Sumnjam da ima keylogere u kompu

1

Sumnjam da ima keylogere u kompu

offline
  • Pridružio: 05 Maj 2013
  • Poruke: 16

Napisano: 11 Jul 2013 22:39

Sumnjam da imam key logere u kompu
takodje




tvrdi da ulazi preko linux sistema da moze da mi cita chat

Dopuna: 11 Jul 2013 22:43

ono sto sam video je strasno
starnoo sam ja to poslao
promenio sam sifru jacine 15 karaktera zajedno sa brojevima
Wireless doticna osoba se nalazi na teritoriji bosne


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Wewerac at 22:41:25 on 2013-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3486.2528 [GMT 2:00]
.
.
============== Running Processes ================
.
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\MyPC Backup\BackupStack.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\DefaultTab\DefaultTabSearch.exe
E:\Program Files\Intel\iCLS Client\HeciServer.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Pando Networks\Media Booster\PMB.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Documents and Settings\Wewerac\Application Data\uTorrent\uTorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MCShield\mcshieldrtm.exe
E:\Program Files\MyPC Backup\MyPC Backup.exe
E:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\WINDOWS\system32\mspaint.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=1493902B34CAFC1D
uRun: [Pando Media Booster] e:\program files\pando networks\media booster\PMB.exe
uRun: [Skype] "e:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "e:\documents and settings\wewerac\application data\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Ultra Agent] "e:\program files\daemon tools ultra\DTAgent.exe" -autorun
uRun: [Total CMA Pack] e:\program files\total cma pack\Total CMA Pack.exe
uRun: [MCShield Monitor] e:\program files\mcshield\mcshieldrtm.exe
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [Persistence] e:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: e:\docume~1\wewerac\startm~1\programs\startup\mypcba~1.lnk - e:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.1.20
TCP: Interfaces\{CE34672B-6B09-4C82-AC1C-04B35F89F29A} : DHCPNameServer = 192.168.1.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\wewerac\application data\mozilla\firefox\profiles\zqo524n3.default\
FF - plugin: e:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: e:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: e:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: e:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: e:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 64ad48ba000000000000902b34cafc1d
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15817
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.164:54:59
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;e:\windows\system32\drivers\mv61xxmm.sys [2012-3-14 13616]
R0 mv64xxmm;mv64xxmm;e:\windows\system32\drivers\mv64xxmm.sys [2012-3-14 5632]
R0 mvxxmm;mvxxmm;e:\windows\system32\drivers\mvxxmm.sys [2012-3-14 13616]
R1 AppleCharger;AppleCharger;e:\windows\system32\drivers\AppleCharger.sys [2013-3-27 19056]
R2 BackupStack;Computer Backup (MyPC Backup);e:\program files\mypc backup\BackupStack.exe [2013-7-1 32808]
R2 DefaultTabSearch;DefaultTabSearch;e:\program files\defaulttab\DefaultTabSearch.exe [2013-2-11 572928]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;e:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;e:\program files\intel\intel(r) management engine components\dal\Jhi_service.exe [2013-3-27 166720]
R2 UNS;Intel(R) Management and Security Application User Notification Service;e:\program files\intel\intel(r) management engine components\uns\UNS.exe [2013-3-27 365376]
R3 Disc Soft Bus Service;Disc Soft Bus Service;e:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-3-6 580672]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;e:\windows\system32\drivers\dtscsibus.sys [2013-4-22 24704]
R3 MEI;Intel(R) Management Engine Interface ;e:\windows\system32\drivers\HECI.sys [2013-3-27 55104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;e:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2013-3-27 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;e:\windows\etdrv.sys [2013-3-27 17488]
S3 GVTDrv;GVTDrv;e:\windows\system32\drivers\GVTDrv.sys [2013-3-27 24944]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;e:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2013-3-27 160256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-11 20:22:44 -------- d-----w- e:\program files\MCShield
2013-07-11 20:22:44 -------- d-----w- e:\documents and settings\all users\application data\MCShield
2013-07-11 14:53:14 -------- d-----w- e:\documents and settings\wewerac\SyncFolder
2013-07-10 03:01:05 -------- d-----w- e:\documents and settings\all users\application data\Sophos
2013-07-10 03:01:03 73728 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-10 03:01:03 73728 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-10 03:01:03 73728 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-07-10 03:00:58 -------- d-----w- e:\program files\Sophos
2013-07-10 00:11:17 81920 ----a-w- e:\windows\eSellerateControl350.dll
2013-07-10 00:11:17 356352 ----a-w- e:\windows\eSellerateEngine.dll
2013-07-10 00:11:17 274432 ----a-w- e:\windows\system32\ssleay32.dll
2013-07-10 00:11:17 1122304 ----a-w- e:\windows\system32\libeay32.dll
2013-07-10 00:11:17 -------- d-----w- e:\program files\Absolute Key Logger Removal Tool
2013-07-10 00:11:04 -------- d-----w- e:\program files\MyPC Backup
2013-07-03 15:11:48 -------- d-----w- e:\program files\common files\DirectX
2013-06-26 17:54:20 40960 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-06-26 17:54:20 40960 ----a-r- e:\documents and settings\wewerac\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2013-06-26 17:54:19 -------- d-----w- e:\program files\Project64 1.6
2013-06-26 16:44:03 -------- d-----w- e:\documents and settings\wewerac\application data\Stella
2013-06-12 07:29:40 9089416 ----a-w- e:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-06-12 07:29:41 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 07:29:41 692104 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2013-05-08 19:35:33 24944 ----a-w- e:\windows\system32\drivers\GVTDrv.sys
2013-05-08 19:35:19 17488 ----a-w- e:\windows\gdrv.sys
2013-05-06 14:02:03 98304 ----a-w- e:\windows\system32\CmdLineExt.dll
2013-04-22 03:18:03 3850760 ----a-w- e:\windows\system32\d3dx9_38.dll
2013-04-22 02:54:22 24704 ----a-w- e:\windows\system32\drivers\dtscsibus.sys
.
============= FINISH: 22:41:43.71 ===============


