|
|||||||
|
|
|
 |
|
|
Strumenti |
21-10-2005, 15:17
|
#1 |
|
Member
Iscritto dal: Sep 2004
Città: Italy
Messaggi: 159
|
P2P:impossibile cancellare file
Ciao a tutti!
iniziamo con il dire che sono nuovo del mondo p2p... scarico emule e inizio a scaricare il cartone animato "madagascar" dimensione 800MB e qlcs.... quando finisce di scaricare lo apro ma mi dice che nn è un file compatibile con windowsmediaplayer... al che vado a vedere su emule e vedo che mi dà completato il download ma le dimensioni del file sono solo d 2,78MB Decido quindi d cancellare il file... ma mi viene negato l'accesso in quanto mi dice che il suddetto file è usato da un altro programma.... Riavviato pc ma nulla, scan con ad-aware e antivirus "antivir guard" ma nulla... dopo il tentativo mi spara l'utilizzo della cpu al 100%.... Lascio il log di hijackThis.... se qlc vuole darmi una mano.... GRAZIE  Logfile of HijackThis v1.99.1 Scan saved at 16.10.30, on 21/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE C:\Programmi\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\acer\epm\epm-dm.exe C:\Programmi\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmi\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Internet Explorer\iexplore.exe C:\DOCUME~1\Cristina\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.email.it/ita/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmi\RXToolBar\sfcont.dll (file missing) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .mov: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125395074340 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{628E1683-3F3C-45A3-B009-7C1B9BE496B2}: NameServer = 62.94.0.1,62.94.0.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmi\RXToolBar\sfcont.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
__________________
~ V e S ~ Ultima modifica di ves81 : 21-10-2005 alle 15:31. |
|
|
|
21-10-2005, 16:53
|
#2 |
|
Senior Member
Iscritto dal: Jun 2005
Messaggi: 934
|
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
gmt - gmt.exe - Process Information Process File: gmt or gmt.exe Process Name: Gator Spyware Component Description: gmt.exe is an advertising program by Gator. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately. Please see additional details regarding this process devi aggiornare Ad-aware o i programmi che utilizzi nel frattempo termina quell'eseguibile premendo ctrl+alt+canc vai nella scheda processi e selezioni gmt.exe e lo termini |
|
|
|
|
21-10-2005, 21:21
|
#3 |
|
Senior Member
Iscritto dal: Sep 2004
Città: Brescia
Messaggi: 6574
|
prova ad usare moveonboot oppure deletedoctor dovresti riuscire a risolvere quell'inghippo.
__________________
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 21:38.
