Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

problemi con la connessione ( wifi) Opzioni
ludoss
Inviato: Thursday, August 04, 2011 9:29:59 AM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
ho gia aperto un post nella sezione window xp

salve a tutti

ho un problema abbastanza serio
ieri ho scaricato un programma ( proxycap ) di 30 giorni trial,lo installato e ho provato ad usarlo,ma solo ed esclusivamente x un programma non x tutti,o molto rpobabilmente ho sbagliato.
comunque,visto che non funzionava,lho disinstallato cancellato la cartella da C / programmi e riavviato il pc.

cavolo,appena riavviato il pc in palla,bloccato,non funzionava piu,ho riavviato all'ultima sessione funzionante e si è ristabilito ma,
purtroppo la connessione alla wifi wep con pass a cui era sempre collegato nnon da più il 192.168.01 o 2 o3 ecc. mi da un numero ip sconosciuto che non riesco cambiare
anche se inserisco i dati della connessione dalla configurazione con i dns non funziona .

non so proprio che fare

help pls

di seguito i log di Hijackthis e di Malwarebytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:10:28, on 2011/08/04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\UpdateReminder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] "C:\WINDOWS\system32\AESTFltr.exe" /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'pcapwsp.dll' missing
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25041668-0733-4DBF-99D1-484BAEF416D7}: NameServer = 202.238.95.24,202.238.95.26
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: インクジェットプリンタ/スキャナ使用状況調査プログラム (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
O23 - Service: ProxyCap Service (pcapsvc) - Unknown owner - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 7351 bytes








Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Versione database: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011/08/04 16:21:51
logmalware.txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 266830
Tempo impiegato: 1 ore, 29 minuti, 37 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 1
Cartelle infette: 0
File infetti: 2

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\program files\テレマティクス車載機設定ソフト\tlm2-setorg.exe (Spyware.Passwords) -> No action taken.
c:\yzksys\traffics2\trahelpdesk.exe (PUP.Radmin) -> No

Sponsor
Inviato: Thursday, August 04, 2011 9:29:59 AM

 
ludoss
Inviato: Thursday, August 04, 2011 2:31:57 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
ho sbagliato qualcosa nella post ?
nessuno può darmi un aiuto??
r16
Inviato: Thursday, August 04, 2011 6:50:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
ho sbagliato qualcosa nella post ?
nessuno può darmi un aiuto??

Elimina quello che ha trovato Malwarebytes.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:
O4 - HKLM\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe


Riavvia il pc.
Vedi se hai risolto.
Poi posta un nuovo log di hijackthis
ludoss
Inviato: Thursday, August 04, 2011 11:03:04 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
r16 ha scritto:
Commenta:
ho sbagliato qualcosa nella post ?
nessuno può darmi un aiuto??

Elimina quello che ha trovato Malwarebytes.

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:
O4 - HKLM\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe


Riavvia il pc.
Vedi se hai risolto.
Poi posta un nuovo log di hijackthis


fatto,grazie

ma non ho risolto purtroppo
nuovo log di hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:57:58, on 2011/08/05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\UpdateReminder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\MSSQL7\binn\sqlservr.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] "C:\WINDOWS\system32\AESTFltr.exe" /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Bluetooth デバイスに送信(&B) - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Bluetooth ヘ送る - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'pcapwsp.dll' missing
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\INETCOMM.DLL
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol hijack: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: インクジェットプリンタ/スキャナ使用状況調査プログラム (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
O23 - Service: ProxyCap Service (pcapsvc) - Unknown owner - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 9551 bytes
r16
Inviato: Thursday, August 04, 2011 11:15:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina queste voci di HJT:
Commenta:
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\INETCOMM.DLL
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol hijack: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}
O23 - Service: ProxyCap Service (pcapsvc) - Unknown owner - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe (file missing)


Poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.

