Kako izbrisati ChicoSys - webtmr.exe ?

1

Kako izbrisati ChicoSys - webtmr.exe ?

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Ma sta radio, brisao iz win32, iz registrja, u safe modu ... sa HijackThis ... opet i opet i opet se poljavluje, i to odmah. Obrisem ga sa Hijack, skeniram, eto ga opet!

JAKOooo ME NERVIRA !!!

Kako to da ga nista ne moze izbrisati???

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Trebaće nam (tačno) određeni logovi:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 16:29

Korak #1:


* na koji način se ispoljava problem oko koga tražite pomoć;
Nikako se nemoze obrisati navedeni start up entry.

* kada se taj problem počeo ispoljavati;
Pre 6-7 meseci sam instalirao navedeni program, child control, sa sajta http://www.salfeld.com/software/parentalcontrol/index.html
Uninstalirao sam ga, ali je ovaj sturt up ostao.

* ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku;
Antivirusi i anti spyware ne nalaze nista sumnjivo.

* na koji način ste pokušali rešiti problem;
Svakako. Googlao sam za reshenjima, probao sve zivo, brisanjem, safe mode brisanjem sa disabled sistem recovery, registi brisanjem.... nista ne pomaze, opet se pojavljuje!

* kakvom internet konekcijom raspolažete (tip i brzina konekcije);
- lan share, preko servera, oko 50Kbs

* bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru.
Dobar je PC, redovito odrzavan ...

Dopuna: 23 Apr 2011 16:30

Korak #2:


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Rocka at 16:18:12,81 on 23.04.2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.389.1033.18.1790.1064 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\FolderSize\FolderSizeSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\cchservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Rocka\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Users\Rocka\Desktop\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ChicoSys] c:\windows\system32\cc32\webtmr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {ADA967B2-ABD0-480A-8B33-4850F25005D9} = 192.168.1.111,192.168.1.112
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\rocka\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\rocka\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\rocka\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Hide IP Easy: support@easy-hideip.com - %profile%\extensions\support@easy-hideip.com
FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-8 20744]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-4 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-1 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-1 42184]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-26 136176]
S2 ksupmgr;File-/Update Service;c:\windows\system32\ksupmgr.exe [2010-12-20 765592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
.
=============== Created Last 30 ================
.
2011-04-23 13:36:20 -------- d-----w- c:\windows\system32\cc32
2011-04-22 23:37:03 -------- d-----w- c:\users\rocka\New folder (2)
2011-04-22 23:23:15 -------- d-----w- c:\users\rocka\New folder
2011-04-22 23:11:37 -------- d-----w- c:\users\rocka\appdata\local\Apps
2011-04-22 23:11:36 -------- d-----w- c:\users\rocka\appdata\local\Deployment
2011-04-10 14:21:30 485920 ----a-w- c:\windows\system32\nvusmb.exe
2011-04-10 14:15:22 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-10 14:11:02 324552 ----a-w- c:\program files\_setup.dll
2011-04-10 14:11:00 600680 ----a-w- c:\program files\nvudisp.exe
2011-04-10 14:11:00 535552 ----a-w- c:\program files\ISSetup.dll
2011-04-10 14:11:00 379496 ----a-w- c:\program files\setup.exe
2011-04-10 14:09:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-04-10 14:09:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-04-10 14:09:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-04-10 14:09:59 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-04-10 14:09:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-04-10 14:09:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-04-10 14:09:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-04-10 13:21:24 -------- d-----w- c:\program files\Driver-Soft
2011-04-09 21:08:26 -------- d-----w- c:\program files\Yuna Software
2011-04-04 21:20:19 3073320 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll
2011-04-03 23:44:56 996648 ----a-w- c:\windows\system32\ShellManager10E2D762.dll
2011-04-03 19:39:37 -------- d-----w- c:\users\rocka\appdata\local\Ahead
2011-04-03 19:30:19 -------- d-----w- c:\program files\Nero
2011-04-03 19:13:23 -------- d-----w- c:\users\rocka\appdata\roaming\HideIPEasy
2011-04-03 19:13:23 -------- d-----w- c:\progra~2\HideIPEasy
2011-04-03 19:10:39 -------- d-----w- c:\program files\HideIPEasy
2011-04-03 18:31:08 -------- d-----w- c:\users\rocka\appdata\roaming\URSoft
2011-04-03 18:31:01 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-04-03 00:04:40 -------- d-----w- c:\program files\LSoft Technologies
2011-04-02 23:12:19 -------- d-----w- c:\program files\EASEUS
2011-03-27 09:39:42 -------- d-----w- c:\progra~2\Canneverbe Limited
2011-03-27 09:33:27 156 ----a-w- c:\windows\system32\SWCTL.DLL
2011-03-27 09:18:30 2037648 ----a-w- c:\windows\system32\cchservice.exe
2011-03-26 23:33:24 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-26 23:33:22 -------- d-----w- c:\users\rocka\appdata\local\temp
2011-03-26 23:22:44 98816 ----a-w- c:\windows\sed.exe
2011-03-26 23:22:44 89088 ----a-w- c:\windows\MBR.exe
2011-03-26 23:22:44 256512 ----a-w- c:\windows\PEV.exe
2011-03-26 23:22:44 161792 ----a-w- c:\windows\SWREG.exe
2011-03-26 23:11:57 2037648 ----a-w- c:\windows\system32\cchservicefuck.exe
2011-03-26 21:33:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-26 21:32:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-26 21:32:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 19:56:07 -------- d-----w- c:\users\rocka\appdata\roaming\GlarySoft
2011-03-26 19:52:03 -------- d-----w- c:\program files\Glary Utilities
.
==================== Find3M ====================
.
2011-04-11 16:01:55 2828 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-04-11 16:01:54 88 --sh--r- c:\progra~2\E75246BBED.sys
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-01-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-09 17:33:47 5813264 ----a-w- c:\program files\hdaudio_1.0.9.1_xp_vista_win7.exe
2010-04-09 17:23:53 27098624 ----a-w- c:\program files\PhysX_9.10.0129_SystemSoftware.msi
2010-04-04 03:56:36 16980448 ----a-w- c:\program files\3DVision_197.45.exe
2010-04-03 22:55:31 509 ----a-w- c:\program files\layout.bin
2010-04-03 22:55:31 40296184 ----a-w- c:\program files\NvCplSetupInt.exe
.
============= FINISH: 16:21:28,63 ===============

https://www.mycity.rs/must-login.png

Dopuna: 23 Apr 2011 16:52

Korak #3:


Ovaj gmer 2 sata skenira.... GUZ - Glavom U Zid

Dopuna: 23 Apr 2011 17:00

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png




Eto....

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ja premestih temu ovde jer pomislih da je malware u pitanju, a ne legitiman program.
No, po svemu sudeći, to više ne može da se deinstalira na fin način.

Restartuj Windows u Safe Mode: http://www.mycity.rs/Uputstva/Kako-uci-u-Safe-Mode-2.html


i preimenuj (npr. dodaj im nastavak "bak") file-ove:


C:\Windows\system32\cchservice.exe
c:\windows\system32\cchservicefuck.exe

i folder:

c:\windows\system32\cc32

Startuj Windows normalno.

Rešeno?

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 19:16

Sad chu da pronbam.

ovo "c:\windows\system32\cchservicefuck.exe " sam ja preimenovao Smile)))

Dopuna: 23 Apr 2011 19:33




Preimenovao sam .exe u .bak al nije uspelo, sha vise, sad se duplirao GUZ - Glavom U Zid

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preimenovao si i folder? Ako jesi, file (proces) nije pokrenut.

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 19:40

Nisam preimenovao Folder C:\Windows\System32\cc32 , samo fajl sto je unutra.

Pogledaj:








Ono sto sam ja reimenovao sa "fuck" se nije dupliralo.

Dopuna: 23 Apr 2011 19:43

Da uradim opet sve ponovo i preimenujem i folder cc32 ?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Da, da...

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 20:03





Evo ga opet. I onaj C:\Windows\system32\cchservice.exe se opet pojavio. Confused

Odakle se pojavljuju ?

Ima i onaj P Boot Recovery CD, mogu sa njim da podignem sistem i da vidim sve fajlove, samo ne znam sto da delite ..

Dopuna: 23 Apr 2011 20:05

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:05:39, on 23.04.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\FastStone Screen Capture\FSCapture.exe
C:\Users\Rocka\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
F3 - REG:win.ini: run=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ChicoSys] C:\Windows\system32\cc32\webtmr.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADA967B2-ABD0-480A-8B33-4850F25005D9}: NameServer = 192.168.1.111,192.168.1.112
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: File-/Update Service (ksupmgr) - Salfeld Computer - C:\Windows\system32\ksupmgr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3602 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok, vidim gde je problem.


C:\Windows\system32\ksupmgr.exe
C:\Windows\system32\cchservice.exe

c:\windows\system32\cc32

Odradi rename svega navedenoga.

Ko je trenutno na forumu
 

Ukupno su 1099 korisnika na forumu :: 35 registrovanih, 8 sakrivenih i 1056 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bestguarder, Bojadin Strumski, bokisha253, bufanje, darkangel, DonRumataEstorski, Dr.Strangelove, draganl, DragoslavS, Hans Gajger, Kubovac, kybonacci, M1los, mikrimaus, milan.vukovic, mile23, milenko crazy north, milutin134, Neutral-M, ozzy, proka89, RED4G-304, Sirius, solic, theNedjeljko, Trpe Grozni, trutcina, Tvrtko I, vaso1, vathra, W123, Wrangler, YU-UKI, Zmaj Ognjeni Vuk, Žoržo