il seguente messaggio :
"Impossibile trovare il file "C:\DOCUME-1\DANILO-1\IMPOST-1\Temp\Csrss.exe". Verificare che il percorso o nome del file siano corretti e ritentare. Per cercare un file fare click sul pulsante Start, quindi scegliere Trova."

quei trattini che ho fatto io nel trascrivere il percorso sono in realtà delle onde........non ne sono capace [std] )

quando do l'ok compare:
"Impossibile eseguire o caricare il file "C: stesso di prima" specificato nel registro di sistema, controllare che il file esista oppure rimuoverne il relativo riferimento nel registro di sistema."

ho trovato fra le varie domande qualcosa di simile al mio problema e avete detto alla ragazza di scaricare combofix, eseguirlo e lasciarvi il log, cosi mi sono portata un po' avanti sperando in un vostro aiuto.

incrocio le dita e vi ringrazio in anticipo
ciao



ComboFix 11-03-20.03 - danilo chirizzi 21/03/2011 16.50.26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.618 [GMT 1:00]
Eseguito da: c:\documents and settings\danilo chirizzi\Documenti\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\dtx.ini
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\games\GameTypes.xml
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\guid.dat
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\log.txt
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\preferences.dat
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\stats.dat
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\widgets_cache\category_cache.xml
c:\documents and settings\danilo chirizzi\Dati applicazioni\searchqutb\widgets_cache\widget_cache.xml
c:\programmi\Windows Searchqu Toolbar
c:\programmi\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\programmi\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\programmi\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\programmi\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\programmi\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\programmi\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\programmi\Windows Searchqu Toolbar\uninstall.exe
c:\windows\system32\config\systemprofile\Dati applicazioni\searchqutb
c:\windows\system32\Thumbs.db
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-21 al 2011-03-21 )))))))))))))))))))))))))))))))))))
.
.
2011-03-19 14:31 . 2011-03-19 14:31 -------- d-----w- c:\programmi\File comuni\Java
2011-03-09 00:06 . 2011-03-09 00:06 -------- d-----w- c:\windows\system32\GroupPolicy
2011-03-06 20:59 . 2011-03-06 20:59 -------- d-sh--w- c:\windows\ftpcache
2011-03-06 20:39 . 2011-03-06 20:39 -------- d-----w- c:\documents and settings\danilo chirizzi\Dati applicazioni\Template
2011-03-03 13:59 . 2007-08-24 18:45 101120 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2011-03-03 13:59 . 2007-08-24 18:45 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-12 23:44 . 2011-02-12 23:35 4744 ----a-w- c:\documents and settings\danilo chirizzi\Dati applicazioni\mdbu.bin
2011-02-10 18:28 . 2011-02-10 18:28 45056 ----a-w- c:\windows\NCUNINST.EXE
2011-02-02 20:40 . 2010-12-27 20:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-12-27 20:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 17:18 320832 ----a-w- c:\programmi\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 17:18 320832 ----a-w- c:\programmi\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\programmi\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"EEESplendidAR"="c:\programmi\ASUS\EPC\EeeSplendid\AutoRun.exe" [2009-02-11 24576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"IMBooster"="c:\programmi\Iminent\IMBooster\imbooster.exe" [2010-11-19 1323000]
"Iminent.Notifier"="c:\programmi\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2010-11-12 536056]
"PSUNMain"="c:\programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\danilo chirizzi\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-11 376832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
2007-09-04 17:54 86016 ----a-w- c:\programmi\Mobile Partner\Mobile Partner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [16/12/2010 18.12.42 130376]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe [16/12/2010 18.19.34 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [16/12/2010 18.12.26 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [16/12/2010 18.12.34 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [16/12/2010 18.12.51 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [16/12/2010 18.12.59 113096]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 2.59.09 38912]
S2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\Fun4IM\Bandoo.exe [02/02/2011 22.08.40 1942416]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [04/12/2009 21.43.08 135664]
S2 Windows Internet Name Service;Windows Internet Name Service;"c:\windows\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Windows Internet Name Service\wins.exe" --> c:\windows\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Windows Internet Name Service\wins.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/05/2009 21.33.24 1684736]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [12/12/2009 19.10.34 16896]
S3 hribe;hribe;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 jobszhrw;jobszhrw;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 rpmhjak;rpmhjak;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/05/2009 21.35.48 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [11/05/2009 23.31.12 232872]
S3 tlupe;tlupe;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 6.47.12 39040]
S3 zxrdbzyd;zxrdbzyd;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-02-13 c:\windows\Tasks\Driver Robot.job
- c:\programmi\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-12 16:29]
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-04 20:43]
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-04 20:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50667
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 17:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hribe]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jobszhrw]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rpmhjak]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tlupe]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zxrdbzyd]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(284)
c:\windows\system32\WININET.dll
c:\programmi\Iminent\IMBooster\Iminent.WinCore.dll
c:\programmi\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\programmi\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\programmi\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2011-03-21 17:12:16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-03-21 16:12
.
Pre-Run: 39.432.933.376 byte disponibili
Post-Run: 39.347.048.448 byte disponibili
.
- - End Of File - - 6E7318E58C4E5D834536A38F6B55B664
Avatar utente
PhotoMANU
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: lun mar 21, 2011 5:37 pm

