Puntatore mouse sparito

[lucianomnia]

Salve ragazzi, ieri avendo beccato un virus ho lanciato l'avira ed Malwarebytes
Al riavvio ho avuto l'amara sorpresa di non vedere il puntatore del mouse quindi sono bloccato.
Avendo un altro So su un altro hard disk sul pc (dal quale vi sto scrivendo) vi chiedo come posso risolvere magari sfruttando il sistema operativo in cui ho acceso


Vi ringrazio anticipatamente per l'iauto


p.s premetto che ho riattivato i virus rilevati da Malwarebytes per cercare di ripristinare la situazione prima che il puntatore sparisse. (i virus trovati con l'avira non sono riuscito a riattivarli in quanto sono stati cancellati)

[Conetti]

Visto che il problema si riferisce ad un virus, chiedi ad un moderatore di spostarti nella sezione "Sicurezza Informatica & Virus".
Scarica nel frattempo HiJackThis (sul S.O. che funziona) e salvalo su una chiavetta USB.
Avvia il S.O. infetto e controlla se, tramite la tastiera, riesci ad eseguire la scansione con il suddetto programma (clicca due volte sul file eseguibile, salvato in precedenza sulla chiavetta USB, e seleziona "Do a System Scan Only and Save a Logfile").
Al termine, posta il log ottenuto.
Fammi sapere

[lucianomnia]

Ciao, grazie per la risposta, non posso lanciare questo programma nell'hard disk che funziona dando poi ilpercorso di quello che ha problemi?

Volevo fare la stessa cosa con ccleaner, volevo pulire anche i registri; ma funziona solo su hard dik dove si trova (non accetta l'assegnazione di un hard disk diverso purtroppo)

Come si attivano i comandi da tastiera?


Sono in crisi, avendo un sacco di lavori da consegnare su quell'hard disk!

[lucianomnia]

ecco il risultato dal file di testo:


Logfile of Trend Micro HijackThis v2.0.2
S can saved at 18.36.47, on 02/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WIN D
O WS\S ystem32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H :\ WINDOWS\system32\services.exe

H 18.41 02/05/2010 :\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe 18.43 02/05/2010

\



18.56 02/05/2010





\ H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Programmi\Avira\AntiVir Desktop\sched.exe




H:\D

| OCUME~1\l\IMPOST~1\Temp\Mqc.exe
H:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
H:\Programmi\Avira\AntiVir Desktop\avguard.exe
H:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCt rlService.exe
H:\WINDOWS\system32\hasplms.exe
H:\Programmi\Java\jre6\bin\jqs.exe
H:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
H:\Programmi\File comuni\Native Instruments\Hardware\NIHardwareService.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmi\Canon\CAL\CALMAIN.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\Programmi\Avira\AntiVir Desktop\avgnt.exe
H:\Programmi\File comuni\Real\Update_OB\realsched.exe
H:\Programmi\SimpleCenter\bin\win\sclauncher.exe
H:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programmi\Orbitdownloader\orbitdm.exe
H:\Programmi\Orbitdownloader\orbitnet.exe
H:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...1&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - H:\Programmi\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Programmi\Vuze_Remote\tbVuze.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - H:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Programmi\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Programmi\Google\GoogleToolbarNotifier\5.4.4525 .1752\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Programmi\Vuze_Remote\tbVuze.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Programmi\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - H:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Programmi\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "H:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vowkjjct] H:\Documents and Settings\l\Impostazioni locali\Dati applicazioni\mtmwosrln\gcibrtwtssd.exe
O4 - HKLM\..\Run: [sclauncher] H:\Programmi\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [swg] "H:\Programmi\Google\GoogleToolbarNotifier\GoogleT oolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [vowkjjct] H:\Documents and Settings\l\Impostazioni locali\Dati applicazioni\mtmwosrln\gcibrtwtssd.exe
O4 - HKCU\..\Run: [PMCLoader] H:\Programmi\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [M5T8QL3YW3] H:\DOCUME~1\l\IMPOST~1\Temp\Mqc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = H:\Programmi\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1256313554343
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=29223
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - H:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - H:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - H:\Programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - H:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCt rlService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - H:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - Unknown owner - C:\ASUS.SYS\config\DVMExportService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - H:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - H:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - H:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - H:\Programmi\File comuni\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NMIndexingService - Unknown owner - H:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - H:\Programmi\File comuni\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - H:\Programmi\File comuni\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - H:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - H:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - H:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12431 bytes

[Conetti]

Il log di HiJackThis che hai postato è relativo alla scansione eseguita sul S.O. infetto?
Dovrei saperlo, altrimenti non posso darti le istruzioni seguenti.
Il log è apparso già così o lo hai modificato?