mycity.rs/must-login.png

Dopuna: 11 Jul 2013 22:48

Ja se nalazim na teritoriji Beograda

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav. Nisi postavio DDS-ov Attach.txt izvještaj.
Zašto nemaš instaliran AV program?

offline
  • Pridružio: 05 Maj 2013
  • Poruke: 16

izvinjavam se nisam video da su dva fajla...evo dobicete oba ponovo sam ispocetka odradio
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
Klikni na dugme Delete i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\AdwCleaner[S1].txt




Arrow Korak 2

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 05 Maj 2013
  • Poruke: 16

ja se izvinjavam ali ne mogu naci taj dokument pokusacu na opciji search na C ga nema,na E ga nema...windows mi je instaliran na E particiji

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Onda C:\ zamijeni sa E:\ i naćeš ih vrlo lako. Smile

offline
  • Pridružio: 05 Maj 2013
  • Poruke: 16

od tekstualnih dokumenata samo ovo
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ako ti je sistemska particija označena sa E:\, onda bi ti se AdwCleaner izvještaj trebao nalaziti na:

E:\AdwCleaner[S1].txt

offline
  • Pridružio: 05 Maj 2013
  • Poruke: 16

Napisano: 12 Jul 2013 0:49

nema ni na jednoj od pomenutih tri particije,comodo me pitao da li smem da ga pustim i ja sam potvrdio da sme

Dopuna: 12 Jul 2013 0:50

iso na delit,cekao da odradi restartovao se...malo mu je duze trebalo nego obicno pisalo je da snima poslednje izmene

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Okači onda izvještaj koji bi se trebao nalaziti na lokaciji koju sam ti već ranije napisao.

Ko je trenutno na forumu
 

Ukupno su 1085 korisnika na forumu :: 37 registrovanih, 5 sakrivenih i 1043 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, 9k38, antonije64, Apok, Asparagus, Brana01, Bubili, darkangel, dijica, dragoljub11987, dushan, ILGromovnik, jaeger, janbo, Karla, Krvava Devetka, kybonacci, Leonov, ljuba, manda87, marsovac 2, mercedesamg, mikrimaus, milimoj, milos.cbr, Nemanja.M, opt1, ruma, sap, Singidunumac, Sir Budimir, Srle993, Trpe Grozni, vathra, Vlada78, VP6919, zxstole