N.B:
Per favore non quotare le mie risposte.
Grazie.

ludoss
Inviato: Thursday, August 04, 2011 11:56:59 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
Scusa ho dimenticato di dire una cosa importante:
Anche se si connette alla linea ma l ip e diverso non scarica,quindi non riesco a connettermi a internet o a fare download o aggiornare niente.

adesso vado al lavoro lo farò quando torno
cmq io non riesco a connettermi a internet x questo problema、ip address della connessione del router 192.168.0.1 e del Pc 192.168.0.2 o 3 varia
Ma adesso si connette alla stessa connessione ma l ip e diverso tipo 164......( mentre gli altri due pc connessi alla stessa rete 192.168.0.1 router ecc. wifi non hanno problemi) si connette ma non scarica e sul marchio della connessione in basso a dx c'e un triangolo giallo con un punto esclamativo,
Il pc vede la linea wifi a cui si e sempre connesso ma quando si connette automaticamente o manualmente l ip address non e 192.168.0.1 ma bensì 164...... Sconosciuto
Questa voce non la cancella
O23 - Service: ProxyCap Service (pcapsvc) - Unknown owner - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe (file missing)


quindi sto facendo tutto con un altro pc
posso scaricare questo programma da qui e tramite pendrive portarlo su quello che ha questo problema ?
o cambia qualcosa?

N.B.
E' possibile che proxycap ha cambiato l ip del router ma solo x il pc in cui era installato ( perché , ripeto , gli altri due pc sono connessi allo stesso router con ip 192.168.0.1 )???
E dovrei entrare nel sett del router x dare l ip corretto?
ludoss
Inviato: Friday, August 05, 2011 9:52:57 AM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
per favore leggi il mio messaggio prima di questo,qui sopra ,grazie.

ecco il log del combofix

in più volevo chiederti che ne pensi di questo ?

O10 - Broken Internet access because of LSP provider 'pcapwsp.dll' missing





ComboFix 11-08-04.02 - 武末志麻 2011/08/05 16:26:53.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1041.18.1015.444 [GMT 9:00]
Running from: c:\documents and settings\武末志麻\デスクトップ\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\武末志麻\WINDOWS
c:\windows\IsUn0411.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-03 22:06 . 2011-08-03 22:06 -------- d-----w- c:\documents and settings\武末志麻\Application Data\Malwarebytes
2011-08-03 22:06 . 2011-07-06 10:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 22:06 . 2011-08-03 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-03 22:06 . 2011-07-06 10:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 22:06 . 2011-08-03 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-03 21:09 . 2011-08-03 21:09 388096 ----a-r- c:\documents and settings\武末志麻\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-03 21:09 . 2011-08-03 21:09 -------- d-----w- c:\program files\Trend Micro
2011-08-01 13:17 . 2011-08-01 13:17 315392 ----a-w- c:\windows\system32\sbcrreag.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 08:33 . 2008-05-16 12:00 1294200 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-07-06 07:21 . 2011-06-01 07:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2008-04-15 04:00 1858560 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IDTSysTrayApp"="sttray.exe" [2008-08-30 442477]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-30 442477]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-28 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 439600]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-13 63856]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"OWS Setup CmdLine"="c:\program files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" [2003-03-24 188480]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-13 949376]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-07-19 462848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-15 15360]
.
c:\documents and settings\All Users\スタート メニュー\プログラム\スタートアップ\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2006-7-3 65588]
サービス マネージャ.lnk - c:\mssql7\Binn\sqlmangr.exe [2009-2-21 110592]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010/03/13 22:06 15424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011/08/04 7:06 366640]
R2 MSSQL$YDR3MSSQL;SQL Server (YDR3MSSQL);c:\program files\Microsoft SQL Server\MSSQL10.YDR3MSSQL\MSSQL\Binn\sqlservr.exe [2009/03/30 3:25 43010392]
R2 RELNITRO;Datalight Reliance Nitro File System;c:\program files\Datalight\Reliance Nitro Windows Driver\driver\wxp\relnitro.sys [2010/10/27 15:52 410880]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008/11/13 20:27 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011/08/04 7:06 22712]
S2 pcapsvc;ProxyCap Service;"c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe" --> c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [?]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [2009/06/12 18:42 12928]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009/03/31 13:58 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009/03/30 3:09 239336]
S4 SQLAgent$YDR3MSSQL;SQL Server Agent (YDR3MSSQL);c:\program files\Microsoft SQL Server\MSSQL10.YDR3MSSQL\MSSQL\Binn\SQLAGENT.EXE [2009/03/30 3:23 366936]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\User_Feed_Synchronization-{C5F5F60E-C82F-44B5-B9ED-DD5CA8D5EEAF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Bluetooth デバイスに送信(&B) - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bluetooth ヘ送る - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\imon.dll
LSP: pcapwsp.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-NavLogon - (no file)
AddRemove-MSDE - c:\windows\IsUn0411.exe
AddRemove-TRAFFICS2_is1 - c:\traffics2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 16:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-21-3161500679-3779893021-49558662-1006\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ウ0・ン0・ヘ0・ネ0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ウ0・ン0・ヘ0・ネ0\CurVer]
@="BDATuner.コンポーネント.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6af09ec9-b429-11d4-a1fb-0090960218cb}\Shell\B*l*u*e*t*o*o*t*h* *ヌ0ミ0、0ケ0n0匠R\Command]
@="rundll32.exe c:\\WINDOWS\\system32\\BtWizard.dll,ShowWizard"
.
[HKEY_LOCAL_MACHINE\software\HPQ\{4264742F-0322-4ba5-9657-A798C5C37AD6}\Main\・・カ0・ *ャ0、0ノ0]
"Description"="ユーザー ガイド"
"Command"="c:\\Program Files\\Hewlett-Packard\\Documentation\\HpDocViewer.exe"
"Parameters"=""
"IconPath"="c:\\Program Files\\Hewlett-Packard\\Documentation\\hp_user_guides_on_state.gif"
"IconHoverPath"="c:\\Program Files\\Hewlett-Packard\\Documentation\\hp_user_guides_over_state.gif"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\imjp12.ime
c:\windows\system32\imjp12k.dll
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL
c:\progra~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL
.
Completion time: 2011-08-05 16:43:44
ComboFix-quarantined-files.txt 2011-08-05 07:43
.
Pre-Run: 32,111,460,352 バイトの空き領域
Post-Run: 32,491,659,264 バイトの空き領域
.
- - End Of File - - FE2BBE841AC1A94F7258B987227054BC
r16
Inviato: Saturday, August 06, 2011 4:23:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Driver::
pcapsvc