[lucianomnia]

si, è il risultato del so infetto.
non ho modificato nulla, ho solo copiato il file di testo
Ti ringrazio dell'aiuto

[lucianomnia]

Salve ho risolto e mi sembra giusto dire come per eventuali altri utenti in futuro
Sul sistema infetto con i comandi da tastiera su sistema/hardware/periferische ho dinstallato il mouse e riavviando il pc come per magia è spuntato il puntatore.

Per la cronaca
Il pc è lentissimo e si inchioda;
provo a lanciare di nuovo il malware sperando di togliere un pò di porcherie (si sente macinare l'hard disk)

[Conetti]

Ciao, ora ci dedichiamo quindi all'eliminazione dei malware presenti sul Pc.
Scansiona nuovamente con HiJackThis e posta il log ottenuto.
Fammi sapere

[lucianomnia]

Grazie sempre per il supporto
Allora il sistema operativo presenta i seguenti inconvenienti:

all'avvio è lentissimo, prima di poter cominciare ad usare qualche applicazione anche leggera come word passano alcuni minuti.
L'hard disk macina in maniera fastidiosa e continua, come se cercasse qualcosa e non la trovasse. Una cosa simile mi capitava quando con l'opzione cerca avviavo per l'appunto una ricerca e l'hard cominciava a macinare per trovare il file.

Infine, la cosa più grave, dopo circa dieci minuti, mi si inchioda tutto, il puntatore del mouse si pianta sul desktop ed il pc emette il famoso sibilo di impallamento.

Non so se sia o meno importante: quando si impalla la barra superiore del browser diventa grigia!

E' inutile ribadire che ho già fatto deframmentazioni, puliture varie, lanci di antivirus (avira ecc) i quali sembra che non abbiano trovato nulla di rilevante

Grazie ancora per l'aiuto (sono un pò in crisi)


ecco la scansione effettuata con il programma da te gentilmente consigliato:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.52.20, on 05/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Programmi\Avira\AntiVir Desktop\sched.exe
H:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
H:\Programmi\Avira\AntiVir Desktop\avguard.exe
H:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCt rlService.exe
H:\Programmi\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\hasplms.exe
H:\Programmi\Java\jre6\bin\jqs.exe
H:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
H:\Programmi\File comuni\Real\Update_OB\realsched.exe
H:\Programmi\SimpleCenter\bin\win\sclauncher.exe
H:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Programmi\Orbitdownloader\orbitdm.exe
H:\Programmi\File comuni\Native Instruments\Hardware\NIHardwareService.exe
H:\Programmi\Orbitdownloader\orbitnet.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmi\Canon\CAL\CALMAIN.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...1&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - H:\Programmi\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - H:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Programmi\Google\GoogleToolbarNotifier\5.4.4525 .1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - H:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "H:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sclauncher] H:\Programmi\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [swg] "H:\Programmi\Google\GoogleToolbarNotifier\GoogleT oolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCLoader] H:\Programmi\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = H:\Programmi\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://H:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1256313554343
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=29223
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - H:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - H:\Programmi\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - H:\Programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - H:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCt rlService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - H:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - Unknown owner - C:\ASUS.SYS\config\DVMExportService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - H:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - H:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - H:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - H:\Programmi\File comuni\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NMIndexingService - Unknown owner - H:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - H:\Programmi\File comuni\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - H:\Programmi\File comuni\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - H:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - H:\Programmi\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - H:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11581 bytes

[Conetti]

Fixa con HiJackThis le seguenti voci:

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/ask...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/ask...p;gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - H:\Programmi\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanag...vex-2.2.5.0.cab
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - Unknown owner - C:\ASUS.SYS\config\DVMExportService.exe (file missing)

Riavvia il Pc, disinstalla da Start --> Pannello Di Controllo --> Installazione Applicazioni la Toolbar di Ask e disattiva/disinstalla (a tua scelta) tutte le Toolbar che si avviano con il browser.
Successivamente esegui una scansione mediante l'antivirus e mediante Spybot Search & Destroy, eliminando eventuali voci rilevate.
Pulisci l'HDD mediante CCleaner ed esegui tutti gli aggiornamenti disponibili da Windows Update.
Riavvia nuovamente il Pc e controlla come si evolve la situazione