MyCity » Ambulanta -> Arhiva Ambulante » Kako izbrisati ChicoSys - webtmr.exe ?

Kako izbrisati ChicoSys - webtmr.exe ?

Napisano na dan: 23.4.2011

Strana:
1
2

Kako izbrisati ChicoSys - webtmr.exe ?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

ROCKAMKD Poslao: 23 Apr 2011 16:04 Idi na vrh
offline ROCKAMKD Počasni građanin Pridružio: 07 Jan 2006 Poruke: 968 Gde živiš: Skopje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma sta radio, brisao iz win32, iz registrja, u safe modu ... sa HijackThis ... opet i opet i opet se poljavluje, i to odmah. Obrisem ga sa Hijack, skeniram, eto ga opet! JAKOooo ME NERVIRA !!! Kako to da ga nista ne moze izbrisati???

Profil

dr_Bora Poslao: 23 Apr 2011 16:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trebaće nam (tačno) određeni logovi: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

ROCKAMKD Poslao: 23 Apr 2011 17:00 Idi na vrh
offline ROCKAMKD Počasni građanin Pridružio: 07 Jan 2006 Poruke: 968 Gde živiš: Skopje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 23 Apr 2011 16:29 Korak #1: * na koji način se ispoljava problem oko koga tražite pomoć; Nikako se nemoze obrisati navedeni start up entry. * kada se taj problem počeo ispoljavati; Pre 6-7 meseci sam instalirao navedeni program, child control, sa sajta http://www.salfeld.com/software/parentalcontrol/index.html Uninstalirao sam ga, ali je ovaj sturt up ostao. * ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku; Antivirusi i anti spyware ne nalaze nista sumnjivo. * na koji način ste pokušali rešiti problem; Svakako. Googlao sam za reshenjima, probao sve zivo, brisanjem, safe mode brisanjem sa disabled sistem recovery, registi brisanjem.... nista ne pomaze, opet se pojavljuje! * kakvom internet konekcijom raspolažete (tip i brzina konekcije); - lan share, preko servera, oko 50Kbs * bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru. Dobar je PC, redovito odrzavan ... Dopuna: 23 Apr 2011 16:30 Korak #2: . DDS (Ver_11-03-05.01) - NTFSx86 Run by Rocka at 16:18:12,81 on 23.04.2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.389.1033.18.1790.1064 [GMT 2:00] . AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\FolderSize\FolderSizeSvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\cchservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Rocka\Desktop\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\notepad.exe C:\Users\Rocka\Desktop\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyServer = http=;ftp=;https=; BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [ChicoSys] c:\windows\system32\cc32\webtmr.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: {ADA967B2-ABD0-480A-8B33-4850F25005D9} = 192.168.1.111,192.168.1.112 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - component: c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\users\rocka\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\users\rocka\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\rocka\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671} FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com FF - Ext: Hide IP Easy: support@easy-hideip.com - %profile%\extensions\support@easy-hideip.com FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} . ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-8 20744] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-4 15672] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-1 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-1 42184] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-26 136176] S2 ksupmgr;File-/Update Service;c:\windows\system32\ksupmgr.exe [2010-12-20 765592] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248] . =============== Created Last 30 ================ . 