File::
c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe

Folder::
c:\program files\Proxy Labs\ProxyCap
c:\program files\Proxy Labs

DDS::
LSP: pcapwsp.dll


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

Poi:
Scarica XP TCP Repair e installalo :

http://www.xp-smoker.com/downloads/xptcprep.exe

Avvia XP TCP Repair e clicca

Reset TCP/IP

Repair Winsock


Chiudi il programma e riavvia il pc.
ludoss
Inviato: Sunday, August 07, 2011 12:47:47 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
ciao e grazie
allora,io fatto tutto quello che hai detto al 100% ( quando ho Avviato XP TCP Repair l'ho fatto con la linea wifi e bluetooth attivata ) ho riavviato e la connessione si è ristabilita ma,
parte scarica e si ferma tipo a 4 oppure a 10 ,se faccio aggiorna con l'antivirus a volte lo aggiorna a volte no xkè appunto non scarica,ma se avvio explorer non si connette per niente.
i numeri di ip router/pc si sono ristabiliti ,di sotto riporto il log del combofix.








ComboFix 11-08-04.02 - 武末志麻 2011/08/07 17:56:29.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1041.18.1015.484 [GMT 9:00]
Running from: c:\documents and settings\武末志麻\デスクトップ\ComboFix.exe
Command switches used :: c:\documents and settings\武末志麻\デスクトップ\CFScript.txt
AV: Sistema Antivirus NOD32 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCAPSVC
-------\Service_pcapsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-03 22:06 . 2011-08-03 22:06 -------- d-----w- c:\documents and settings\武末志麻\Application Data\Malwarebytes
2011-08-03 22:06 . 2011-07-06 10:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 22:06 . 2011-08-03 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-03 22:06 . 2011-07-06 10:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 22:06 . 2011-08-03 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-03 21:09 . 2011-08-03 21:09 388096 ----a-r- c:\documents and settings\武末志麻\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-03 21:09 . 2011-08-03 21:09 -------- d-----w- c:\program files\Trend Micro
2011-08-01 13:17 . 2011-08-01 13:17 315392 ----a-w- c:\windows\system32\sbcrreag.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 08:33 . 2008-05-16 12:00 1294200 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-07-06 07:21 . 2011-06-01 07:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2008-04-15 04:00 1858560 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-05_07.40.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-07 09:06 . 2011-08-07 09:06 16384 c:\windows\temp\Perflib_Perfdata_250.dat
- 2008-07-08 05:04 . 2011-08-04 11:54 96736 c:\windows\system32\perfc011.dat
+ 2008-07-08 05:04 . 2011-08-05 08:13 96736 c:\windows\system32\perfc011.dat
- 2008-07-08 05:04 . 2011-08-04 11:54 96742 c:\windows\system32\perfc009.dat
+ 2008-07-08 05:04 . 2011-08-05 08:13 96742 c:\windows\system32\perfc009.dat
+ 2008-07-08 05:04 . 2011-08-05 08:13 294524 c:\windows\system32\perfh011.dat
- 2008-07-08 05:04 . 2011-08-04 11:54 294524 c:\windows\system32\perfh011.dat
- 2008-07-08 05:04 . 2011-08-04 11:54 507796 c:\windows\system32\perfh009.dat
+ 2008-07-08 05:04 . 2011-08-05 08:13 507796 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 23:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IDTSysTrayApp"="sttray.exe" [2008-08-30 442477]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-30 442477]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-28 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 439600]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-13 63856]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"OWS Setup CmdLine"="c:\program files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" [2003-03-24 188480]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-13 949376]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-07-19 462848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-15 15360]
