Poslao: 11 Jul 2013 22:48
|
offline
- Majstor Ika
- Novi MyCity građanin
- Pridružio: 05 Maj 2013
- Poruke: 16
|
Napisano: 11 Jul 2013 22:39
Sumnjam da imam key logere u kompu
takodje
tvrdi da ulazi preko linux sistema da moze da mi cita chat
Dopuna: 11 Jul 2013 22:43
ono sto sam video je strasno
starnoo sam ja to poslao
promenio sam sifru jacine 15 karaktera zajedno sa brojevima
Wireless doticna osoba se nalazi na teritoriji bosne
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Wewerac at 22:41:25 on 2013-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3486.2528 [GMT 2:00]
.
.
============== Running Processes ================
.
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\MyPC Backup\BackupStack.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\DefaultTab\DefaultTabSearch.exe
E:\Program Files\Intel\iCLS Client\HeciServer.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Pando Networks\Media Booster\PMB.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Documents and Settings\Wewerac\Application Data\uTorrent\uTorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MCShield\mcshieldrtm.exe
E:\Program Files\MyPC Backup\MyPC Backup.exe
E:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\WINDOWS\system32\mspaint.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=1493902B34CAFC1D
uRun: [Pando Media Booster] e:\program files\pando networks\media booster\PMB.exe
uRun: [Skype] "e:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "e:\documents and settings\wewerac\application data\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Ultra Agent] "e:\program files\daemon tools ultra\DTAgent.exe" -autorun
uRun: [Total CMA Pack] e:\program files\total cma pack\Total CMA Pack.exe
uRun: [MCShield Monitor] e:\program files\mcshield\mcshieldrtm.exe
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [Persistence] e:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: e:\docume~1\wewerac\startm~1\programs\startup\mypcba~1.lnk - e:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.1.20
TCP: Interfaces\{CE34672B-6B09-4C82-AC1C-04B35F89F29A} : DHCPNameServer = 192.168.1.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\wewerac\application data\mozilla\firefox\profiles\zqo524n3.default\
FF - plugin: e:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: e:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: e:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: e:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: e:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 64ad48ba000000000000902b34cafc1d
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15817
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.164:54:59
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;e:\windows\system32\drivers\mv61xxmm.sys [2012-3-14 13616]
R0 mv64xxmm;mv64xxmm;e:\windows\system32\drivers\mv64xxmm.sys [2012-3-14 5632]
R0 mvxxmm;mvxxmm;e:\windows\system32\drivers\mvxxmm.sys [2012-3-14 13616]
R1 AppleCharger;AppleCharger;e:\windows\system32\drivers\AppleCharger.sys [2013-3-27 19056]
R2 BackupStack;Computer Backup (MyPC Backup);e:\program files\mypc backup\BackupStack.exe [2013-7-1 32808]
R2 DefaultTabSearch;DefaultTabSearch;e:\program files\defaulttab\DefaultTabSearch.exe [2013-2-11 572928]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;e:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;e:\program files\intel\intel(r) management engine components\dal\Jhi_service.exe [2013-3-27 166720]
R2 UNS;Intel(R) Management and Security Application User Notification Service;e:\program files\intel\intel(r) management engine components\uns\UNS.exe [2013-3-27 365376]
R3 Disc Soft Bus Service;Disc Soft Bus Service;e:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-3-6 580672]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;e:\windows\system32\drivers\dtscsibus.sys [2013-4-22 24704]