2011-04-23 13:36:20 -------- d-----w- c:\windows\system32\cc32 2011-04-22 23:37:03 -------- d-----w- c:\users\rocka\New folder (2) 2011-04-22 23:23:15 -------- d-----w- c:\users\rocka\New folder 2011-04-22 23:11:37 -------- d-----w- c:\users\rocka\appdata\local\Apps 2011-04-22 23:11:36 -------- d-----w- c:\users\rocka\appdata\local\Deployment 2011-04-10 14:21:30 485920 ----a-w- c:\windows\system32\nvusmb.exe 2011-04-10 14:15:22 -------- d-----w- c:\program files\NVIDIA Corporation 2011-04-10 14:11:02 324552 ----a-w- c:\program files\_setup.dll 2011-04-10 14:11:00 600680 ----a-w- c:\program files\nvudisp.exe 2011-04-10 14:11:00 535552 ----a-w- c:\program files\ISSetup.dll 2011-04-10 14:11:00 379496 ----a-w- c:\program files\setup.exe 2011-04-10 14:09:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll 2011-04-10 14:09:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll 2011-04-10 14:09:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2011-04-10 14:09:59 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll 2011-04-10 14:09:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll 2011-04-10 14:09:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll 2011-04-10 14:09:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll 2011-04-10 13:21:24 -------- d-----w- c:\program files\Driver-Soft 2011-04-09 21:08:26 -------- d-----w- c:\program files\Yuna Software 2011-04-04 21:20:19 3073320 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll 2011-04-03 23:44:56 996648 ----a-w- c:\windows\system32\ShellManager10E2D762.dll 2011-04-03 19:39:37 -------- d-----w- c:\users\rocka\appdata\local\Ahead 2011-04-03 19:30:19 -------- d-----w- c:\program files\Nero 2011-04-03 19:13:23 -------- d-----w- c:\users\rocka\appdata\roaming\HideIPEasy 2011-04-03 19:13:23 -------- d-----w- c:\progra~2\HideIPEasy 2011-04-03 19:10:39 -------- d-----w- c:\program files\HideIPEasy 2011-04-03 18:31:08 -------- d-----w- c:\users\rocka\appdata\roaming\URSoft 2011-04-03 18:31:01 -------- d-----w- c:\program files\Your Uninstaller 2010 2011-04-03 00:04:40 -------- d-----w- c:\program files\LSoft Technologies 2011-04-02 23:12:19 -------- d-----w- c:\program files\EASEUS 2011-03-27 09:39:42 -------- d-----w- c:\progra~2\Canneverbe Limited 2011-03-27 09:33:27 156 ----a-w- c:\windows\system32\SWCTL.DLL 2011-03-27 09:18:30 2037648 ----a-w- c:\windows\system32\cchservice.exe 2011-03-26 23:33:24 -------- d-sh--w- C:\$RECYCLE.BIN 2011-03-26 23:33:22 -------- d-----w- c:\users\rocka\appdata\local\temp 2011-03-26 23:22:44 98816 ----a-w- c:\windows\sed.exe 2011-03-26 23:22:44 89088 ----a-w- c:\windows\MBR.exe 2011-03-26 23:22:44 256512 ----a-w- c:\windows\PEV.exe 2011-03-26 23:22:44 161792 ----a-w- c:\windows\SWREG.exe 2011-03-26 23:11:57 2037648 ----a-w- c:\windows\system32\cchservicefuck.exe 2011-03-26 21:33:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-26 21:32:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-26 21:32:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-26 19:56:07 -------- d-----w- c:\users\rocka\appdata\roaming\GlarySoft 2011-03-26 19:52:03 -------- d-----w- c:\program files\Glary Utilities . ==================== Find3M ==================== . 2011-04-11 16:01:55 2828 --sha-w- c:\progra~2\KGyGaAvL.sys 2011-04-11 16:01:54 88 --sh--r- c:\progra~2\E75246BBED.sys 2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr 2011-01-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2010-04-09 17:33:47 5813264 ----a-w- c:\program files\hdaudio_1.0.9.1_xp_vista_win7.exe 2010-04-09 17:23:53 27098624 ----a-w- c:\program files\PhysX_9.10.0129_SystemSoftware.msi 2010-04-04 03:56:36 16980448 ----a-w- c:\program files\3DVision_197.45.exe 2010-04-03 22:55:31 509 ----a-w- c:\program files\layout.bin 2010-04-03 22:55:31 40296184 ----a-w- c:\program files\NvCplSetupInt.exe . ============= FINISH: 16:21:28,63 =============== https://www.mycity.rs/must-login.png Dopuna: 23 Apr 2011 16:52 Korak #3: Ovaj gmer 2 sata skenira.... Dopuna: 23 Apr 2011 17:00 https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Eto....