Re: impossibile trovare ..csrss.exe posto log di combofix ai

Messaggioda crazy.cat » lun mar 21, 2011 7:51 pm

Quel tipo di errore che indichi si elimina bene solo con il log di hijackthis, quindi fai la scansione con quello.
Ci sono però delle voci poco belle nel log di combofix:
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hribe]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jobszhrw]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rpmhjak]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tlupe]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zxrdbzyd]
"ImagePath"="\??\c:\windows\system32\02.tmp"

Verifica se trovi questo file c:\windows\system32\02.tmp e vai sul sito www.virustotal.com per farglielo analizzare.

Scarica anche malwarebytes, lo aggiorni e fai la scansione.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: impossibile trovare ..csrss.exe posto log di combofix ai

Messaggioda Mr.PartyHut » mar mar 22, 2011 6:17 pm

Sto combattendo anche io con un malware che ha lo stesso effetto dell'autore del thread, ma effetti secondari ben più peggiori, tra cui la non possibilità di navigare a causa del settaggio di un proxy all'insaputa dell'utente.

fino ad ora l'ho preso alla leggera, ma ora lo devo togliere per forza, visto che questo cliente è la terza volta che me lo porta.......

Dopo aver passato SuperAntispyware, Malwarebytes, e togliendo qualche voce errata dal registro, il sistema sembra funzionare....dopo qualche giorno ritorna tutto come prima e riappare il messaggio di csrss.exe mancante.

Sembra che si rigeneri non ad ogni avvio, ma casualmente.

posterò anche io un mio log, sperando che potrete darmi una mano :)
Avatar utente
Mr.PartyHut
Neo Iscritto
Neo Iscritto
 
Messaggi: 15
Iscritto il: mer dic 08, 2010 2:46 am
Località: Italia/Marche


Re: impossibile trovare ..csrss.exe posto log di combofix ai

Messaggioda Berga95 » mer mar 23, 2011 7:58 pm

posterò anche io un mio log, sperando che potrete darmi una mano :)

Vai pure ^^
Mr.PartyHut ha scritto:Dopo aver passato SuperAntispyware, Malwarebytes, e togliendo qualche voce errata dal registro, il sistema sembra funzionare...

Allega anche questi log, per piacere (con il tag MEMO)
[ciao]
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm
Località: C:\Python27 | C:\Dev-Cpp | Treviso

Re: impossibile trovare ..csrss.exe posto log di combofix ai

Messaggioda PhotoMANU » mer mar 23, 2011 10:40 pm

ciao a tutti e grazie crazy.cat per avermi risposto cosi prontamente.
ho scaricato hijack e malwarebytes ed eseguendo la scansione completa mi ha trovato 7 elementi infetti ma del file che hai menzionato tu non ho trovato alcuna traccia [uhm] .
li ha comunque eliminati senza alcun problema ed al riavvio non mi è più apparsa quell'odiosa finestrella
[applauso+] [applauso+] [applauso+]

ti posto log di malwerebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 6145