R3 MEI;Intel(R) Management Engine Interface ;e:\windows\system32\drivers\HECI.sys [2013-3-27 55104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;e:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2013-3-27 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;e:\windows\etdrv.sys [2013-3-27 17488]
S3 GVTDrv;GVTDrv;e:\windows\system32\drivers\GVTDrv.sys [2013-3-27 24944]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;e:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2013-3-27 160256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-11 20:22:44 -------- d-----w- e:\program files\MCShield
2013-07-11 20:22:44 -------- d-----w- e:\documents and settings\all users\application data\MCShield
2013-07-11 14:53:14 -------- d-----w- e:\documents and settings\wewerac\SyncFolder
2013-07-10 03:01:05 -------- d-----w- e:\documents and settings\all users\application data\Sophos
2013-07-10 03:01:03 73728 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-10 03:01:03 73728 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-10 03:01:03 73728 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-07-10 03:00:58 -------- d-----w- e:\program files\Sophos
2013-07-10 00:11:17 81920 ----a-w- e:\windows\eSellerateControl350.dll
2013-07-10 00:11:17 356352 ----a-w- e:\windows\eSellerateEngine.dll
2013-07-10 00:11:17 274432 ----a-w- e:\windows\system32\ssleay32.dll
2013-07-10 00:11:17 1122304 ----a-w- e:\windows\system32\libeay32.dll
2013-07-10 00:11:17 -------- d-----w- e:\program files\Absolute Key Logger Removal Tool
2013-07-10 00:11:04 -------- d-----w- e:\program files\MyPC Backup
2013-07-03 15:11:48 -------- d-----w- e:\program files\common files\DirectX
2013-06-26 17:54:20 40960 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-06-26 17:54:20 40960 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2013-06-26 17:54:19 -------- d-----w- e:\program files\Project64 1.6
2013-06-26 16:44:03 -------- d-----w- e:\documents and settings\wewerac\application data\Stella
2013-06-12 07:29:40 9089416 ----a-w- e:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-06-12 07:29:41 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 07:29:41 692104 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2013-05-08 19:35:33 24944 ----a-w- e:\windows\system32\drivers\GVTDrv.sys
2013-05-08 19:35:19 17488 ----a-w- e:\windows\gdrv.sys
2013-05-06 14:02:03 98304 ----a-w- e:\windows\system32\CmdLineExt.dll
2013-04-22 03:18:03 3850760 ----a-w- e:\windows\system32\d3dx9_38.dll
2013-04-22 02:54:22 24704 ----a-w- e:\windows\system32\drivers\dtscsibus.sys
.
============= FINISH: 22:41:43.71 ===============
mycity.rs/must-login.png
Dopuna: 11 Jul 2013 22:48
Ja se nalazim na teritoriji Beograda
|
|
|
|
Poslao: 11 Jul 2013 23:58
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Pozdrav. Nisi postavio DDS-ov Attach.txt izvještaj.
Zašto nemaš instaliran AV program?
|
|
|
|
|
|
Poslao: 12 Jul 2013 00:38
|
offline
- Majstor Ika
- Novi MyCity građanin
- Pridružio: 05 Maj 2013
- Poruke: 16
|
ja se izvinjavam ali ne mogu naci taj dokument pokusacu na opciji search na C ga nema,na E ga nema...windows mi je instaliran na E particiji
|
|
|
|
|
|
Poslao: 12 Jul 2013 00:46
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Ako ti je sistemska particija označena sa E:\, onda bi ti se AdwCleaner izvještaj trebao nalaziti na:
E:\AdwCleaner[S1].txt
|
|
|
|
Poslao: 12 Jul 2013 00:50
|
offline
- Majstor Ika
- Novi MyCity građanin
- Pridružio: 05 Maj 2013
- Poruke: 16
|
Napisano: 12 Jul 2013 0:49
nema ni na jednoj od pomenutih tri particije,comodo me pitao da li smem da ga pustim i ja sam potvrdio da sme
Dopuna: 12 Jul 2013 0:50
iso na delit,cekao da odradi restartovao se...malo mu je duze trebalo nego obicno pisalo je da snima poslednje izmene
|
|
|
|
Poslao: 12 Jul 2013 00:59
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Okači onda izvještaj koji bi se trebao nalaziti na lokaciji koju sam ti već ranije napisao.
|
|
|
|