.
c:\documents and settings\All Users\スタート メニュー\プログラム\スタートアップ\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2006-7-3 65588]
サービス マネージャ.lnk - c:\mssql7\Binn\sqlmangr.exe [2009-2-21 110592]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010/03/13 22:06 15424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011/08/04 7:06 366640]
R2 MSSQL$YDR3MSSQL;SQL Server (YDR3MSSQL);c:\program files\Microsoft SQL Server\MSSQL10.YDR3MSSQL\MSSQL\Binn\sqlservr.exe [2009/03/30 3:25 43010392]
R2 RELNITRO;Datalight Reliance Nitro File System;c:\program files\Datalight\Reliance Nitro Windows Driver\driver\wxp\relnitro.sys [2010/10/27 15:52 410880]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008/11/13 20:27 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011/08/04 7:06 22712]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [2009/06/12 18:42 12928]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009/03/31 13:58 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009/03/30 3:09 239336]
S4 SQLAgent$YDR3MSSQL;SQL Server Agent (YDR3MSSQL);c:\program files\Microsoft SQL Server\MSSQL10.YDR3MSSQL\MSSQL\Binn\SQLAGENT.EXE [2009/03/30 3:23 366936]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\User_Feed_Synchronization-{C5F5F60E-C82F-44B5-B9ED-DD5CA8D5EEAF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Bluetooth デバイスに送信(&B) - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bluetooth ヘ送る - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\imon.dll
LSP: pcapwsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 18:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-21-3161500679-3779893021-49558662-1006\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ウ0・ン0・ヘ0・ネ0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ウ0・ン0・ヘ0・ネ0\CurVer]
@="BDATuner.コンポーネント.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6af09ec9-b429-11d4-a1fb-0090960218cb}\Shell\B*l*u*e*t*o*o*t*h* *ヌ0ミ0、0ケ0n0匠R\Command]
@="rundll32.exe c:\\WINDOWS\\system32\\BtWizard.dll,ShowWizard"
.
[HKEY_LOCAL_MACHINE\software\HPQ\{4264742F-0322-4ba5-9657-A798C5C37AD6}\Main\・・カ0・ *ャ0、0ノ0]
"Description"="ユーザー ガイド"
"Command"="c:\\Program Files\\Hewlett-Packard\\Documentation\\HpDocViewer.exe"
"Parameters"=""
"IconPath"="c:\\Program Files\\Hewlett-Packard\\Documentation\\hp_user_guides_on_state.gif"
"IconHoverPath"="c:\\Program Files\\Hewlett-Packard\\Documentation\\hp_user_guides_over_state.gif"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\imjp12.ime
c:\windows\system32\imjp12k.dll
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL
c:\progra~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL
.
- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\imjp12.ime
c:\windows\system32\imjp12k.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL
c:\progra~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL
c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\conime.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\mssql7\binn\sqlservr.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\mssql7\binn\sqlagent.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-07 18:13:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-07 09:13
ComboFix2.txt 2011-08-05 07:43
.
Pre-Run: 32,408,895,488 バイトの空き領域
Post-Run: 32,292,470,784 バイトの空き領域
.
- - End Of File - - 78D7EE98B2B6CDA9DB696010130F77CE
r16
Inviato: Sunday, August 07, 2011 1:41:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Segui questo percorso ed elimina il file in rosso:

c:\windows\system32\sbcrreag.dll

Riavvia il pc.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore.