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23/03/2011 22.29.35
mbam-log-2011-03-23 (22-29-19).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 204012
Tempo trascorso: 40 minuti, 11 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 6

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fun4IM Coordinator (Adware.Bandoo) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\programmi\Fun4IM\Bandoo.exe (Adware.Bandoo) -> No action taken.
c:\programmi\Fun4IM\BndCore.exe (Adware.Bandoo) -> No action taken.
c:\programmi\Fun4IM\extensionsmanager.exe (Adware.Bandoo) -> No action taken.
c:\system volume information\_restore{3ce18277-17e4-45b4-b1ff-b7b38677fdad}\RP60\A0052320.exe (Trojan.P2P) -> No action taken.
c:\system volume information\_restore{3ce18277-17e4-45b4-b1ff-b7b38677fdad}\rp61\a0052454.exe (Spyware.Passwords.XGen) -> No action taken.
c:\system volume information\_restore{3ce18277-17e4-45b4-b1ff-b7b38677fdad}\rp63\a0052547.exe (Spyware.Passwords.XGen) -> No action taken.


e questo è quello di hijack

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.42.39, on 23/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Iminent\IMBooster\imbooster.exe
C:\Programmi\Iminent\SearchTheWeb\Iminent.Notifier.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\hijack\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programmi\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programmi\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [EEESplendidAR] C:\Programmi\ASUS\EPC\EeeSplendid\AutoRun.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMBooster] C:\Programmi\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Programmi\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [PSUNMain] "C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [.IMinentUpdate] C:\DOCUME~1\DANILO~1\IMPOST~1\Temp\NotifierSetup.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2840332218
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Windows Internet Name Service - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Windows Internet Name Service\wins.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7657 bytes



ti ringrazio ancora tanto a presto [8D]
Avatar utente
PhotoMANU
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: lun mar 21, 2011 5:37 pm

Re: impossibile trovare ..csrss.exe posto log di combofix ai

Messaggioda Mr.PartyHut » mer mar 23, 2011 10:52 pm

Berga95 ha scritto:
posterò anche io un mio log, sperando che potrete darmi una mano :)

Vai pure ^^
Mr.PartyHut ha scritto:Dopo aver passato SuperAntispyware, Malwarebytes, e togliendo qualche voce errata dal registro, il sistema sembra funzionare...

Allega anche questi log, per piacere (con il tag MEMO)
[ciao]

Grazie per la disponibilità, ma per ora ho risolto da solo, credo. [rolleyes]

Ho passato su quella macchina ogni sorta di software AV e antirootkit esistente (tranne Combofix poichè su un pc, una volta, mi cancellò dei file vitali di windows). Ho fatto scansioni online, scansioni da dos con i rescue disk di almeno 4 AV. Ora i log dei programmi sono puliti e riesco a capirli benissimo, visto che ho ridotto tutto all'osso.

comunque mi è venuto un dubbio:
Il cliente NON ha un router con firewall, bensì un semplice e vecchio modem ADSL D-Link USB. Ha poi una ADSL TeleTU. Mi sta venendo un grosso dubbio. Come mai a casa mia con l'ADSL infostrada e il suo stesso Modem, non mi dà alcun problema una volta svirussato, mentre a casa sua, dopo 2 o 3 minuti di navigazione si re-incasina windows, si setta un proxy e viene cambiato winlogon con un malware????

Sembra come se TeleTU non abbia alcun filtro spam/malware alla sorgente. Potrebbe essere?
No perché non capisco: ogni volta che se lo porta a casa, dopo 2 minuti gli entrano 25 virus in un colpo. A casa mia ci ho navigato per ore senza neanche un AV software installato........


Grazie ;)
Avatar utente
Mr.PartyHut
Neo Iscritto
Neo Iscritto
 
Messaggi: 15
Iscritto il: mer dic 08, 2010 2:46 am
Località: Italia/Marche


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising