Kako izbrisati ChicoSys - webtmr.exe ?

1

Kako izbrisati ChicoSys - webtmr.exe ?

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Ma sta radio, brisao iz win32, iz registrja, u safe modu ... sa HijackThis ... opet i opet i opet se poljavluje, i to odmah. Obrisem ga sa Hijack, skeniram, eto ga opet!

JAKOooo ME NERVIRA !!!

Kako to da ga nista ne moze izbrisati???

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Trebaće nam (tačno) određeni logovi:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 16:29

Korak #1:


* na koji način se ispoljava problem oko koga tražite pomoć;
Nikako se nemoze obrisati navedeni start up entry.

* kada se taj problem počeo ispoljavati;
Pre 6-7 meseci sam instalirao navedeni program, child control, sa sajta http://www.salfeld.com/software/parentalcontrol/index.html
Uninstalirao sam ga, ali je ovaj sturt up ostao.

* ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku;
Antivirusi i anti spyware ne nalaze nista sumnjivo.

* na koji način ste pokušali rešiti problem;
Svakako. Googlao sam za reshenjima, probao sve zivo, brisanjem, safe mode brisanjem sa disabled sistem recovery, registi brisanjem.... nista ne pomaze, opet se pojavljuje!

* kakvom internet konekcijom raspolažete (tip i brzina konekcije);
- lan share, preko servera, oko 50Kbs

* bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru.
Dobar je PC, redovito odrzavan ...

Dopuna: 23 Apr 2011 16:30

Korak #2:


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Rocka at 16:18:12,81 on 23.04.2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.389.1033.18.1790.1064 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\FolderSize\FolderSizeSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\cchservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Rocka\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Users\Rocka\Desktop\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ChicoSys] c:\windows\system32\cc32\webtmr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {ADA967B2-ABD0-480A-8B33-4850F25005D9} = 192.168.1.111,192.168.1.112
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\rocka\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\rocka\appdata\roaming\mozilla\firefox\profiles\dxx3s6mh.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\rocka\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\rocka\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Hide IP Easy: support@easy-hideip.com - %profile%\extensions\support@easy-hideip.com
FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-8 20744]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-4 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-1 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-1 42184]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-26 136176]
S2 ksupmgr;File-/Update Service;c:\windows\system32\ksupmgr.exe [2010-12-20 765592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
.
=============== Created Last 30 ================
.
2011-04-23 13:36:20 -------- d-----w- c:\windows\system32\cc32
2011-04-22 23:37:03 -------- d-----w- c:\users\rocka\New folder (2)
2011-04-22 23:23:15 -------- d-----w- c:\users\rocka\New folder
2011-04-22 23:11:37 -------- d-----w- c:\users\rocka\appdata\local\Apps
2011-04-22 23:11:36 -------- d-----w- c:\users\rocka\appdata\local\Deployment
2011-04-10 14:21:30 485920 ----a-w- c:\windows\system32\nvusmb.exe
2011-04-10 14:15:22 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-10 14:11:02 324552 ----a-w- c:\program files\_setup.dll
2011-04-10 14:11:00 600680 ----a-w- c:\program files\nvudisp.exe
2011-04-10 14:11:00 535552 ----a-w- c:\program files\ISSetup.dll
2011-04-10 14:11:00 379496 ----a-w- c:\program files\setup.exe
2011-04-10 14:09:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-04-10 14:09:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-04-10 14:09:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-04-10 14:09:59 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-04-10 14:09:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-04-10 14:09:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-04-10 14:09:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-04-10 13:21:24 -------- d-----w- c:\program files\Driver-Soft
2011-04-09 21:08:26 -------- d-----w- c:\program files\Yuna Software
2011-04-04 21:20:19 3073320 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll
2011-04-03 23:44:56 996648 ----a-w- c:\windows\system32\ShellManager10E2D762.dll
2011-04-03 19:39:37 -------- d-----w- c:\users\rocka\appdata\local\Ahead
2011-04-03 19:30:19 -------- d-----w- c:\program files\Nero
2011-04-03 19:13:23 -------- d-----w- c:\users\rocka\appdata\roaming\HideIPEasy
2011-04-03 19:13:23 -------- d-----w- c:\progra~2\HideIPEasy
2011-04-03 19:10:39 -------- d-----w- c:\program files\HideIPEasy
2011-04-03 18:31:08 -------- d-----w- c:\users\rocka\appdata\roaming\URSoft
2011-04-03 18:31:01 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-04-03 00:04:40 -------- d-----w- c:\program files\LSoft Technologies
2011-04-02 23:12:19 -------- d-----w- c:\program files\EASEUS
2011-03-27 09:39:42 -------- d-----w- c:\progra~2\Canneverbe Limited
2011-03-27 09:33:27 156 ----a-w- c:\windows\system32\SWCTL.DLL
2011-03-27 09:18:30 2037648 ----a-w- c:\windows\system32\cchservice.exe
2011-03-26 23:33:24 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-26 23:33:22 -------- d-----w- c:\users\rocka\appdata\local\temp
2011-03-26 23:22:44 98816 ----a-w- c:\windows\sed.exe
2011-03-26 23:22:44 89088 ----a-w- c:\windows\MBR.exe
2011-03-26 23:22:44 256512 ----a-w- c:\windows\PEV.exe
2011-03-26 23:22:44 161792 ----a-w- c:\windows\SWREG.exe
2011-03-26 23:11:57 2037648 ----a-w- c:\windows\system32\cchservicefuck.exe
2011-03-26 21:33:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-26 21:32:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-26 21:32:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 19:56:07 -------- d-----w- c:\users\rocka\appdata\roaming\GlarySoft
2011-03-26 19:52:03 -------- d-----w- c:\program files\Glary Utilities
.
==================== Find3M ====================
.
2011-04-11 16:01:55 2828 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-04-11 16:01:54 88 --sh--r- c:\progra~2\E75246BBED.sys
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-01-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-09 17:33:47 5813264 ----a-w- c:\program files\hdaudio_1.0.9.1_xp_vista_win7.exe
2010-04-09 17:23:53 27098624 ----a-w- c:\program files\PhysX_9.10.0129_SystemSoftware.msi
2010-04-04 03:56:36 16980448 ----a-w- c:\program files\3DVision_197.45.exe
2010-04-03 22:55:31 509 ----a-w- c:\program files\layout.bin
2010-04-03 22:55:31 40296184 ----a-w- c:\program files\NvCplSetupInt.exe
.
============= FINISH: 16:21:28,63 ===============

https://www.mycity.rs/must-login.png

Dopuna: 23 Apr 2011 16:52

Korak #3:


Ovaj gmer 2 sata skenira.... GUZ - Glavom U Zid

Dopuna: 23 Apr 2011 17:00

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png




Eto....

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ja premestih temu ovde jer pomislih da je malware u pitanju, a ne legitiman program.
No, po svemu sudeći, to više ne može da se deinstalira na fin način.

Restartuj Windows u Safe Mode: http://www.mycity.rs/Uputstva/Kako-uci-u-Safe-Mode-2.html


i preimenuj (npr. dodaj im nastavak "bak") file-ove:


C:\Windows\system32\cchservice.exe
c:\windows\system32\cchservicefuck.exe

i folder:

c:\windows\system32\cc32

Startuj Windows normalno.

Rešeno?

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 19:16

Sad chu da pronbam.

ovo "c:\windows\system32\cchservicefuck.exe " sam ja preimenovao Smile)))

Dopuna: 23 Apr 2011 19:33




Preimenovao sam .exe u .bak al nije uspelo, sha vise, sad se duplirao GUZ - Glavom U Zid

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preimenovao si i folder? Ako jesi, file (proces) nije pokrenut.

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 19:40

Nisam preimenovao Folder C:\Windows\System32\cc32 , samo fajl sto je unutra.

Pogledaj:








Ono sto sam ja reimenovao sa "fuck" se nije dupliralo.

Dopuna: 23 Apr 2011 19:43

Da uradim opet sve ponovo i preimenujem i folder cc32 ?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Da, da...

offline
  • Pridružio: 07 Jan 2006
  • Poruke: 968
  • Gde živiš: Skopje

Napisano: 23 Apr 2011 20:03





Evo ga opet. I onaj C:\Windows\system32\cchservice.exe se opet pojavio. Confused

Odakle se pojavljuju ?

Ima i onaj P Boot Recovery CD, mogu sa njim da podignem sistem i da vidim sve fajlove, samo ne znam sto da delite ..

Dopuna: 23 Apr 2011 20:05

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:05:39, on 23.04.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\FastStone Screen Capture\FSCapture.exe
C:\Users\Rocka\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
F3 - REG:win.ini: run=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ChicoSys] C:\Windows\system32\cc32\webtmr.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADA967B2-ABD0-480A-8B33-4850F25005D9}: NameServer = 192.168.1.111,192.168.1.112
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: File-/Update Service (ksupmgr) - Salfeld Computer - C:\Windows\system32\ksupmgr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3602 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok, vidim gde je problem.


C:\Windows\system32\ksupmgr.exe
C:\Windows\system32\cchservice.exe

c:\windows\system32\cc32

Odradi rename svega navedenoga.

Ko je trenutno na forumu
 

Ukupno su 958 korisnika na forumu :: 63 registrovanih, 10 sakrivenih i 885 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., ajo baba, Alibaba1981, alzir86, babaroga, bbogdan, Ben Roj, Boter, Bubili, calvi, crnitrn, dankisha, ddjxxi, djboj, Dorcolac, draganl, drimer, eighty-one, Frunze, geo.dule, goranst, goust, Hektor, ILGromovnik, joca83, Joja, Još malo pa deda, Koridor, Kristian_KG, krlebgd77, Krvava Devetka, laurusri, mikrimaus, milimoj, mkukoleca, MrNo, nemkea71, Niko Bitan, nikoladim, niksa517, Nixon, Panter, pein, pietro, prashinar, Profica, proka89, raketaš, rovac, sickmouse, Simon simonović, Skakac7, theNedjeljko, tmanda323, Toni, Vatrogasaccc, VJ, Vlada1389, Vladko, vlahale, voja64, zdrebac