Profil

dr_Bora Poslao: 23 Apr 2011 18:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	1Ovo se svidja korisniku: Springfield Registruj se da bi pohvalio/la poruku! Ja premestih temu ovde jer pomislih da je malware u pitanju, a ne legitiman program. No, po svemu sudeći, to više ne može da se deinstalira na fin način. Restartuj Windows u Safe Mode: http://www.mycity.rs/Uputstva/Kako-uci-u-Safe-Mode-2.html i preimenuj (npr. dodaj im nastavak "bak") file-ove: C:\Windows\system32\cchservice.exe c:\windows\system32\cchservicefuck.exe i folder: c:\windows\system32\cc32 Startuj Windows normalno. Rešeno?

Profil

ROCKAMKD Poslao: 23 Apr 2011 19:33 Idi na vrh
offline ROCKAMKD Počasni građanin Pridružio: 07 Jan 2006 Poruke: 968 Gde živiš: Skopje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 23 Apr 2011 19:16 Sad chu da pronbam. ovo "c:\windows\system32\cchservicefuck.exe " sam ja preimenovao ))) Dopuna: 23 Apr 2011 19:33 Preimenovao sam .exe u .bak al nije uspelo, sha vise, sad se duplirao

Profil

dr_Bora Poslao: 23 Apr 2011 19:35 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	1Ovo se svidja korisniku: Springfield Registruj se da bi pohvalio/la poruku! Preimenovao si i folder? Ako jesi, file (proces) nije pokrenut.

Profil

ROCKAMKD Poslao: 23 Apr 2011 19:43 Idi na vrh
offline ROCKAMKD Počasni građanin Pridružio: 07 Jan 2006 Poruke: 968 Gde živiš: Skopje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 23 Apr 2011 19:40 Nisam preimenovao Folder C:\Windows\System32\cc32 , samo fajl sto je unutra. Pogledaj: Ono sto sam ja reimenovao sa "fuck" se nije dupliralo. Dopuna: 23 Apr 2011 19:43 Da uradim opet sve ponovo i preimenujem i folder cc32 ?

Profil

dr_Bora Poslao: 23 Apr 2011 19:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, da...

Profil

ROCKAMKD Poslao: 23 Apr 2011 20:05 Idi na vrh
offline ROCKAMKD Počasni građanin Pridružio: 07 Jan 2006 Poruke: 968 Gde živiš: Skopje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 23 Apr 2011 20:03 Evo ga opet. I onaj C:\Windows\system32\cchservice.exe se opet pojavio. Odakle se pojavljuju ? Ima i onaj P Boot Recovery CD, mogu sa njim da podignem sistem i da vidim sve fajlove, samo ne znam sto da delite .. Dopuna: 23 Apr 2011 20:05 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:05:39, on 23.04.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Glary Utilities\memdefrag.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\FastStone Screen Capture\FSCapture.exe C:\Users\Rocka\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; F3 - REG:win.ini: run= O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [ChicoSys] C:\Windows\system32\cc32\webtmr.exe O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{ADA967B2-ABD0-480A-8B33-4850F25005D9}: NameServer = 192.168.1.111,192.168.1.112 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: File-/Update Service (ksupmgr) - Salfeld Computer - C:\Windows\system32\ksupmgr.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 3602 bytes

Profil

dr_Bora Poslao: 23 Apr 2011 20:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, vidim gde je problem. C:\Windows\system32\ksupmgr.exe C:\Windows\system32\cchservice.exe c:\windows\system32\cc32 Odradi rename svega navedenoga.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kako izbrisati ChicoSys - webtmr.exe ?

Ko je trenutno na forumu

Ukupno su 906 korisnika na forumu :: 20 registrovanih, 4 sakrivenih i 882 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Aleksandar Tomić, amaterSRB, aramis s, babaroga, bbogdan, darkangel, draganca, mačković, Nemanja.M, nenad81, raptorsi, ruma, sevenino, skvara, SlaKoj, vathra, Vlada78, zeo, Zerajic, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by