Commenta:
,ma se avvio explorer non si connette per niente.


Per provare a far funzionare la connessione con IE:

Start\ pannello di controllo\ connessioni di rete
clicca con il tasto destro del mouse sulla tua connessione.
seleziona proprietà.
doppio click su "Protocollo Internet(TCP/IP)
metti la spunta a "ottieni indirizzo server DNS automaticamente".
Clicca OK.
Riavvia il pc.

Oppure:

Apri Internet Explorer.
Clicca su: Strumenti"
Opzioni Internet.
Connessioni.
Impostazioni LAN

Sotto: "Server proxy" Togli la spunta a:
"utilizza un server proxy per le connessioni lan".

Clicca OK.

Riavvia il pc.
ludoss
Inviato: Sunday, August 07, 2011 11:26:25 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
ok
fatto tutto,ma non scarica ancora,non cambia.
ip router 192.168.0.1
ip pc 192.168.0.5 ( questo anche spegnendo il router x 10 minuti oppure spegnendo il pc x la notte non cambia ,sempre 192.168.0.5 )
la spunta su dns automatica è automatica.

è come se quel programma fosse ancora nel pc ma stavolta nascosto dietro il 192.168.0.5

la spunta su server proxy non c'era,e non so come mai non mi si apre più la pagina x il punto di ripristino,si apre ma resta bianca,non appare niente
r16
Inviato: Sunday, August 07, 2011 11:34:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vediamo se OTL riscontra qualcosa:
scarica OTL by Oldtimer sul Desktop

http://oldtimer.geekstogo.com/OTL.exe

Esegui il file OTL.exe
(Dopo aver eseguito OTL, sui sistemi Windows 7 e Windows Vista si dovrà rispondere in modo affermativo alla comparsa del messaggio di avviso di UAC.)

Metti la spunta nelle caselle:
Scan all users (lo trovi in alto)
Processes: Use safe list
Services: Use safe list
Standard Registry: All
Modules: All
Drivers: All
Clicca sulla freccettina di File Age e seleziona 60 Days
Seleziona All alle voci "Files created within" e "File modified within"

Clicca su Run scan
Lascia che il programma, venga eseguito, senza interruzioni.
Finita la scansione, OTL produrrà due file di log (OTL.txt ed Extras.txt

Posta i log così: (sono 2)
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
ludoss
Inviato: Monday, August 08, 2011 11:38:44 AM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
Spero di non aver sbagliato.



Extras.Txt


OTL.Txt
r16
Inviato: Monday, August 08, 2011 1:32:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:OTL
[2008/04/15 13:00:00 | 000,004,701 | ---- | M] () -- C:\WINDOWS\System32\kkcfunc.sys

:commands
[emptytemp]
[purity]
[EMPTYFLASH]
[RESETHOSTS]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.

Posta il log.

Domanda:
Il Nod32 è regolare?
Prova a scaricare (da siti sicuri) con il Nod disattivato.
ludoss
Inviato: Monday, August 08, 2011 2:28:36 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
il Nod 32 :)

ho provato a disattivaro ma non cambia

08082011_211519.log
r16
Inviato: Monday, August 08, 2011 2:31:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ehm.....meglio se cancelli quell'affermazione, usando il tasto Edit.

Hai provato a disattivarlo, e scaricare qualcosa?
ludoss
Inviato: Monday, August 08, 2011 2:36:09 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
si
ma non va
pensi che spegnere il router x la notte possa cambiare qualcosa??
ludoss
Inviato: Monday, August 08, 2011 2:40:38 PM
Rank: AiutAmico

Iscritto dal : 2/27/2011
Posts: 91
quando clicchi sull'icona della connessione ( il televisore ) si apre una finestra ,in basso a sinistra i numeri vanno ( scaricano ) quelli a destra arrivano a 3-4 e si fermano

ho provato a cancella re anche la connessione wifi,e quando riavvio il pc x installare i driver si autoinstallano da soli
r16
Inviato: Monday, August 08, 2011 2:41:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
A questo punto è pericoloso farti fare ulteriori scansioni, perchè credo (avendo visto i vari log) che anche il S.O non sia originale.
Volevo farti fare un'ultima scansione con il tool di Kaspersky, ma forse potrebbe fare più danni che benefici.
Vedi tu:
http://support.kaspersky.com/viruses/avptool2011?level=2
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.